End-of-Day report
Timeframe: Montag 26-04-2021 18:00 - Dienstag 27-04-2021 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
News
15 open source GitHub projects for security pros
Whether you are a sysadmin, a threat intel analyst, a malware researcher, forensics expert, or even a software developer looking to build secure software, these 15 free tools from GitHub or GitLab can easily fit into your day-to-day work activities and provide added advantages.
https://www.csoonline.com/article/3058594/19-open-source-github-projects-for-security-pros.html
CAD: .DGN and .MVBA Files, (Mon, Apr 26th)
Regularly I receive questions about MicroStation files, since I wrote a diary entry about AutoCAD drawings containing VBA code.
https://isc.sans.edu/diary/rss/27354
Aggrokatz: pypykatz trifft Cobalt Strike
Das Tool "aggrokatz", welches von SEC Consult intern zum Parsen von LSASS-Dump-Dateien in Cobalt Strike eingesetzt wird, wurde soeben als Open Source Tool veröffentlicht!
https://sec-consult.com/de/blog/detail/aggrokatz-pypykatz-trifft-cobalt-strike/
The March/April 2021 issue of our SWITCH Security Report is available!
A new issue of our bi-monthly SWITCH Security Report is available! The topics covered in this report are: Exploit on Exchange
https://securityblog.switch.ch/2021/04/27/the-march-april-2021-issue-of-our-switch-security-report-is-available/
Vulnerability Spotlight: Information disclosure vulnerability in the Linux Kernel
Cisco Talos recently discovered an information disclosure vulnerability in the Linux Kernel.
https://blog.talosintelligence.com/2021/04/vuln-spotlight-linux-kernel.html
Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU
Earlier this year, the FBI in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German Federal Criminal Police Office (BKA) and other international law enforcement agencies brought down what Europol rereferred to as the worlds most dangerous malware: Emotet.
https://www.troyhunt.com/data-from-the-emotet-malware-is-now-searchable-in-have-i-been-pwned-courtesy-of-the-fbi-and-nhtcu/
WhatsApp-NutzerInnen aufgepasst: Kriminelle versuchen Ihr WhatsApp-Konto zu stehlen
Sie wurden auf WhatsApp gebeten, einen 6-stelligen-Code weiterzuleiten? Tun Sie das auf gar keinen Fall, dieser Code ist der Schlüssel zu Ihrem WhatsApp-Account. Kriminelle versuchen Sie mit unterschiedlichsten Begründungen zu überzeugen, diesen weiterzuleiten.
https://www.watchlist-internet.at/news/whatsapp-nutzerinnen-aufgepasst-kriminelle-versuchen-ihr-whatsapp-konto-zu-stehlen/
CISA and NIST Release New Interagency Resource: Defending Against Software Supply Chain Attacks
A software supply chain attack-such as the recent SolarWinds Orion attack-occurs when a cyber threat actor infiltrates a software vendor-s network and employs malicious code to compromise the software before the vendor sends it to their customers.
https://us-cert.cisa.gov/ncas/current-activity/2021/04/26/cisa-and-nist-release-new-interagency-resource-defending-against
Vulnerabilities
All Your Macs Are Belong To Us
Here, we detail a bug that trivially bypasses many core Apple security mechanisms, leaving Mac users at grave risk!
https://objective-see.com/blog/blog_0x64.html
Citrix ShareFile storage zones controller security update
A security issue has been identified in the Citrix ShareFile storage zones controller which, if exploited, would allow an unauthenticated attacker to remotely compromise the storage zones controller.
https://support.citrix.com/article/CTX310780
Severe Unpatched Vulnerabilities Leads to Closure of Store Locator Plus Plugin
On March 5, 2021, the Wordfence Threat Intelligence team wrapped up an investigation that led to the discovery of a privilege escalation vulnerability along with several additional vulnerabilities in Store Locator Plus, a WordPress plugin installed on over 9,000 sites.
https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/
Security updates for Tuesday
Security updates have been issued by Debian (gst-libav1.0, gst-plugins-bad1.0, gst-plugins-base1.0, and gst-plugins-ugly1.0), Fedora (kernel, kernel-headers, kernel-tools, and rust), openSUSE (firefox), Oracle (firefox, mariadb:10.3 and mariadb-devel:10.3, thunderbird, and xstream), Red Hat (kernel, kernel-alt, kpatch-patch, nss, and openldap), Scientific Linux (firefox, thunderbird, and xstream), SUSE (firefox), and Ubuntu (file-roller, firefox, and ruby2.7).
https://lwn.net/Articles/854623/
NTLM Relay Attack Abuses Windows RPC Protocol Vulnerability
A newly identified NTLM (New Technology LAN Manager) relay attack abuses a remote procedure call (RPC) vulnerability to enable elevation of privilege, researchers from cybersecurity firm SentinelOne reveal.
https://www.securityweek.com/ntlm-relay-attack-abuses-windows-rpc-protocol-vulnerability
Apple Security Updates 2021-04-26
https://support.apple.com/en-us/HT201222
Security Bulletin: IBM® Db2® db2fm is vulnerable to a buffer overflow (CVE-2020-5025)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-db2fm-is-vulnerable-to-a-buffer-overflow-cve-2020-5025-7/
Security Bulletin: IBM Content Navigator is vulnerable to cross-site scripting.
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-vulnerable-to-cross-site-scripting-4/
Security Bulletin: Vulnerability in Apache MyFaces affects Liberty for Java for IBM Cloud (CVE-2021-26296)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-myfaces-affects-liberty-for-java-for-ibm-cloud-cve-2021-26296-2/
Security Bulletin: Buffer Overflow Vulnerability in IBM SDK Affects IBM Transformation Extender
https://www.ibm.com/blogs/psirt/security-bulletin-buffer-overflow-vulnerability-in-ibm-sdk-affects-ibm-transformation-extender-3/
Security Bulletin: IBM® Db2® is vulnerable to a denial of service (CVE-2020-5024)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-denial-of-service-cve-2020-5024-6/
Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect Snapshot on AIX and Linux (CVE-2020-27221)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-ibm-spectrum-protect-snapshot-on-aix-and-linux-cve-2020-27221/
Security Bulletin: IBM Content Navigator is vulnerable to cross-site scripting
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-vulnerable-to-cross-site-scripting-3/
Security Bulletin: Multiple vulnerabilities affect the IBM Spectrum Scale GUI
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-the-ibm-spectrum-scale-gui-3/
Security Bulletin: IBM® Db2® is vulnerable to weak file permissions allowing access to specific files (CVE-2020-4976)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-weak-file-permissions-allowing-access-to-specific-files-cve-2020-4976-6/
Nvidia Treiber: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K21-0440
Red Hat OpenShift: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K21-0447
TYPO3 Extension: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K21-0449
Google Releases Security Updates for Chrome
https://us-cert.cisa.gov/ncas/current-activity/2021/04/27/google-releases-security-updates-chrome