End-of-Day report
Timeframe: Dienstag 23-03-2021 18:00 - Mittwoch 24-03-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Microsoft warns of phishing attacks bypassing email gateways
An ongoing phishing operation that stole an estimated 400,000 OWA and Office 365 credentials since December has now expanded to abuse new legitimate services to bypass secure email gateways (SEGs).
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-phishing-attacks-bypassing-email-gateways/
Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers
Purple Fox, a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities.
https://thehackernews.com/2021/03/purple-fox-rootkit-can-now-spread.html
Zahlreiche negative Bewertungen zu fashionmanufaktur.at
Seit Monaten häufen sich negative Erfahrungen und Bewertungen zahlreicher KonsumentInnen zum Online-Shop fashionmanufaktur.at.
https://www.watchlist-internet.at/news/zahlreiche-negative-bewertungen-zu-fashionmanufakturat/
Fake Websites Used in COVID-19 Themed Phishing Attacks, Impersonating Brands Like Pfizer and BioNTech
We describe trends in COVID-19 themed phishing attacks since the start of the pandemic to gain insight into the topics that attackers try to exploit.
https://unit42.paloaltonetworks.com/covid-19-themed-phishing-attacks/
Vulnerabilities
ZDI-21-354: (0Day) Lepide Active Directory Self Service Backup Missing Authentication Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Lepide Active Directory Self Service. Authentication is not required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-21-354/
Cisco Security Advisories 2021-03-24
1 Critical, 18 High, 19 Medium severity
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&securityImpactRatings=critical,high,medium&firstPublishedStartDate=2021%2F03%2F24&firstPublishedEndDate=2021%2F03%2F24&limit=50
Security updates for Wednesday
Security updates have been issued by Debian (imagemagick and squid), Fedora (jasper and kernel), Red Hat (pki-core), SUSE (gnutls, go1.15, go1.16, hawk2, jetty-minimal, libass, nghttp2, openssl, ruby2.5, sudo, and wavpack), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.3, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-kvm, linux-oem-5.10, linux-oem-5.6, linux-oracle, linux-oracle-5.4,[...]
https://lwn.net/Articles/850352/
SaltStack revises partial patch for command injection, privilege escalation vulnerability
The second fix was reportedly necessary after SaltStack did not participate in coordinated disclosure.
https://www.zdnet.com/article/saltstack-revises-partial-patch-for-command-injection-privilege-escalation-vulnerability/
Uncontrolled Search Path Element in Multiple Bosch Products
BOSCH-SA-835563-BT: Multiple Bosch software applications are affected by a security vulnerability, which potentially allows an attacker to load additional code in the form of DLLs (commonly known as "DLL Hijacking" or "DLL Preloading").
https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for UNIX
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-connectdirect-for-unix-4/
Security Bulletin: A vulnerability has been identified in IBM Elastic Storage System where an attacker could cause a denial of service (CVE-2020-5015)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-elastic-storage-system-where-an-attacker-could-cause-a-denial-of-service-cve-2020-5015/
Security Bulletin: IBM® Db2® db2fm is vulnerable to a buffer overflow (CVE-2020-5025)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-db2fm-is-vulnerable-to-a-buffer-overflow-cve-2020-5025-5/
Security Bulletin: IBM Kenexa LMS On Premise -[All] jQuery (Publicly disclosed vulnerability) - 180875
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-all-jquery-publicly-disclosed-vulnerability-180875/
Security Bulletin: A vulnerability in IBM Java SE affects IBM Elastic Storage Server
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-se-affects-ibm-elastic-storage-server/
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for UNIX
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-connectdirect-for-unix-3/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact (CVE-2020-14803, CVE-2020-27221)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-netcool-impact-cve-2020-14803-cve-2020-27221/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-directory-server-2/
Security Bulletin: A security vulnerability has been identified in IBM® SDK, Java- Technology Edition shipped with IBM Tivoli Netcool Impact (CVE-2020-14781)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-sdk-java-technology-edition-shipped-with-ibm-tivoli-netcool-impact-cve-2020-14781/
Security Bulletin: Rational Asset Analyzer is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2020-4590)
https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2020-4590/
Intel I210 network adapter vulnerability CVE-2020-0522
https://support.f5.com/csp/article/K37283878
Intel I210 network adapter vulnerability CVE-2020-0523
https://support.f5.com/csp/article/K31445234
Intel I210 network adapter vulnerability CVE-2020-0524
https://support.f5.com/csp/article/K83504933
Intel I210 network adapter vulnerability CVE-2020-0525
https://support.f5.com/csp/article/K44482551
Linux Kernel: Schwachstelle ermöglicht Codeausführung
http://www.cert-bund.de/advisoryshort/CB-K21-0306
Pro-FTPd: Schwachstelle ermöglicht Denial of Service
http://www.cert-bund.de/advisoryshort/CB-K21-0304