End-of-Day report
Timeframe: Donnerstag 22-04-2021 18:00 - Freitag 23-04-2021 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
[SANS ISC] Malicious PowerPoint Add-On: -Small Is Beautiful-
I published the following diary on isc.sans.edu: -Malicious PowerPoint Add-On: -Small Is Beautiful--: Yesterday I spotted a DHL-branded phishing campaign that used a PowerPoint file to compromise the victim. The malicious attachment is a PowerPoint add-in. This technique is not new, I already analyzed such a sample in a previous [...]
https://blog.rootshell.be/2021/04/23/sans-isc-malicious-powerpoint-add-on-small-is-beautiful/
Erpressungstrojaner eCh0raix und Qlocker haben es auf Qnap NAS abgesehen
Aufgrund von aktuellen Ransomware-Attacken auf Netzwerkspeicher (NAS) von Qnap sollten alle Besitzer die Software auf aktuellem Stand halten.
https://heise.de/-6026483
Sicherheitsforscher: AirDrop kann Kontaktdaten des iPhone-Besitzers preisgeben
Telefonnumer und Mail-Adresse sind gehasht, lassen sich von nahen Angreifern aber zurückrechnen, so die Forscher. Apple kenne die Lücke seit zwei Jahren.
https://heise.de/-6026661
Microsoft ruft an? Legen Sie lieber auf!
Aktuell häufen sich wieder Anrufe von vermeintlichen Microsoft-MitarbeiterInnen. Dabei handelt es sich um BetrügerInnen, die wahllos Menschen anrufen und von einem Problem mit dem Computer der Opfer sprechen. Die Masche dahinter: Kriminelle wollen sich Zugang zu Ihrem Computer verschaffen und sensible Daten abgreifen. Legen Sie bei solchen Anrufen sofort auf!
https://www.watchlist-internet.at/news/microsoft-ruft-an-legen-sie-lieber-auf/
Network Attack Trends: Internet of Threats (November 2020-January 2021)
Network attack trends in the Winter quarter of 2020 revealed some interesting trends, such as increased attacker preference for newly released vulnerabilities and a large uptick in attacks deemed Critical. In addition to details of the newly observed exploits, in this blog, we also dive deep into the exploitation analysis, vendor analysis, attack origin, and attack category distribution.
https://unit42.paloaltonetworks.com/network-attack-trends-winter-2020/
Angriff auf Anti-Phishing-Banner in E-Mails
Bei der Analyse von Warnungen vor Phishing-Mails stellte die SySS erhebliche Mängel fest, die es Angreifenden ermöglichen, solche Banner auszublenden.
https://www.syss.de/pentest-blog/angriff-auf-anti-phishing-banner-in-e-mails
Sysrv: A new crypto-mining botnet is silently growing in the shadows
If you forget to update or properly secure an internet-connected server or web app, the chances are that a crypto-mining botnet will infect it first, long before any nation-state hacking group. Crypto-mining botnets have been a plague on the internet for the past three years, and despite the space being more than saturated, new botnets are being built and discovered on a re.gular basis, driven mainly by cybercriminals unquenched thirst for easy money.
https://therecord.media/sysrv-a-new-crypto-mining-botnet-is-silently-growing-in-the-shadows/
Vulnerabilities
Sipwise C5 NGCP CSC CSRF Click2Dial Exploit
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5649.php
Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities
Sipwise software platform suffers from multiple authenticated stored and reflected cross-site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site.
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5648.php
BOSCH-SA-918106 - ctrlX Multiple Vulnerabilities
Multiple vulnerabilities in operating system libraries and the Linux kernel have been reported which in a worst case scenario could allow an attacker to compromise the system by provoking a crash or the execution of malicious code. The affected functions are not used directly by any Rexroth software component and therefore the risk of an attacker being able to exploit the vulnerability is considered as low. Nevertheless, it cannot be completely ruled out that the functions might be called [...]
https://psirt.bosch.com/security-advisories/bosch-sa-918106.html
Security Bulletin: Trend Micro HouseCall for Home Networks Incorrect Permission Assignment Privilege Escalation Vulnerabilities
Trend Micro has released an updated version of Trend Micro HouseCall for Home Networks which resolve two incorrect permission assignment vulnerabilities that may lead to privilege escalation.
https://helpcenter.trendmicro.com/en-us/article/TMKA-10310
Security updates for Friday
Security updates have been issued by Debian (firefox-esr, openjdk-8, and wpa), openSUSE (irssi, jhead, opera, and python-django-registration), SUSE (firefox and qemu), and Ubuntu (dnsmasq and shibboleth-sp).
https://lwn.net/Articles/854215/
Horner Automation Cscape
This advisory contains mitigations for Improper Input Validation, and Improper Access Controls vulnerabilities in Horner Automation Cscape control system application programming software.
https://us-cert.cisa.gov/ics/advisories/icsa-21-112-01
Mitsubishi Electric GOT
This advisory contains mitigations for an Improper Authentication vulnerability in Mitsubishi Electrics GOT human-machine interface products.
https://us-cert.cisa.gov/ics/advisories/icsa-21-112-02
Security Bulletin: Series of vulnerabilities in FasterXML jackson-databind affect Apache Solr shipped with IBM Operations Analytics - Log Analysis
https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/
Security Bulletin: A vulnerability in IBM® Runtime Environments Java- Technology Edition Versions affects IBM® Db2®. (January 2021 CPU)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-runtime-environments-java-technology-edition-versions-affects-ibm-db2-january-2021-cpu/
Security Bulletin: IBM® Db2® could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. (CVE-2020-4739)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-could-allow-a-local-authenticated-attacker-to-execute-arbitrary-code-on-the-system-caused-by-dll-search-order-hijacking-vulnerability-in-microsoft-windows-clie-12/
Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Sourcing
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-vulnerabilities-affect-ibm-emptoris-sourcing-2/
Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform-2/
Security Bulletin: Vulnerability in Apache MyFaces affects Liberty for Java for IBM Cloud (CVE-2021-26296)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-myfaces-affects-liberty-for-java-for-ibm-cloud-cve-2021-26296/
Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Contract Management
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-vulnerabilities-affect-ibm-emptoris-contract-management-2/
Security Bulletin: IBM DB2 Server Vulnerabilities Affect IBM Emptoris Emptoris Supplier Lifecycle Mgmt
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-server-vulnerabilities-affect-ibm-emptoris-emptoris-supplier-lifecycle-mgmt/
Security Bulletin: Vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis (CVE-2017-1000190)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-solr-affects-ibm-operations-analytics-log-analysis-cve-2017-1000190/