End-of-Day report
Timeframe: Donnerstag 11-03-2021 18:30 - Freitag 12-03-2021 18:30
Handler: Dimitri Robl
Co-Handler: Robert Waldner
News
Sie warten auf ein Paket? Vorsicht vor dieser betrügerischen E-Mail!
Immer wieder versuchen Kriminelle Sie durch falsche Behauptungen in eine Abo-Falle zu locken oder an Ihre Daten zu kommen. Derzeit melden uns LeserInnen betrügerische E-Mails, in denen behauptet wird, dass ein Paket nicht zugestellt werden kann, da die Adresse fehle. Doch Vorsicht: Es handelt sich um Betrug!
https://www.watchlist-internet.at/news/sie-warten-auf-ein-paket-vorsicht-vor-dieser-betruegerischen-e-mail/
Zusatzkosten & lange Lieferzeiten? So vermeiden Sie Probleme bei Online-Shops außerhalb der EU!
Immer wieder werden uns Online-Shops gemeldet, die zwar keine Fake-Shops, aber trotzdem problematisch sind. Das gilt insbesondere für Shops, die entweder Ihren Sitz außerhalb der EU haben oder von außerhalb der EU liefern lassen. Wir zeigen Ihnen, auf was Sie achten müssen, damit Sie keine bösen Überraschungen beim Online-Shopping im Ausland erleben!
https://www.watchlist-internet.at/news/zusatzkosten-lange-lieferzeiten-so-vermeiden-sie-probleme-bei-online-shops-ausserhalb-der-eu/
New DEARCRY Ransomware is targeting Microsoft Exchange Servers
A new ransomware called DEARCRY is targeting Microsoft Exchange servers, with one victim stating they were infected via the ProxyLogon vulnerabilities.
https://www.bleepingcomputer.com/news/security/new-dearcry-ransomware-is-targeting-microsoft-exchange-servers/
What Are BEC Attacks?
Otherwise known as BEC, Business e-mail compromise happens when an attacker hacks into a corporate e-mail account and impersonates the real owner with the sole purpose to defraud the company, its customers, partners and/or employees into sending money or sensitive data to the attacker-s account. Also known as the -man-in-the-email- attack, BEC scams start with [...]
https://heimdalsecurity.com/blog/what-are-bec-attacks/
New Threat: ZHtrap botnet implements honeypot to facilitate finding more victims
In the security community, when people talk about honeypot, by default we would assume this is one of the most used toolkits for security researchers to lure the bad guys. But recently we came across a botnet uses honeypot to harvest other infected devices, which is quite interesting.
https://blog.netlab.360.com/new_threat_zhtrap_botnet_en/
A Spectre proof-of-concept for a Spectre-proof web
Three years ago, Spectre changed the way we think about security boundaries on the web. It quickly became clear that flaws in modern processors undermined the guarantees that web browsers could make about preventing data leaks between applications. As a result, web browser vendors have been continuously collaborating on approaches intended to harden the platform at scale. Nevertheless, this class of attacks still [...]
https://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html
Mac Malware XCSSET Adapted for Devices With M1 Chips
An increasing number of Mac malware developers have started creating variants that are specifically designed to run on devices powered by Apple-s M1 chip.
https://www.securityweek.com/mac-malware-xcsset-adapted-devices-m1-chips
New Browser Attack Allows Tracking Users Online With JavaScript Disabled
[...] the latest research released this week aims to bypass such browser-based mitigations by implementing a side-channel attack called "CSS Prime+Probe" constructed solely using HTML and CSS, allowing the attack to work even in hardened browsers like Tor, Chrome Zero, and DeterFox that have JavaScript fully disabled or limit the resolution of the timer API.
https://thehackernews.com/2021/03/new-browser-attack-allows-tracking.html
Vulnerabilities
Advisory: D-Link DIR-3060 Authenticated RCE (CVE-2021-28144)
The D-Link DIR-3060 (running firmware versions below v1.11b04) is affected by a post-authentication command injection vulnerability. Anybody with authenticated access to a DIR-3060 would be able to run arbitrary system commands on the device as the system "admin" user, with root privileges. D-Link has released a patched firmware version v1.11b04 Hotfix 2 to address this issue. Affected users are advised to apply the patch.
https://www.iot-inspector.com/blog/advisory-d-link-dir-3060/
Security updates for Friday
Security updates have been issued by Debian (mupdf and pygments), Fedora (arm-none-eabi-newlib, nodejs, python3.10, and suricata), Mageia (ansible, ceph, firejail, glib2.0, gnuplot, libcaca, mumble, openssh, postgresql, python-cryptography, python-httplib2, python-yaml, roundcubemail, and ruby-mechanize), Scientific Linux (wpa_supplicant), Slackware (git), SUSE (crmsh, libsolv, libzypp, yast2-installation, zypper, openssl-1_0_0, python, and stunnel), and Ubuntu (pillow).
https://lwn.net/Articles/849208/
Schneider Electric IGSS SCADA Software
This advisory contains mitigations for Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerabilities in Schneider Electric IGSS SCADA software.
https://us-cert.cisa.gov/ics/advisories/icsa-21-070-01
Wireshark: Schwachstelle ermöglicht Denial of Service
https://www.cert-bund.de/advisoryshort/CB-K21-0266
NetBSD Foundation NetBSD OS: Schwachstelle ermöglicht Offenlegung von Informationen
https://www.cert-bund.de/advisoryshort/CB-K21-0270
Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2020-8277
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-openscale-on-cloud-pak-for-data-is-impacted-by-cve-2020-8277/
Security Bulletin: A security vulnerability in Vault affects Bastion Service of IBM Cloud Pak for Multicloud Management
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-vault-affects-bastion-service-of-ibm-cloud-pak-for-multicloud-management-3/
Security Bulletin: IBM® Db2® db2fm is vulnerable to a buffer overflow (CVE-2020-5025)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-db2fm-is-vulnerable-to-a-buffer-overflow-cve-2020-5025-2/
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerability in libcurl (CVE-2019-5436)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bladecenter-advanced-management-module-amm-is-affected-by-a-vulnerability-in-libcurl-cve-2019-5436/
Security Bulletin: IBM® Db2® is vulnerable to a Denial of Service on Windows (CVE-2020-4642)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-denial-of-service-on-windows-cve-2020-4642-4/
Security Bulletin: IBM® Db2® is vulnerable to a denial of service (CVE-2020-5024)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-denial-of-service-cve-2020-5024-2/
Security Bulletin: IBM DataPower Gateway vulnerability in TLS (CVE-2020-4831)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-vulnerability-in-tls-cve-2020-4831/
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in Libxml2
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bladecenter-advanced-management-module-amm-is-affected-by-vulnerabilities-in-libxml2/
Security Bulletin: A security vulnerability in Vault affects Bastion Service of IBM Cloud Pak for Multicloud Management
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-vault-affects-bastion-service-of-ibm-cloud-pak-for-multicloud-management-2/
Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2020-26116
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-openscale-on-cloud-pak-for-data-is-impacted-by-cve-2020-26116/