Tageszusammenfassung - 11.03.2021

End-of-Day report

Timeframe: Mittwoch 10-03-2021 18:30 - Donnerstag 11-03-2021 18:30 Handler: Dimitri Robl Co-Handler: Stephan Richter


Der Hafnium Exchange-Server-Hack: Anatomie einer Katastrophe

Hätte Microsoft den Massenhack von Exchange-Servern mit rascheren Reaktionen verhindern verhindern können? Der Ablauf der Ereignisse wirft Fragen auf.


NAT-Slipstreaming-Angriffe: Es kommt noch schlimmer

Zeit zu handeln: Mit dem NAT-Slipstreaming 2.0 können Kriminelle nicht nur das Gerät des Opfers, sondern jede IP-Adresse im Netzwerk angreifen.


Exchange-Lücken: Jetzt kommt die Cybercrime-Welle mit Erpressung

Ein öffentlicher Exploit für die Sicherheitslücken in Microsoft Exchange bedeutet, dass die ersten Erpressungsfälle vor der Tür stehen.


F5 Announces Critical BIG-IP pre-auth RCE bug

F5 Networks is a leading provider of enterprise networking gear, with software and hardware customers like governments, Fortune 500 firms, banks, internet service providers, and largely known consumer brands (Microsoft, Oracle, and Facebook). The patch refers to the four critical vulnerabilities listed below and also includes a pre-auth RCE security flaw (CVE-2021-22986) that allows unauthenticated [...]


FIN8 Resurfaces with Revamped Backdoor Malware

The financial cyber-gang is running limited attacks ahead of broader offensives on point-of-sale systems.


Piktochart - Phishing with Infographics, (Thu, Mar 11th)

In line with our recent diaries featuring unique attack vectors for credential theft, such as phishing over LinkedIn Mail[1] and pretending to be an Outlook version update[2], we've recently learned of a phishing campaign targetting users of the Infographic service Piktochart.


Magento 2 PHP Credit Card Skimmer Saves to JPG

Bad actors often leverage creative techniques to conceal malicious behaviour and harvest sensitive information from ecommerce websites. A recent investigation for a compromised Magento 2 website revealed a malicious injection that was capturing POST request data from site visitors. Located on the checkout page, it was found to encode captured data before saving it to a .JPG file.


Home Assistant, Pwned Passwords and Security Misconceptions

Two of my favourite things these days are Have I Been Pwned and Home Assistant. The former is an obvious choice, the latter Ive come to love as Ive embarked on my home automation journey. So, it was with great pleasure that I saw the two integrated recently:always something.



Security updates for Thursday

Security updates have been issued by Debian (zeromq3), Oracle (dotnet, dotnet3.1, python3, and wpa_supplicant), and Red Hat (wpa_supplicant).


Security Advisory - Sudo Privilege Escalation Vulnerability


Paessler PRTG: Schwachstelle ermöglicht Offenlegung von Informationen


Linux kernel ext3/ext4 file system vulnerability CVE-2020-14314


glibc vulnerability CVE-2019-25013


glibc vulnerability CVE-2020-29573


Security Bulletin: IBM Sterling Connect:Express for UNIX is Affected by Multiple Vulnerabilities in OpenSSL


Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4135).


Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386)


Security Bulletin: Symbolic Link Permissions Problem Modeler Subscription Installer


Security Bulletin: IBM® Db2® db2fm is vulnerable to a buffer overflow (CVE-2020-5025)


Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform (CVE-2020-1971)


Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4200).


Security Bulletin: IBM Network Performance Insight 1.3.1 was affected by vulnerability in jackson-databind (CVE-2020-25649)


Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow (CVE-2020-4701)


Security Bulletin: IBM® Db2® is vulnerable to a Denial of Service on Windows (CVE-2020-4642)