Tageszusammenfassung - 16.02.2021

End-of-Day report

Timeframe: Montag 15-02-2021 18:00 - Dienstag 16-02-2021 18:00 Handler: Thomas Pribitzer Co-Handler: n/a

News

Cyberattack on Dutch Research Council (NWO) suspends research grants

Servers belonging to the Dutch Research Council (NWO) have been compromised, forcing the organization to make its network unavailable and suspend subsidy allocation for the foreseeable future.

https://www.bleepingcomputer.com/news/security/cyberattack-on-dutch-research-council-nwo-suspends-research-grants/

Microsoft pulls Windows KB4601392 for blocking security updates

Microsoft has pulled a problematic Windows servicing stack update (SSU) after blocking Windows 10 and Windows Server customers from installing the security updates released during this month Patch Tuesday.

https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-windows-kb4601392-for-blocking-security-updates/

Sandworm: Frankreich meldet jahrelangen staatlichen Hack auf Server

Ähnlich wie bei dem Solarwinds-Hack soll es jahrelang Angriffe auf die freie Monitoring-Software Centreon gegeben haben.

https://www.golem.de/news/sandworm-frankreich-meldet-jahrelangen-staatlichen-hack-auf-server-2102-154216-rss.html

More weirdness on TCP port 26, (Tue, Feb 16th)

A little over a year ago, I wrote a diary asking what was going on with traffic on TCP port 26. So, last week when I noticed another spike on port 26, I decided to take another look.

https://isc.sans.edu/diary/rss/27106

Corona Hilfe für Unternehmen: Gefälschtes E-Mail im Namen des Bundesministeriums für Soziales im Umlauf

Zahlreiche UnternehmerInnen finden aktuell ein E-Mail mit dem Betreff "Überbrückungshilfe III - Informationen und Unterstützung für Unternehmen", angeblich vom Bundesministerium für Soziales, in ihrem Posteingang. Vorsicht: Dieses E-Mail stammt von Kriminellen und beinhaltet Schadsoftware.

https://www.watchlist-internet.at/news/corona-hilfe-fuer-unternehmen-gefaelschtes-e-mail-im-namen-des-bundesministeriums-fuer-soziales-im-uml/

Vulnerabilities

Malvertisers exploited browser zero-day to redirect users to scams

The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams.

https://www.bleepingcomputer.com/news/security/malvertisers-exploited-browser-zero-day-to-redirect-users-to-scams/

Security updates for Tuesday

Security updates have been issued by Debian (spip), Mageia (chromium-browser, kernel, kernel-linus, and trojita), openSUSE (mumble and opera), Red Hat (container-tools:rhel8, java-1.8.0-ibm, kernel, kernel-rt, net-snmp, nodejs:10, nodejs:12, nodejs:14, nss, perl, python, and rh-nodejs10-nodejs), and SUSE (jasper, python-bottle, and python-urllib3).

https://lwn.net/Articles/846395/

Security bugs left unpatched in Android app with one billion downloads

The vulnerabilities impact SHAREit, an app used for sharing files between users and their devices.

https://www.zdnet.com/article/security-bugs-left-unpatched-in-android-app-with-one-billion-downloads/

Calsos CSDJ fails to restrict access permissions

https://jvn.jp/en/jp/JVN87164507/

FileZen vulnerable to OS command injection

https://jvn.jp/en/jp/JVN58774946/

Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Operations Center (CVE-2020-4954, CVE-2020-4955, CVE-2020-4956)

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-spectrum-protect-operations-center-cve-2020-4954-cve-2020-4955-cve-2020-4956-2/

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2021 CPU

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-january-2021-cpu/