End-of-Day report
Timeframe: Dienstag 16-03-2021 18:00 - Mittwoch 17-03-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Mimecast says SolarWinds hackers breached its network and spied on customers
Mimecast-issued certificate used to connect to customers- Microsoft 365 tenants.
https://arstechnica.com/?p=1750098
Twitter images can be abused to hide ZIP, MP3 files - heres how
Yesterday, a researcher disclosed a method of hiding up to three MB of data inside a Twitter image. In his demonstration, the researcher showed both MP3 audio files and ZIP archives contained within the PNG images hosted on Twitter.
https://www.bleepingcomputer.com/news/security/twitter-images-can-be-abused-to-hide-zip-mp3-files-heres-how/
Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities
This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065.
https://msrc-blog.microsoft.com:443/2021/03/16/guidance-for-responders-investigating-and-remediating-on-premises-exchange-server-vulnerabilities/
Microsoft Exchange Server: These quarterly updates include fixes for security flaws
Microsoft releases Exchange Server 2016 and 2019 cumulative updates that address critical flaws.
https://www.zdnet.com/article/microsoft-exchange-server-these-quarterly-updates-include-fixes-for-security-flaws/
New ICS Threat Activity Group: VANADINITE
The new VANADINITE activity group targets electric utilities, oil and gas, manufacturing, telecommunications, and transportation.
https://www.dragos.com/blog/industry-news/new-ics-threat-activity-group-vanadinite/
So hacken Kriminelle unbemerkt Ihre Website, um Fake-Shops zu betreiben
Sicherheitslücken auf Websites von Unternehmen und Vereinen werden auch genutzt, um Fake-Shops zu platzieren. Mittels Cloaking leiten Kriminelle die BesucherInnen zu Fake-Shops um. Die betroffenen Unternehmen und Vereine wissen nichts davon. Wir erklären Ihnen, wie Cloaking funktioniert und was Sie dagegen machen können.
https://www.watchlist-internet.at/news/so-hacken-kriminelle-unbemerkt-ihre-website-um-fake-shops-zu-betreiben/
New Mirai Variant Targeting Network Security Devices
We discovered ongoing attacks leveraging IoT vulnerabilities, including in network security devices, to serve a Mirai variant.
https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/
NIS2 Proposal: First feedback on the normative text
After looking at the recitals a few weeks ago, here is my feedback on the normative text of the NIS2 proposal.
https://cert.at/en/blog/2021/3/nis2-proposal-first-feedback-on-the-normative-text
CISA-FBI Joint Advisory on TrickBot Malware
CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on TrickBot malware.
https://us-cert.cisa.gov/ncas/current-activity/2021/03/17/cisa-fbi-joint-advisory-trickbot-malware-0
CVE-2021-27076: A Replay-Style Deserialization Attack Against SharePoint
An attacker is frequently in the position of having to find a technique to evade some data integrity measure implemented by a target.
https://www.thezdi.com/blog/2021/3/17/cve-2021-27076-a-replay-style-deserialization-attack-against-sharepoint
Vulnerabilities
Researcher adds their package to Microsoft Azure SDK releases list
A security researcher was able to add their own test package to the official list of Microsoft Azure SDK latest releases. The simple trick if abused by an attacker can give off the impression that their malicious package is part of the Azure SDK suite.
https://www.bleepingcomputer.com/news/security/researcher-adds-their-package-to-microsoft-azure-sdk-releases-list/
Security updates for Wednesday
Security updates have been issued by Debian (shadow, tor, and velocity), Fedora (gsoap, qt5-qtsvg, and switchboard-plug-bluetooth), Mageia (batik, chromium-browser-stable, glibc, ksh, and microcode), openSUSE (389-ds, connman, freeradius-server, froxlor, openssl-1_0_0, openssl-1_1, postgresql12, and python-markdown2), Red Hat (bind, curl, kernel, nss and nss-softokn, perl, python, and tomcat), Scientific Linux (ipa, kernel, and pki-core), SUSE (glib2 and velocity), and Ubuntu (containerd).
https://lwn.net/Articles/849622/
WordPress plugin "Paid Memberships Pro" vulnerable to SQL injection
https://jvn.jp/en/jp/JVN08191557/
Cisco Small Business RV132W and RV134W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p
Security Bulletin: IBM Network Performance Insight 1.3.1 was affected by multiple vulnerabilities in jackson-databind
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/
Security Bulletin: CVE-2020-14782 may affect IBM® SDK, Java- Technology Edition for Content Collector for SAP Applications
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-14782-may-affect-ibm-sdk-java-technology-edition-for-content-collector-for-sap-applications/
Security Bulletin: Multiple security vulnerabilities have been identified in IBM® Java SDK that affect IBM Security Directory Suite
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-java-sdk-that-affect-ibm-security-directory-suite/
Security Bulletin: Rational Application Developer is vulnerable to CVE-2020-2773
https://www.ibm.com/blogs/psirt/security-bulletin-rational-application-developer-is-vulnerable-to-cve-2020-2773/
Security Bulletin: IBM Security Directory Suite is affected by a vulnerability (CVE-2020-4329)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-directory-suite-is-affected-by-a-vulnerability-cve-2020-4329/
Security Bulletin: IBM SDK, Java Technology Edition, Security Update February 2021
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-security-update-february-2021/
Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java- Technology Edition may affect IBM Content Collector for SAP Applications
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-may-affect-ibm-content-collector-for-sap-applications/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-content-collector-for-sap-applications-2/
Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (CVE-2020-13434, CVE-2020-13435)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-cve-2020-13434-cve-2020-13435/
Security Bulletin: Multiple Security Vulnerabilties have been fixed in the IBM Security Access Manager and IBM Security Verify Access appliances.
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilties-have-been-fixed-in-the-ibm-security-access-manager-and-ibm-security-verify-access-appliances/
Cross-Site Scripting Vulnerabilities in Elementor Impact Over 7 Million Sites
https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/