End-of-Day report
Timeframe: Donnerstag 06-05-2021 18:00 - Freitag 07-05-2021 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Cuba Ransomware partners with Hancitor for spam-fueled attacks
The Cuba Ransomware gang has teamed up with the spam operators of the Hancitor malware to gain easier access to compromised corporate networks.
https://www.bleepingcomputer.com/news/security/cuba-ransomware-partners-with-hancitor-for-spam-fueled-attacks/
MSM: Qualcomm-Modems in Millionen Smartphones angreifbar
Die Modems von Qualcomm könnten aus Android heraus angegriffen werden, um Gespräche mitzuhören.
https://www.golem.de/news/msm-qualcomm-modems-in-millionen-smartphones-angreifbar-2105-156359-rss.html
TsuNAME Vulnerability Can Be Exploited for DDoS Attacks on DNS Servers
Some DNS resolvers are affected by a vulnerability that can be exploited to launch distributed denial-of-service (DDoS) attacks against authoritative DNS servers, a group of researchers warned this week.
https://www.securityweek.com/tsuname-vulnerability-can-be-exploited-ddos-attacks-dns-servers
Grill- und Gartensaison eröffnet: BetrügerInnen locken mit günstigen Angeboten!
Egal ob Werkzeuge zur Pflanzenpflege, ein neuer Griller, Terrassenmöbel oder ein Pool für den Garten: Mit steigenden Temperaturen, nimmt der Bedarf nach diesen Produkten zu. Natürlich lassen da auch BetrügerInnen nicht lange auf sich warten und locken mit günstigen Angeboten für die Grill- und Gartensaison. Wir zeigen Ihnen, wo Sie lieber nicht shoppen sollten!
https://www.watchlist-internet.at/news/grill-und-gartensaison-eroeffnet-betruegerinnen-locken-mit-guenstigen-angeboten/
New Moriya rootkit stealthily backdoors Windows systems
Unknown attackers may have been quietly exploiting networks in attacks reaching back to 2018.
https://www.zdnet.com/article/new-moriya-rootkit-stealthily-backdoors-windows-systems/
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks. SQLi and other injection attacks remain the top OWASP and CERT vulnerability. Current detection attempts frequently involve a myriad of regular expressions which are not only brittle and error-prone but also proven by Hanson and Patterson at Black Hat 2005 to never be a complete solution.
https://www.darknet.org.uk/2021/05/libinjection-detect-sql-injection-sqli-and-cross-site-scripting-xss/
Vulnerabilities
Security updates for Friday
Security updates have been issued by Debian (mediawiki and unbound1.9), Fedora (djvulibre and samba), Mageia (ceph, messagelib, and pagure), openSUSE (alpine and exim), Oracle (kernel and postgresql), Scientific Linux (postgresql), and Ubuntu (thunderbird and unbound).
https://lwn.net/Articles/855744/
SYSS-2021-024: XSS-SCHWACHSTELLE IM PRODUKT ADISCON LOGANALYZER (CVE-2021-31738)
Die Loginmaske des Adiscon LogAnalyzer war anfällig für eine Reflected XSS-Schwachstelle. Der Hersteller hat diese bereits mit einem Patch behoben.
https://www.syss.de/pentest-blog/syss-2021-024-xss-schwachstelle-im-produkt-adiscon-loganalyzer-cve-2021-31738
ABB Cybersecurity Advisory - AC 800PEC platform NAME:WRECK vulnerability
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A1892&LanguageCode=en&DocumentPartId=&Action=Launch
ABB Cybersecurity Advisory - Cassia Access Controller for ABB
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108368&LanguageCode=en&DocumentPartId=&Action=Launch
Security Advisory - Out-of-Bounds Write Vulnerability in Some Huawei Products
https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210506-02-outofbounds-en
Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2021-3177
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-openscale-on-cloud-pak-for-data-is-impacted-by-cve-2021-3177/
Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for Interac e-Transfers for Red Hat OpenShift (CVE-2020-5258)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-websphere-application-server-liberty-affects-ibm-financial-transaction-manager-for-interac-e-transfers-for-red-hat-openshift-cve-2020-5258/
Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for Digital Payments for RedHat OpenShift (CVE-2020-5258)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-websphere-application-server-liberty-affects-ibm-financial-transaction-manager-for-digital-payments-for-redhat-openshift-cve-2020-5258/
Security Bulletin: Information disclosure vulnerability may affect IBM Robotic Process Automation Anywher - CVE-2020-4901
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-may-affect-ibm-robotic-process-automation-anywher-cve-2020-4901/