Tageszusammenfassung - 22.02.2021

End-of-Day report

Timeframe: Freitag 19-02-2021 18:00 - Montag 22-02-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer

News

Trojaner-Alarm bei 3D-Drucker-Software von Creality

Das auf den Download-Seiten Crealitys für den 3D-Drucker Ender 5 angebotene Software-Paket führt auf Windows-PCs zu einer Alarmmeldung.

https://heise.de/-5061290


Silver Sparrow: Mysteriöse Malware auf über 29.000 Macs entdeckt

Die für Intel- und ARM-Macs ausgelegte Software hat eine Selbstzerstörungsfunktion und kontaktiert regelmäßig Befehlsserver, tut aber bislang nichts.

https://heise.de/-5062066


Powerhouse VPN products can be abused for large-scale DDoS attacks

Around 1,500 Powerhouse VPN servers are exposed online and ready to be abused by DDoS groups.

https://www.zdnet.com/article/powerhouse-vpn-products-can-be-abused-for-large-scale-ddos-attacks/


Recently fixed Windows zero-day actively exploited since mid-2020

Microsoft says that a high-severity Windows zero-day vulnerability patched during the February 2021 Patch Tuesday was exploited in the wild since at least the summer of 2020 according to its telemetry data.

https://www.bleepingcomputer.com/news/security/recently-fixed-windows-zero-day-actively-exploited-since-mid-2020/


Quickie: Extracting HTTP URLs With tshark, (Sat, Feb 20th)

After I posted diary entry "Quickie: tshark & Malware Analysis", someone asked me how to extract HTTP URLs from capture files with tshark.

https://isc.sans.edu/diary/rss/27120


DDE and oledump, (Sun, Feb 21st)

I was asked if the DDE YARA rules I created work with oledump.py on the sample that Xavier wrote about in his diary entry "Dynamic Data Exchange (DDE) is Back in the Wild?".

https://isc.sans.edu/diary/rss/27122


New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card

Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victims Mastercard contactless card while believing it to be a Visa card. The research, published by a group of academics from ETH Zurich, builds on a study detailed last September that delved into a PIN bypass attack, permitting bad actors to leverage a [...]

https://thehackernews.com/2021/02/new-hack-lets-attackers-bypass.html


Genetics of a Modern IoT Attack

When it comes to IoT attacks and malware, there is a perceptible pattern in which all intrusions manifest. It is good practice to study such patterns and draw conclusions so that we may extrapolate to future attacks.

https://cujo.com/genetics-of-a-modern-iot-attack/

Vulnerabilities

Jetzt patchen! SonicWall optimiert Sicherheitsupdates für SMA 100

Der Netzwerkausrüster hat neue Patches für sein Fernzugriffsystem SMA 100 veröffentlicht und rät zur zügigen Installation.

https://heise.de/-5061513


Security updates for Monday

Security updates have been issued by Debian (chromium, libzstd, openldap, openvswitch, screen, and wpa), Fedora (dotnet5.0, subversion, and wpa_supplicant), openSUSE (mumble, python-djangorestframework, and tor), Oracle (container-tools:ol8, kernel, nodejs:10, nodejs:12, nodejs:14, subversion:1.10, and xterm), Red Hat (stunnel and xterm), and SUSE (ImageMagick, java-1_8_0-openjdk, kernel, krb5-appl, python3, tomcat, and webkit2gtk3).

https://lwn.net/Articles/847035/


Red Hat Enterprise Linux: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

https://www.cert-bund.de/advisoryshort/CB-K21-0198


Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management.

https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-affects-ibm-cloud-pak-for-multicloud-management/


Security Bulletin: A security vulnerability in Node.js codemirror module affects IBM Cloud Pak for Multicloud Management.

https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-codemirror-module-affects-ibm-cloud-pak-for-multicloud-management/


Security Bulletin: A vulnerability in Bouncy Castle affects IBM Rational Performance Tester (CVE-2020-26939)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-bouncy-castle-affects-ibm-rational-performance-tester-cve-2020-26939/


Security Bulletin: A security vulnerability in Node.js ini module affects IBM Cloud Pak for Multicloud Management.

https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-ini-module-affects-ibm-cloud-pak-for-multicloud-management/


Security Bulletin: A vulnerability have been identified in FasterXML Jackson Databind shipped with IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library (CVE-2020-25649)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-have-been-identified-in-fasterxml-jackson-databind-shipped-with-ibm-tivoli-netcool-omnibus-transport-module-common-integration-library-cve-2020-25649/


Security Bulletin: App Connect Professional & IBM WebSphere Cast Iron Solution are affected by Apache Tomcat vulnerabilities.

https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-professional-ibm-websphere-cast-iron-solution-are-affected-by-apache-tomcat-vulnerabilities/


Security Bulletin: A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management.

https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-go-affects-ibm-cloud-pak-for-multicloud-management/


Security Bulletin: A security vulnerability in PostgreSQL affects IBM Cloud Pak for Multicloud Management.

https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-postgresql-affects-ibm-cloud-pak-for-multicloud-management/


Security Bulletin: A security vulnerability in Node.js y18n module affects IBM Cloud Pak for Multicloud Management.

https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-y18n-module-affects-ibm-cloud-pak-for-multicloud-management/


Security Bulletin: Vulnerabilities in Java affects IBM Cloud Application Business Insights

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-affects-ibm-cloud-application-business-insights/


Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/


Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-conductor-2-5-0/