End-of-Day report
Timeframe: Mittwoch 10-03-2021 18:30 - Donnerstag 11-03-2021 18:30
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Der Hafnium Exchange-Server-Hack: Anatomie einer Katastrophe
Hätte Microsoft den Massenhack von Exchange-Servern mit rascheren Reaktionen verhindern verhindern können? Der Ablauf der Ereignisse wirft Fragen auf.
https://heise.de/-5077269
NAT-Slipstreaming-Angriffe: Es kommt noch schlimmer
Zeit zu handeln: Mit dem NAT-Slipstreaming 2.0 können Kriminelle nicht nur das Gerät des Opfers, sondern jede IP-Adresse im Netzwerk angreifen.
https://heise.de/-5078104
Exchange-Lücken: Jetzt kommt die Cybercrime-Welle mit Erpressung
Ein öffentlicher Exploit für die Sicherheitslücken in Microsoft Exchange bedeutet, dass die ersten Erpressungsfälle vor der Tür stehen.
https://heise.de/-5078180
F5 Announces Critical BIG-IP pre-auth RCE bug
F5 Networks is a leading provider of enterprise networking gear, with software and hardware customers like governments, Fortune 500 firms, banks, internet service providers, and largely known consumer brands (Microsoft, Oracle, and Facebook). The patch refers to the four critical vulnerabilities listed below and also includes a pre-auth RCE security flaw (CVE-2021-22986) that allows unauthenticated [...]
https://heimdalsecurity.com/blog/f5-announces-critical-bug/
FIN8 Resurfaces with Revamped Backdoor Malware
The financial cyber-gang is running limited attacks ahead of broader offensives on point-of-sale systems.
https://threatpost.com/fin8-resurfaces-backdoor-malware/164684/
Piktochart - Phishing with Infographics, (Thu, Mar 11th)
In line with our recent diaries featuring unique attack vectors for credential theft, such as phishing over LinkedIn Mail[1] and pretending to be an Outlook version update[2], we've recently learned of a phishing campaign targetting users of the Infographic service Piktochart.
https://isc.sans.edu/diary/rss/27194
Magento 2 PHP Credit Card Skimmer Saves to JPG
Bad actors often leverage creative techniques to conceal malicious behaviour and harvest sensitive information from ecommerce websites. A recent investigation for a compromised Magento 2 website revealed a malicious injection that was capturing POST request data from site visitors. Located on the checkout page, it was found to encode captured data before saving it to a .JPG file.
https://blog.sucuri.net/2021/03/magento-2-php-credit-card-skimmer-saves-to-jpg.html
Home Assistant, Pwned Passwords and Security Misconceptions
Two of my favourite things these days are Have I Been Pwned and Home Assistant. The former is an obvious choice, the latter Ive come to love as Ive embarked on my home automation journey. So, it was with great pleasure that I saw the two integrated recently:always something.
https://www.troyhunt.com/home-assistant-pwned-passwords-and-security-misconceptions/
Vulnerabilities
Security updates for Thursday
Security updates have been issued by Debian (zeromq3), Oracle (dotnet, dotnet3.1, python3, and wpa_supplicant), and Red Hat (wpa_supplicant).
https://lwn.net/Articles/849088/
Security Advisory - Sudo Privilege Escalation Vulnerability
https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210310-01-escalation-en
Paessler PRTG: Schwachstelle ermöglicht Offenlegung von Informationen
https://www.cert-bund.de/advisoryshort/CB-K21-0260
Linux kernel ext3/ext4 file system vulnerability CVE-2020-14314
https://support.f5.com/csp/article/K67830124
glibc vulnerability CVE-2019-25013
https://support.f5.com/csp/article/K68251873
glibc vulnerability CVE-2020-29573
https://support.f5.com/csp/article/K27238230
Security Bulletin: IBM Sterling Connect:Express for UNIX is Affected by Multiple Vulnerabilities in OpenSSL
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectexpress-for-unix-is-affected-by-multiple-vulnerabilities-in-openssl-2/
Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4135).
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-denial-of-service-cve-2020-4135-2/
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-cve-2020-4386-7/
Security Bulletin: Symbolic Link Permissions Problem Modeler Subscription Installer
https://www.ibm.com/blogs/psirt/security-bulletin-symbolic-link-permissions-problem-modeler-subscription-installer/
Security Bulletin: IBM® Db2® db2fm is vulnerable to a buffer overflow (CVE-2020-5025)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-db2fm-is-vulnerable-to-a-buffer-overflow-cve-2020-5025/
Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform (CVE-2020-1971)
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-ibm-mobilefirst-platform-cve-2020-1971/
Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4200).
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-denial-of-service-cve-2020-4200-2/
Security Bulletin: IBM Network Performance Insight 1.3.1 was affected by vulnerability in jackson-databind (CVE-2020-25649)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-vulnerability-in-jackson-databind-cve-2020-25649/
Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow (CVE-2020-4701)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-buffer-overflow-cve-2020-4701-5/
Security Bulletin: IBM® Db2® is vulnerable to a Denial of Service on Windows (CVE-2020-4642)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-denial-of-service-on-windows-cve-2020-4642-3/