End-of-Day report
Timeframe: Donnerstag 18-03-2021 18:00 - Freitag 19-03-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Microsoft Defender Antivirus behebt Sicherheitslücken in Exchange Server
Microsoft hat ein automatisches Entschärfungstool in Defender Antivirus implementiert, um kritische Sicherheitslücken in Exchange Server zu schließen, denn auch nach Wochen sind immer noch zehntausende Server ungepatcht.
https://www.zdnet.de/88393956/microsoft-defender-antivirus-behebt-sicherheitsluecken-in-exchange-server/?utm_source=rss&utm_medium=rss&utm_campaign=rss
New CopperStealer malware steals Google, Apple, Facebook accounts
Previously undocumented account-stealing malware distributed via fake software crack sites targets the users of major service providers, including Google, Facebook, Amazon, and Apple.
https://www.bleepingcomputer.com/news/security/new-copperstealer-malware-steals-google-apple-facebook-accounts/
REvil ransomware has a new -Windows Safe Mode- encryption mode
The REvil ransomware operation has added a new ability to encrypt files in Windows Safe Mode, likely to evade detection by security software and for greater success when encrypting files.
https://www.bleepingcomputer.com/news/security/revil-ransomware-has-a-new-windows-safe-mode-encryption-mode/
Sicherheitslücken: Hackergruppe nutzte 11 Zero Days in einem Jahr
Googles Project Zero berichtet über eine Hacker-Gruppe, die reihenweise Zero Days nutzte, um komplett gepatchte Geräte ihrer Opfer zu hacken.
https://www.golem.de/news/sicherheitsluecken-hackergruppe-nutzte-11-zero-days-in-einem-jahr-2103-155095-rss.html
Easy SMS Hijacking
Vice is reporting on a cell phone vulnerability caused by commercial SMS services. One of the things these services permit is text message forwarding. It turns out that with a little bit of anonymous money - in this case, $16 off an anonymous prepaid credit card - and a few lies, you can forward the text messages from any phone to any other phone.
https://www.schneier.com/blog/archives/2021/03/easy-sms-hijacking.html
Vorsicht bei der Urlaubsbuchung: Unseriöse Webseiten verlocken mit günstigen Angeboten
Lust auf die Malediven? Vielleicht auch auf Phuket? Oder wollen Sie aufgrund der anhaltenden Corona-Krise doch lieber Urlaub zuhause machen: In Wien? Oder im Tiroler Mayrhofen? Unterkünfte in diesen Reisezielen werden derzeit von unseriösen Buchungsplattformen angeboten. Wir zeigen Ihnen, auf welchen Webseiten Sie lieber nicht buchen sollten.
https://www.watchlist-internet.at/news/vorsicht-bei-der-urlaubsbuchung-unserioese-webseiten-verlocken-mit-guenstigen-angeboten/
Beware Android trojan posing as Clubhouse app
The malware can grab login credentials for more than 450 apps and bypass SMS-based two-factor authentication
https://www.welivesecurity.com/2021/03/18/beware-android-trojan-posing-clubhouse-app/
AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool
This Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with activity detailed in the following CISA Alerts: AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, which primarily focuses on an advanced persistent threat [...]
https://us-cert.cisa.gov/ncas/alerts/aa21-077a
Vulnerabilities
Mehrere Schwachstellen in SOYAL Biometric Access Control System 5.0
Zeroscience hat mehrere Schwachstellen im Produkt Biometric Access Control System des Herstellers SOYAL gefunden.
https://www.zeroscience.mk/en/vulnerabilities/
Mehrere Schwachstellen in KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1
Zeroscience hat mehrere Schwachstellen in Wi-Fi/VoIP CPEs der Hersteller KZ Broadband Technologies, Jaton und Neotel gefunden, darunter auch eine RCE
https://www.zeroscience.mk/en/vulnerabilities/
Security updates for Friday
Security updates have been issued by CentOS (kernel and pki-core), Debian (shibboleth-sp, shibboleth-sp2, and squid3), openSUSE (libmysofa and privoxy), Oracle (bind), and Ubuntu (ruby2.3, ruby2.5, ruby2.7).
https://lwn.net/Articles/849847/
Johnson Controls Exacq Technologies exacqVision
This advisory contains mitigations for an Information Exposure vulnerability in Exacq Technologies exacqVision web service. Exacq Technologies is a subsidiary of Johnson Controls.
https://us-cert.cisa.gov/ics/advisories/icsa-21-077-01
Hitachi ABB Power Grids eSOMS
This advisory contains mitigations for an Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Hitachi ABB Power Grids eSOMS software.
https://us-cert.cisa.gov/ics/advisories/icsa-21-077-02
Hitachi ABB Power Grids eSOMS Telerik
This advisory contains mitigations for Path Traversal, Deserialization of Untrusted Data, Improper Input Validation, Inadequate Encryption Strength, and Insufficiently Protected Credentials vulnerabilities in some Hitachi ABB Power Grids eSOMS products using Telerik software.
https://us-cert.cisa.gov/ics/advisories/icsa-21-077-03
Rockwell Automation Logix Controllers (Update A)
This updated advisory is a follow-up to the original advisory titled ICSA-21-056-03 Rockwell Automation Logix Controllers that was published February 25, 2021, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for an Insufficiently Protected Credentials vulnerability in Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, and Logix Controllers.
https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03
Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS)
https://jvn.jp/en/jp/JVN37607293/
March 17, 2021 TNS-2021-04 [R1] Nessus Agent 8.2.3 Fixes Multiple Vulnerabilities
https://www.tenable.com/security/tns-2021-04-0
Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-node-js-affect-ibm-voice-gateway-2/
Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-node-js-affect-ibm-voice-gateway/
Security Bulletin: Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-java-sdk-affects-ibm-voice-gateway-4/
Security Bulletin: Vulnerability in IBM Java Runtime Environment affects installation and uninstallation of IBM Spectrum Protect for Enterprise Resource Planning on AIX and Linux (CVE-2020-27221)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-environment-affects-installation-and-uninstallation-of-ibm-spectrum-protect-for-enterprise-resource-planning-on-aix-and-linux-cve-2020-27221-2/
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for Microsoft Windows
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-connectdirect-for-microsoft-windows/
Security Bulletin: IBM Cloud Pak for Security vulnerable to a stack-based buffer overflow (CVE-2020-27221)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-security-vulnerable-to-a-stack-based-buffer-overflow-cve-2020-27221/
Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct for Microsoft Windows
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-sterling-connectdirect-for-microsoft-windows-3/
Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct for Microsoft Windows
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-sterling-connectdirect-for-microsoft-windows-2/