End-of-Day report
Timeframe: Mittwoch 17-02-2021 18:00 - Donnerstag 18-02-2021 18:00
Handler: Robert Waldner
Co-Handler: Dimitri Robl
News
How to Not Give a Scam
Learn about tactics attackers use for extortion emails and how to build a picture around raw data as the DomainTools team leads an investigation into a sextortion scam.
https://www.domaintools.com/resources/blog/how-to-not-give-a-scam
Mac Malware Targets Apple-s In-House M1 Processor
A malicious adware-distributing application specifically targets Apples new M1 SoC, used in its newest-generation MacBook Air, MacBook Pro and Mac mini devices.
https://threatpost.com/macos-malware-apple-m1-processor/164075/
Covid-19-Impfstoffe: Gefahr durch Betrugsmails und Falschmeldungen
Die weltweit anlaufenden Impfkampagnen sind der langersehnte Lichtblick beim Kampf gegen die Pandemie. Gleichzeitig haben auch Betrüger und Verbreiter von Falschmeldungen das Thema Impfstoffe für sich entdeckt.
https://www.welivesecurity.com/deutsch/2021/02/17/covid-19-impfstoffe-gefahr-durch-betrugsmails-und-falschmeldungen/
Vulnerabilities
CVE-2020-8625: A vulnerability in BINDs GSSAPI security policy negotiation can be targeted by a buffer overflow attack
This vulnerability only affects servers configured to use GSS-TSIG, most often to sign dynamic updates. If another mechanism can be used to authenticate updates, the vulnerability can be avoided by choosing not to enable the use of GSS-TSIG features. Solution: Upgrade to the patched release most closely related to your current version of BIND
https://kb.isc.org/docs/cve-2020-8625
Security updates for Thursday
Security updates have been issued by Debian (mumble, openssl, php7.3, and webkit2gtk), openSUSE (jasper, php7, and screen), SUSE (bind, php7, and php72), and Ubuntu (bind9, openssl, openssl1.0, and webkit2gtk).
https://lwn.net/Articles/846623/
Security Bulletin: A security vulnerability in Node.js y18n module affects IBM Cloud Automation Manager.
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-y18n-module-affects-ibm-cloud-automation-manager/
Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2020-4933)
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-affects-the-report-builder-that-is-shipped-with-jazz-reporting-service-cve-2020-4933/
Security Bulletin: Vulnerability has been identified in SnakeYAML used by IBM Dependency Based Build
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-has-been-identified-in-snakeyaml-used-by-ibm-dependency-based-build/
Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to cross-site scripting and missing or insecure "X-XSS-Protection" header
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-data-loader-maxloader-shipped-with-ibm-maximo-for-civil-infrastructure-is-vulnerable-to-cross-site-scripting-and-missing-or-insecure-x-xss-protection-header/
Security Bulletin: A security vulnerability in Node.js ini module affects IBM Cloud Automation Manager.
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-ini-module-affects-ibm-cloud-automation-manager/
Security Bulletin: A security vulnerability in GO affects IBM Cloud Automation Manager.
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-go-affects-ibm-cloud-automation-manager-4/
Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to autocomplete HTML Attribute not disabled for password field
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-data-loader-maxloader-shipped-with-ibm-maximo-for-civil-infrastructure-is-vulnerable-to-autocomplete-html-attribute-not-disabled-for-password-field/
Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Automation Manager.
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-affects-ibm-cloud-automation-manager/
Security Bulletin: A security vulnerability in Node.js codemirror module affects IBM Cloud Automation Manager.
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-codemirror-module-affects-ibm-cloud-automation-manager/
Security Bulletin: IBM MQ Appliance is affected by multiple BIND vulnerabilities (CVE-2020-8622, CVE-2020-8623, CVE-2020-8624)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-bind-vulnerabilities-cve-2020-8622-cve-2020-8623-cve-2020-8624/
February 16, 2021 TNS-2021-02 [R1] Nessus Network Monitor 5.13.0 Fixes One Third-party Vulnerability
http://www.tenable.com/security/tns-2021-02
XSA-366
https://xenbits.xen.org/xsa/advisory-366.html
Jira Server for Slack Security Advisory 17th February 2021
https://confluence.atlassian.com/jira/jira-server-for-slack-security-advisory-17th-february-2021-1044091690.html