Tageszusammenfassung - 11.03.2021

End-of-Day report

Timeframe: Mittwoch 10-03-2021 18:30 - Donnerstag 11-03-2021 18:30 Handler: Dimitri Robl Co-Handler: Stephan Richter

News

Der Hafnium Exchange-Server-Hack: Anatomie einer Katastrophe

Hätte Microsoft den Massenhack von Exchange-Servern mit rascheren Reaktionen verhindern verhindern können? Der Ablauf der Ereignisse wirft Fragen auf.

https://heise.de/-5077269


NAT-Slipstreaming-Angriffe: Es kommt noch schlimmer

Zeit zu handeln: Mit dem NAT-Slipstreaming 2.0 können Kriminelle nicht nur das Gerät des Opfers, sondern jede IP-Adresse im Netzwerk angreifen.

https://heise.de/-5078104


Exchange-Lücken: Jetzt kommt die Cybercrime-Welle mit Erpressung

Ein öffentlicher Exploit für die Sicherheitslücken in Microsoft Exchange bedeutet, dass die ersten Erpressungsfälle vor der Tür stehen.

https://heise.de/-5078180


F5 Announces Critical BIG-IP pre-auth RCE bug

F5 Networks is a leading provider of enterprise networking gear, with software and hardware customers like governments, Fortune 500 firms, banks, internet service providers, and largely known consumer brands (Microsoft, Oracle, and Facebook). The patch refers to the four critical vulnerabilities listed below and also includes a pre-auth RCE security flaw (CVE-2021-22986) that allows unauthenticated [...]

https://heimdalsecurity.com/blog/f5-announces-critical-bug/


FIN8 Resurfaces with Revamped Backdoor Malware

The financial cyber-gang is running limited attacks ahead of broader offensives on point-of-sale systems.

https://threatpost.com/fin8-resurfaces-backdoor-malware/164684/


Piktochart - Phishing with Infographics, (Thu, Mar 11th)

In line with our recent diaries featuring unique attack vectors for credential theft, such as phishing over LinkedIn Mail[1] and pretending to be an Outlook version update[2], we've recently learned of a phishing campaign targetting users of the Infographic service Piktochart.

https://isc.sans.edu/diary/rss/27194


Magento 2 PHP Credit Card Skimmer Saves to JPG

Bad actors often leverage creative techniques to conceal malicious behaviour and harvest sensitive information from ecommerce websites. A recent investigation for a compromised Magento 2 website revealed a malicious injection that was capturing POST request data from site visitors. Located on the checkout page, it was found to encode captured data before saving it to a .JPG file.

https://blog.sucuri.net/2021/03/magento-2-php-credit-card-skimmer-saves-to-jpg.html


Home Assistant, Pwned Passwords and Security Misconceptions

Two of my favourite things these days are Have I Been Pwned and Home Assistant. The former is an obvious choice, the latter Ive come to love as Ive embarked on my home automation journey. So, it was with great pleasure that I saw the two integrated recently:always something.

https://www.troyhunt.com/home-assistant-pwned-passwords-and-security-misconceptions/

Vulnerabilities

Security updates for Thursday

Security updates have been issued by Debian (zeromq3), Oracle (dotnet, dotnet3.1, python3, and wpa_supplicant), and Red Hat (wpa_supplicant).

https://lwn.net/Articles/849088/


Security Advisory - Sudo Privilege Escalation Vulnerability

https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210310-01-escalation-en


Paessler PRTG: Schwachstelle ermöglicht Offenlegung von Informationen

https://www.cert-bund.de/advisoryshort/CB-K21-0260


Linux kernel ext3/ext4 file system vulnerability CVE-2020-14314

https://support.f5.com/csp/article/K67830124


glibc vulnerability CVE-2019-25013

https://support.f5.com/csp/article/K68251873


glibc vulnerability CVE-2020-29573

https://support.f5.com/csp/article/K27238230


Security Bulletin: IBM Sterling Connect:Express for UNIX is Affected by Multiple Vulnerabilities in OpenSSL

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectexpress-for-unix-is-affected-by-multiple-vulnerabilities-in-openssl-2/


Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4135).

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-denial-of-service-cve-2020-4135-2/


Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-cve-2020-4386-7/


Security Bulletin: Symbolic Link Permissions Problem Modeler Subscription Installer

https://www.ibm.com/blogs/psirt/security-bulletin-symbolic-link-permissions-problem-modeler-subscription-installer/


Security Bulletin: IBM® Db2® db2fm is vulnerable to a buffer overflow (CVE-2020-5025)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-db2fm-is-vulnerable-to-a-buffer-overflow-cve-2020-5025/


Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform (CVE-2020-1971)

https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-ibm-mobilefirst-platform-cve-2020-1971/


Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4200).

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-denial-of-service-cve-2020-4200-2/


Security Bulletin: IBM Network Performance Insight 1.3.1 was affected by vulnerability in jackson-databind (CVE-2020-25649)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-vulnerability-in-jackson-databind-cve-2020-25649/


Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow (CVE-2020-4701)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-buffer-overflow-cve-2020-4701-5/


Security Bulletin: IBM® Db2® is vulnerable to a Denial of Service on Windows (CVE-2020-4642)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-denial-of-service-on-windows-cve-2020-4642-3/