End-of-Day report
Timeframe: Donnerstag 15-04-2021 18:00 - Freitag 16-04-2021 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Sicherheitslücken: Google Project Zero gibt Nutzern 30 Tage zum Patchen
Mit der neuen Regelung hofft Googles Project Zero auf mehr Sicherheit für die Nutzer und schnellere Patches.
https://www.golem.de/news/sicherheitsluecken-google-project-zero-gibt-nutzern-30-tage-zum-patchen-2104-155782-rss.html
[SANS ISC] HTTPS Support for All Internal Services
I published the following diary on isc.sans.edu: -HTTPS Support for All Internal Services-: SSL/TLS has been on stage for a while with deprecated protocols, free certificates for everybody. The landscape is changing to force more and more people to switch to encrypted communications and this is good! Like Johannes explained yesterday, [...]
https://blog.rootshell.be/2021/04/16/sans-isc-https-support-for-all-internal-services/
The rise of QakBot
AT&T Alien Labs closely monitors the evolution of crimeware such as the QakBot malware family and campaigns in connection with QakBot. The jointly coordinated takedown of the actors behind Emotet in late January has left a gap in the cybercrime landscape, which QakBot seems poised to fill.
https://cybersecurity.att.com/blogs/labs-research/the-rise-of-qakbot
-Huge upsurge- in DDoS attacks during pandemic
A new report by Netscout sets yet out another way in which why 2020 was a record-breaking year for for all the wrong reasons.
https://blog.malwarebytes.com/reports/2021/04/huge-upsurge-in-ddos-attacks-during-pandemic/
Security vs User Journey
Something I often think about is how my recommendations for clients to fix small security issues can spoil / complicate their users- journey. UX matters I understand that UX is [...]
https://www.pentestpartners.com/security-blog/security-vs-user-journey/
Are Your Nagios XI Servers Turning Into Cryptocurrency Miners for Attackers?
Unit 42 researchers found an attack in the wild targeting Nagios XI 5.7.5 that exploits CVE-2021-25296 and drops a cryptocurrency miner. Read more for an analysis of the vulnerable code, the resulting command injection, and the malicious scripts.
https://unit42.paloaltonetworks.com/nagios-xi-vulnerability-cryptomining/
CISA and CNMF Analysis of SolarWinds-related Malware
CISA and the Department of Defense (DoD) Cyber National Mission Force (CNMF) have analyzed additional SolarWinds-related malware variants-referred to as SUNSHUTTLE and SOLARFLARE. One of the analyzed files was identified as a China Chopper webshell server-side component that was observed on a network with an active SUNSHUTTLE infection. The webshell can provide a cyber threat actor an alternative method of accessing a network, even if the SUNSHUTTLE [...]
https://us-cert.cisa.gov/ncas/current-activity/2021/04/15/cisa-and-cnmf-analysis-solarwinds-related-malware
Codecov discloses 2.5-month-long supply chain attack
Codecov, a software company that provides code testing and code statistics solutions, disclosed on Thursday a major security breach after a threat actor managed to breach its platform and add a credentials harvester to one of its tools.
https://therecord.media/codecov-discloses-2-5-month-long-supply-chain-attack/
Vulnerabilities
Security updates for Friday
Security updates have been issued by Debian (smarty3), Fedora (libpano13, python3.8, and seamonkey), Mageia (chromium-browser-stable, gstreamer1.0, thunderbird, and x11-server), Oracle (libldb and thunderbird), SUSE (grafana and system-user-grafana, kernel, and openldap2), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.3, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-kvm, [...]
https://lwn.net/Articles/852978/
Schneider Electric C-Bus Toolkit
This advisory contains mitigations for Improper Privilege Management and Path Traversal vulnerabilities in the Schneider Electric C-Bus Toolkit.
https://us-cert.cisa.gov/ics/advisories/icsa-21-105-01
EIPStackGroup OpENer Ethernet/IP
This advisory contains mitigations for Incorrect Conversion Between Numeric Types, Stack-based Buffer Overflow, and Out-of-bounds Read vulnerabilities in EIPStackGroup OpENer Ethernet IP.
https://us-cert.cisa.gov/ics/advisories/icsa-21-105-02
Multiple NSS vulnerabilities CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, and CVE-2020-12402
https://support.f5.com/csp/article/K61267093
NSS vulnerability CVE-2020-12403
https://support.f5.com/csp/article/K13290208
LibreOffice: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
https://www.cert-bund.de/advisoryshort/CB-K21-0393