End-of-Day report
Timeframe: Dienstag 04-05-2021 18:00 - Mittwoch 05-05-2021 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
News
Quick and dirty Python: masscan, (Tue, May 4th)
The last couple of years I have been trying to ramp up on Python and am increasingly finding that these complicated shell code scripts can be elegantly implemented in Python. The resulting code is way easier to read and way more supportable.
https://isc.sans.edu/diary/rss/27384
Introducing Baserunner: a tool for exploring and exploiting Firebase datastores
In this post well be looking at some risks posed by Firebase, a popular serverless application platform.
https://iosiro.com/blog/baserunner-exploiting-firebase-datastores
How Attackers Use Compromised Accounts to Create and Distribute Malicious OAuth Apps
Open authorization or -OAuth- apps add business features and user-interface enhancements to major cloud platforms such as Microsoft 365 and Google Workspace. Unfortunately, they-re also a new threat vector [...]
https://www.proofpoint.com/us/blog/email-and-cloud-threats/how-attackers-use-compromised-accounts-create-and-distribute-malicious
How to Stop the Popups
McAfee is tracking an increase in the use of deceptive popups that mislead some users into taking action, while annoying many others.
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/how-to-stop-the-popups/
Tour de Peloton: Exposed user data
An unauthenticated user could view sensitive information for all users, and snoop on live class statistics and its attendees, despite having a private mode.
https://www.pentestpartners.com/security-blog/tour-de-peloton-exposed-user-data/
Wunderheilmittel Entgiftungspflaster? Vorsicht bei Bestellungen auf nuubu.com!
Die körperliche und psychische Gesundheit mit Hilfe eines Entgiftungspflasters steigern? Das verspricht die litauische Firma -UAB Ekomlita-, die die Webseite nuubu.com betreibt. Wir raten jedoch zu Vorsicht: Rechtliche Vorgaben werden nicht eingehalten.
https://www.watchlist-internet.at/news/wunderheilmittel-entgiftungspflaster-vorsicht-bei-bestellungen-auf-nuubucom/
Vulnerabilities
Jetzt patchen! Kritische Root-Lücken bedrohen Exim-Mail-Server
Bei einer Untersuchung des Codes von Exim sind Sicherheitsforscher auf 21 Sicherheitslücken gestoßen. Angreifer könnten ganze Server übernehmen.
https://heise.de/-6036724
Security updates for Wednesday
Security updates have been issued by Debian (cgal, exim4, and mediawiki), Fedora (axel, libmicrohttpd, libtpms, perl-Image-ExifTool, pngcheck, python-yara, and yara), Gentoo (exim), Mageia (kernel-linus), openSUSE (bind and postsrsd), SUSE (avahi, openexr, p7zip, python-Pygments, python36, samba, sca-patterns-sle11, and webkit2gtk3), and Ubuntu (nvidia-graphics-drivers-390, nvidia-graphics-drivers-418-server, nvidia-graphics-drivers-450, nvidia-graphics-drivers-450-server,[...]
https://lwn.net/Articles/855462/
Advantech WISE-PaaS RMM
This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in Advantech WISE-PaaS RMM, a software platform focused on IoT device remote monitoring and management.
https://us-cert.cisa.gov/ics/advisories/icsa-21-124-01
Delta Electronics CNCSoft ScreenEditor
This advisory contains mitigations for an Out-of-bounds Write vulnerability in Delta Electronics CNCSoft ScreenEditor software management platform.
https://us-cert.cisa.gov/ics/advisories/icsa-21-124-02
Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-8/
Security Bulletin: IBM QRadar SIEM is vulnerable to insecure inter-deployment communication (CVE-2020-4979)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-insecure-inter-deployment-communication-cve-2020-4979/
Security Bulletin: Issues in IBM® Java- SDK Technology Edition affects IBM Security Identity Manager Virtual Appliance (CVE-2020-14577, CVE-2020-14578, CVE-2020-14579)
https://www.ibm.com/blogs/psirt/security-bulletin-issues-in-ibm-java-sdk-technology-edition-affects-ibm-security-identity-manager-virtual-appliance-cve-2020-14577-cve-2020-14578-cve-2020-14579/
Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2021-20401, CVE-2020-4932)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-contains-hard-coded-credentials-cve-2021-20401-cve-2020-4932/
Security Bulletin: IBM QRadar SIEM is vulnerable to Cross Site Scripting (XSS) (CVE-2020-4929)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-cross-site-scripting-xss-cve-2020-4929/
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache httpclient
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-a-vulnerability-in-apache-httpclient-2/
Security Bulletin: IBM QRadar SIEM is vulnerable to path traversal (CVE-2020-4993)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-path-traversal-cve-2020-4993/
Security Bulletin: IBM QRadar SIEM may be vulnerable to a XML External Entity Injection attack (XXE) (CVE-2020-5013)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-may-be-vulnerable-to-a-xml-external-entity-injection-attack-xxe-cve-2020-5013/
Security Bulletin: IBM QRadar SIEM is vulnerable to Cross domain information disclosure (CVE-2020-4883)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-cross-domain-information-disclosure-cve-2020-4883/
Security Bulletin: Apache Tomcat as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2020-13943)
https://www.ibm.com/blogs/psirt/security-bulletin-apache-tomcat-as-used-by-ibm-qradar-siem-is-vulnerable-to-information-disclosure-cve-2020-13943/
CVE-2021-26900: Privilege Escalation Via a Use After Free Vulnerability In win32k
https://www.thezdi.com/blog/2021/5/3/cve-2021-26900-privilege-escalation-via-a-use-after-free-vulnerability-in-win32k