End-of-Day report
Timeframe: Dienstag 20-04-2021 18:00 - Mittwoch 21-04-2021 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
News
Brace yourselves. Facebook has a new mega-leak on its hands
Facebook Email Search v1.0 can process 5 million email addresses per day, researcher says.
https://arstechnica.com/?p=1758893
Logins for 1.3 million Windows RDP servers collected from hacker market
-The login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked by UAS, the largest hacker marketplace for stolen RDP credentials.
https://www.bleepingcomputer.com/news/security/logins-for-13-million-windows-rdp-servers-collected-from-hacker-market/
New article: Run your malicious VBA macros anywhere!
Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.
https://www.virusbulletin.com/blog/2021/04/new-article-run-your-malicious-vba-macros-anywhere/
CVE-2021-30481: Source engine remote code execution via game invites
In this blog post, we will look at how an attacker can use the Steamworks API in combination with various features and properties of the Source engine to gain remote code execution (RCE) through malicious Steam game invites.
https://secret.club/2021/04/20/source-engine-rce-invite.html
A year of Fajan evolution and Bloomberg themed campaigns
Some malware campaigns are designed to spread malware to as many people as possible - while some others carefully choose their targets. Cisco Talos recently discovered a malware campaign that does not fit in any of the two categories.
https://blog.talosintelligence.com/2021/04/a-year-of-fajan-evolution-and-bloomberg.html
Kleinanzeigenbetrug: Vorsicht bei Abwicklung über erfundene Speditionen!
Der Verkauf von gebrauchten Waren über Kleinanzeigenportale wie willhaben.at, shpock.com oder ebay.at boomt. Doch Vorsicht: Auch der Betrug auf solchen Plattformen wird uns derzeit häufig gemeldet. Besonders beliebt unter den Kriminellen ist die Kaufabwicklung über erfundene Speditionen.
https://www.watchlist-internet.at/news/kleinanzeigenbetrug-vorsicht-bei-abwicklung-ueber-erfundene-speditionen/
WhatsApp Pink: Watch out for this fake update
The malware sends automated replies to messages on WhatsApp and other major chat apps.
https://www.welivesecurity.com/2021/04/20/whatsapp-pink-watch-out-fake-update/
Vulnerabilities
Update Your Chrome Browser ASAP to Patch a Week Old Public Exploit
Google on Tuesday released an update for Chrome web browser for Windows, Mac, and Linux, with a total of seven security fixes, including one flaw for which it says an exploit exists in the wild.
https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html
Oracle veröffentlicht 390 Sicherheitsupdates für MySQL, Java & Co.
In seinem Quartalsupdate patcht sich Oracle durch sein Software-Portfolio und schließt unter anderem einige kritische Sicherheitslücken.
https://heise.de/-6022746
Jetzt patchen! Attacken auf E-Mail Security Appliances von SonicWall
Es gibt wichtige Updates für SonicWalls "Email Security". Angreifer nutzen eine Lücke derzeit aktiv aus.
https://heise.de/-6022716
Security updates for Wednesday
Security updates have been issued by Debian (firefox-esr, php-pear, wordpress, and zabbix), Oracle (java-1.8.0-openjdk and java-11-openjdk), Red Hat (java-1.8.0-openjdk, java-11-openjdk, kernel, and kpatch-patch), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), Slackware (seamonkey), SUSE (apache-commons-io, ImageMagick, kvm, ruby2.5, and sudo), and Ubuntu (edk2, libcaca, ntp, and ruby2.3, ruby2.5, ruby2.7).
https://lwn.net/Articles/853759/
VU#567764: MySQL for Windows is vulnerable to privilege escalation due to OPENSSLDIR location
https://kb.cert.org/vuls/id/567764
ZDI-21-442: (0Day) Advantech WebAccess/HMI Designer SNF File Parsing Memory Corruption Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-21-442/
ZDI-21-441: (0Day) Advantech WebAccess/HMI Designer PLF File Parsing Memory Corruption Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-21-441/
Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect Apache Solr shipped with IBM Operations Analytics - Log Analysis
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-eclipse-jetty-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/
Security Bulletin: Vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis (CVE-2019-17558)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-solr-affects-ibm-operations-analytics-log-analysis-cve-2019-17558/
Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20454)
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-an-xml-external-entity-xxe-injection-vulnerability-cve-2021-20454/
Security Bulletin: Vulnerability in jersey affect Apache Zookeeper shipped with IBM Operations Analytics - Log Analysis (CVE-2014-3643)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jersey-affect-apache-zookeeper-shipped-with-ibm-operations-analytics-log-analysis-cve-2014-3643/
Security Bulletin: Security Bulletin: IBM SDK Java Quarterly CPU Oct 2020 Vulnerabilities Affect IBM Transformation Extender
https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-ibm-sdk-java-quarterly-cpu-oct-2020-vulnerabilities-affect-ibm-transformation-extender/
Security Bulletin: SMTP for IBM i is affected by CVE-2021-20501
https://www.ibm.com/blogs/psirt/security-bulletin-smtp-for-ibm-i-is-affected-by-cve-2021-20501/
Security Bulletin: Update available for OpenSSL vulnerabilities affecting IBM Watson Speech Services 1.2.1
https://www.ibm.com/blogs/psirt/security-bulletin-update-available-for-openssl-vulnerabilities-affecting-ibm-watson-speech-services-1-2-1/
Security Bulletin: protobuf Vulnerability in Apache Solr affect IBM Operations Analytics - Log Analysis Analysis (CVE-2015-5237)
https://www.ibm.com/blogs/psirt/security-bulletin-protobuf-vulnerability-in-apache-solr-affect-ibm-operations-analytics-log-analysis-analysis-cve-2015-5237/
Security Bulletin: Vulnerabilities in IBM Java and Apache Tomcat affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-and-apache-tomcat-affect-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-v9000-products/
Security Bulletin: Vulnerability in Apache Ant affect IBM Operations Analytics - Log Analysis Analysis (CVE-2020-1945)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-ant-affect-ibm-operations-analytics-log-analysis-analysis-cve-2020-1945/
Severe Vulnerabilities Patched in Redirection for Contact Form 7 Plugin
https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/
Hitachi ABB Power Grids Ellipse APM
https://us-cert.cisa.gov/ics/advisories/icsa-21-110-01
Rockwell Automation Stratix Switches
https://us-cert.cisa.gov/ics/advisories/icsa-21-110-02
Delta Industrial Automation COMMGR
https://us-cert.cisa.gov/ics/advisories/icsa-21-110-03
Delta Electronics CNCSoft ScreenEditor
https://us-cert.cisa.gov/ics/advisories/icsa-21-110-04
Delta Electronics CNCSoft-B
https://us-cert.cisa.gov/ics/advisories/icsa-21-110-05
Eaton Intelligent Power Manager
https://us-cert.cisa.gov/ics/advisories/icsa-21-110-06
Siemens Mendix
https://us-cert.cisa.gov/ics/advisories/icsa-21-110-07