End-of-Day report
Timeframe: Montag 01-03-2021 18:00 - Dienstag 02-03-2021 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
News
European e-ticketing platform Ticketcounter extorted in data breach
A Dutch e-Ticketing platform has suffered a data breach after a user database containing 1.9 million unique email addresses was stolen from an unsecured staging server.
https://www.bleepingcomputer.com/news/security/european-e-ticketing-platform-ticketcounter-extorted-in-data-breach/
Bruce Schneier: Auch das Wirtschaftssystem trägt Schuld am Solarwinds-Hack
Mit schlechter IT-Sicherheit würden Gewinne gemacht, während Verbraucher und Gesellschaft die Risiken trügen. Das muss sich laut Schneier ändern.
https://www.golem.de/news/bruce-schneier-auch-das-wirtschaftssystem-traegt-schuld-am-solarwinds-hack-2103-154615-rss.html
Inside the Ransomware Economy
The trouble with ransomware is well known at this point. From Egregor to Doppelpaymer to Ryuk, it continues to command headlines. Pandemic-fueled phishing scams, the lack of visibility across remote endpoints, and lax attitudes have been a boon for ransomware groups over the last year. Worst of all, ransomware no longer discriminates. It dominates small towns and municipal offices, video game makers, and shamelessly, healthcare organizations and school systems already pushed to the brink by the COVID-19 pandemic. The threat could still become more pervasive over the next two to three years, not because ransomware is effective in and of itself but because of other players in the game - insurance companies, brokers, and even attorneys - that continue to fan the flames.
https://www.securityweek.com/inside-ransomware-economy
Einreiseanmeldung für Deutschland nicht über -digitale-einreiseanmeldung.de- vornehmen
Die Corona-Pandemie erschwert die Einreise in andere Länder erheblich. Für eine Reise nach Deutschland muss beispielsweise unter Umständen zuvor eine digitale Einreisanmeldung vorgenommen werden. Bei der Recherche über Einreisebestimmungen stoßen Reisende jedoch oftmals auf unseriöse Websites, die die digitale Einreisanmeldung kostenpflichtig anbieten. Nehmen Sie von kostenpflichtigen Angeboten zur Einreiseanmeldung Abstand. Es ist unklar, ob diese Anbieter Ihre [...]
https://www.watchlist-internet.at/news/einreiseanmeldung-fuer-deutschland-nicht-ueber-digitale-einreiseanmeldungde-vornehmen/
Fast Flux 101: How Cybercriminals Improve the Resilience of Their Infrastructure to Evade Detection and Law Enforcement Takedowns
Cybercriminals use fast flux to maintain uptime for malicious activities. We show how it works in a fictional scenario and real-world case studies.
https://unit42.paloaltonetworks.com/fast-flux-101/
Povlsomware Ransomware
Povlsomware markets itself as a proof-of-concept (POC) ransomware designed to test security vendor products. Trend Micro reports on some interesting capabilities associated with the malware.
https://exchange.xforce.ibmcloud.com/collection/e7d232e9df181a3c873c3eaeb56c2e97
Vulnerabilities
Android Security Bulletin - March 2021
[...] The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.
https://source.android.com/security/bulletin/2021-03-01
Zehn Sicherheitslücken in Server-Konfigurationssoftware Saltstack geschlossen
Es gibt wichtige Sicherheitsupdates für die Serversoftware Saltstack. Keine Lücke gilt als kritisch.
https://heise.de/-5069120
Security updates for Tuesday
Security updates have been issued by Arch Linux (bind, intel-ucode, ipmitool, isync, openssl, python, python-cryptography, python-httplib2, salt, tar, and thrift), Fedora (ansible, salt, webkit2gtk3, and wpa_supplicant), Oracle (bind), Red Hat (bind, kernel, and kpatch-patch), Scientific Linux (bind), SUSE (firefox, gnome-autoar, java-1_8_0-ibm, java-1_8_0-openjdk, nodejs10, open-iscsi, perl-XML-Twig, python-cryptography, and thunderbird), and Ubuntu (bind9).
https://lwn.net/Articles/847944/
Joomla! Security Announcements
[20210301] - Core - Insecure randomness within 2FA secret generation
https://developer.joomla.org:443/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html
[20210302] - Core - Potential Insecure FOFEncryptRandval
https://developer.joomla.org:443/security-centre/842-20210302-core-potential-insecure-fofencryptrandval.html
[20210303] - Core - XSS within alert messages showed to users
https://developer.joomla.org:443/security-centre/843-20210303-core-xss-within-alert-messages-showed-to-users.html
[20210304] - Core - XSS within the feed parser library
https://developer.joomla.org:443/security-centre/844-20210304-core-xss-within-the-feed-parser-library.html
[20210305] - Core - Input validation within the template manager
https://developer.joomla.org:443/security-centre/845-20210305-core-input-validation-within-the-template-manager.html
[20210306] - Core - com_media allowed paths that are not intended for image uploads
https://developer.joomla.org:443/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html
[20210307] - Core - ACL violation within com_content frontend editing
https://developer.joomla.org:443/security-centre/847-20210307-core-acl-violation-within-com-content-frontend-editing.html
[20210308] - Core - Path Traversal within joomla/archive zip class
https://developer.joomla.org:443/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html
[20210309] - Core - Inadequate filtering of form contents could allow to overwrite the author field
https://developer.joomla.org:443/security-centre/849-20210309-core-inadequate-filtering-of-form-contents-could-allow-to-overwrite-the-author-field.html
https://developer.joomla.org/security-centre.html
Linux NFS kernel vulnerablity CVE-2020-25212
https://support.f5.com/csp/article/K42355373
[webapps] Tiny Tiny RSS - Remote Code Execution
https://www.exploit-db.com/exploits/49606
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-command-center-5/
Security Bulletin: IBM Cognos Command Center has addressed multiple vulnerabilities (Q12021)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-command-center-has-addressed-multiple-vulnerabilities-q12021/
Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-10/
Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-kernel-vulnerabilities-6/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-12/
Security Bulletin: IBM Security Guardium is affected by an Information Exposure vulnerability (CVE-2020-4189)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-information-exposure-vulnerability-cve-2020-4189-2/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-11/
Security Bulletin: IBM Security Guardium is affected by a Privilege Escalation vulnerability (CVE-2020-4952)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-privilege-escalation-vulnerability-cve-2020-4952-2/
Security Bulletin: IBM Data Replication Java SDK Update
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-java-sdk-update/
Security Bulletin: Datacap Taskmaster Capture is affected by vulnerable to AppScan's SSLv3 Client Hello with CBC cipher suites that contain TLS_FALLBACK_SCSV
https://www.ibm.com/blogs/psirt/security-bulletin-datacap-taskmaster-capture-is-affected-by-vulnerable-to-appscans-sslv3-client-hello-with-cbc-cipher-suites-that-contain-tls_fallback_scsv-3/