Tageszusammenfassung - 23.04.2021

End-of-Day report

Timeframe: Donnerstag 22-04-2021 18:00 - Freitag 23-04-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter

News

[SANS ISC] Malicious PowerPoint Add-On: -Small Is Beautiful-

I published the following diary on isc.sans.edu: -Malicious PowerPoint Add-On: -Small Is Beautiful--: Yesterday I spotted a DHL-branded phishing campaign that used a PowerPoint file to compromise the victim. The malicious attachment is a PowerPoint add-in. This technique is not new, I already analyzed such a sample in a previous [...]

https://blog.rootshell.be/2021/04/23/sans-isc-malicious-powerpoint-add-on-small-is-beautiful/


Erpressungstrojaner eCh0raix und Qlocker haben es auf Qnap NAS abgesehen

Aufgrund von aktuellen Ransomware-Attacken auf Netzwerkspeicher (NAS) von Qnap sollten alle Besitzer die Software auf aktuellem Stand halten.

https://heise.de/-6026483


Sicherheitsforscher: AirDrop kann Kontaktdaten des iPhone-Besitzers preisgeben

Telefonnumer und Mail-Adresse sind gehasht, lassen sich von nahen Angreifern aber zurückrechnen, so die Forscher. Apple kenne die Lücke seit zwei Jahren.

https://heise.de/-6026661


Microsoft ruft an? Legen Sie lieber auf!

Aktuell häufen sich wieder Anrufe von vermeintlichen Microsoft-MitarbeiterInnen. Dabei handelt es sich um BetrügerInnen, die wahllos Menschen anrufen und von einem Problem mit dem Computer der Opfer sprechen. Die Masche dahinter: Kriminelle wollen sich Zugang zu Ihrem Computer verschaffen und sensible Daten abgreifen. Legen Sie bei solchen Anrufen sofort auf!

https://www.watchlist-internet.at/news/microsoft-ruft-an-legen-sie-lieber-auf/


Network Attack Trends: Internet of Threats (November 2020-January 2021)

Network attack trends in the Winter quarter of 2020 revealed some interesting trends, such as increased attacker preference for newly released vulnerabilities and a large uptick in attacks deemed Critical. In addition to details of the newly observed exploits, in this blog, we also dive deep into the exploitation analysis, vendor analysis, attack origin, and attack category distribution.

https://unit42.paloaltonetworks.com/network-attack-trends-winter-2020/


Angriff auf Anti-Phishing-Banner in E-Mails

Bei der Analyse von Warnungen vor Phishing-Mails stellte die SySS erhebliche Mängel fest, die es Angreifenden ermöglichen, solche Banner auszublenden.

https://www.syss.de/pentest-blog/angriff-auf-anti-phishing-banner-in-e-mails


Sysrv: A new crypto-mining botnet is silently growing in the shadows

If you forget to update or properly secure an internet-connected server or web app, the chances are that a crypto-mining botnet will infect it first, long before any nation-state hacking group. Crypto-mining botnets have been a plague on the internet for the past three years, and despite the space being more than saturated, new botnets are being built and discovered on a re.gular basis, driven mainly by cybercriminals unquenched thirst for easy money.

https://therecord.media/sysrv-a-new-crypto-mining-botnet-is-silently-growing-in-the-shadows/

Vulnerabilities

Sipwise C5 NGCP CSC CSRF Click2Dial Exploit

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5649.php


Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities

Sipwise software platform suffers from multiple authenticated stored and reflected cross-site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site.

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5648.php


BOSCH-SA-918106 - ctrlX Multiple Vulnerabilities

Multiple vulnerabilities in operating system libraries and the Linux kernel have been reported which in a worst case scenario could allow an attacker to compromise the system by provoking a crash or the execution of malicious code. The affected functions are not used directly by any Rexroth software component and therefore the risk of an attacker being able to exploit the vulnerability is considered as low. Nevertheless, it cannot be completely ruled out that the functions might be called [...]

https://psirt.bosch.com/security-advisories/bosch-sa-918106.html


Security Bulletin: Trend Micro HouseCall for Home Networks Incorrect Permission Assignment Privilege Escalation Vulnerabilities

Trend Micro has released an updated version of Trend Micro HouseCall for Home Networks which resolve two incorrect permission assignment vulnerabilities that may lead to privilege escalation.

https://helpcenter.trendmicro.com/en-us/article/TMKA-10310


Security updates for Friday

Security updates have been issued by Debian (firefox-esr, openjdk-8, and wpa), openSUSE (irssi, jhead, opera, and python-django-registration), SUSE (firefox and qemu), and Ubuntu (dnsmasq and shibboleth-sp).

https://lwn.net/Articles/854215/


Horner Automation Cscape

This advisory contains mitigations for Improper Input Validation, and Improper Access Controls vulnerabilities in Horner Automation Cscape control system application programming software.

https://us-cert.cisa.gov/ics/advisories/icsa-21-112-01


Mitsubishi Electric GOT

This advisory contains mitigations for an Improper Authentication vulnerability in Mitsubishi Electrics GOT human-machine interface products.

https://us-cert.cisa.gov/ics/advisories/icsa-21-112-02


Security Bulletin: Series of vulnerabilities in FasterXML jackson-databind affect Apache Solr shipped with IBM Operations Analytics - Log Analysis

https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/


Security Bulletin: A vulnerability in IBM® Runtime Environments Java- Technology Edition Versions affects IBM® Db2®. (January 2021 CPU)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-runtime-environments-java-technology-edition-versions-affects-ibm-db2-january-2021-cpu/


Security Bulletin: IBM® Db2® could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. (CVE-2020-4739)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-could-allow-a-local-authenticated-attacker-to-execute-arbitrary-code-on-the-system-caused-by-dll-search-order-hijacking-vulnerability-in-microsoft-windows-clie-12/


Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Sourcing

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-vulnerabilities-affect-ibm-emptoris-sourcing-2/


Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform-2/


Security Bulletin: Vulnerability in Apache MyFaces affects Liberty for Java for IBM Cloud (CVE-2021-26296)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-myfaces-affects-liberty-for-java-for-ibm-cloud-cve-2021-26296/


Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Contract Management

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-vulnerabilities-affect-ibm-emptoris-contract-management-2/


Security Bulletin: IBM DB2 Server Vulnerabilities Affect IBM Emptoris Emptoris Supplier Lifecycle Mgmt

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-server-vulnerabilities-affect-ibm-emptoris-emptoris-supplier-lifecycle-mgmt/


Security Bulletin: Vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis (CVE-2017-1000190)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-solr-affects-ibm-operations-analytics-log-analysis-cve-2017-1000190/