[CERT-daily] Tageszusammenfassung - 23.12.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 22-12-2020 18:00 − Mittwoch 23-12-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Emotet Returns to Hit 100K Mailboxes Per Day ∗∗∗
---------------------------------------------
Just in time for the Christmas holiday, Emotet is sending the gift of Trickbot.
---------------------------------------------
https://threatpost.com/emotet-returns-100k-mailboxes/162584/


∗∗∗ Sicherheitsalbtraum: Viele vernetzte Türklingeln lassen Hacker ins Haus ∗∗∗
---------------------------------------------
Günstige digitale Videoklingeln weisen schwere Sicherheitslücken wie Authentifizierungsprobleme auf und werden teils schon mit Softwarefehlern geliefert.
---------------------------------------------
https://heise.de/-4998372


∗∗∗ Millions of Devices Affected by Vulnerabilities Used in Stolen FireEye Tools ∗∗∗
---------------------------------------------
Millions of devices are exposed to potential attacks exploiting the vulnerabilities used in the tools that threat actors recently stole from FireEye, security and compliance solutions provider Qualys reported on Tuesday.
---------------------------------------------
https://www.securityweek.com/millions-devices-affected-vulnerabilities-used-stolen-fireeye-tools


∗∗∗ Video: So erkennen Sie betrügerische Notdienste! ∗∗∗
---------------------------------------------
Bei einem Wasserrohrbruch, einem Gasgebrechen oder bei einem Stromausfall, muss es meist schnell gehen. Für die Überprüfung eines Installations- oder Elektrik-Notdienstes bleibt da oft keine Zeit mehr. Das nützen BetrügerInnen aus: Sie bieten online einen Notdienst an, kommen auch tatsächlich, aber stellen viel zu überhöhte Kosten in Rechnung und der Schaden wird oftmals nur oberflächlich behoben.
---------------------------------------------
https://www.watchlist-internet.at/news/video-so-erkennen-sie-betruegerische-notdienste/


∗∗∗ Trendthema BEC-Attacken und COVID-19-Scamming ∗∗∗
---------------------------------------------
Spear-Phishing, Business Email Compromise (BEC) oder Cyberbetrug im Zusammenhang mit COVID-19 sind Beispiele, wie sich Angreifer schnell an aktuelle Ereignisse anpassen und neue Tricks anwenden, um Angriffe erfolgreich auszuführen, wie der Spear-Phishing-Report 2020 von Barracuda zeigt.
---------------------------------------------
https://www.zdnet.de/88391006/trendthema-bec-attacken-und-covid-19-scamming/


∗∗∗ Hentai Oniichan Ransomware ∗∗∗
---------------------------------------------
VMRay has published a blog detailing a ransomware package called Hentai Oniichan. Two variants of this family, King Engine and Beserker, were observed in the wild during their investigation.
---------------------------------------------
https://exchange.xforce.ibmcloud.com/collection/1b1c396cce25259b8bc5e806b3511775



=====================
=  Vulnerabilities  =
=====================

∗∗∗ QNAP fixes high severity QTS, QES, and QuTS hero vulnerabilities ∗∗∗
---------------------------------------------
QNAP has released security updates to fix multiple high severity security vulnerabilities impacting network-attached storage (NAS) devices running the QES, QTS, and QuTS hero operating systems.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/qnap-fixes-high-severity-qts-qes-and-quts-hero-vulnerabilities/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (awstats and mediawiki), Fedora (mbedtls and pngcheck), openSUSE (firefox and thunderbird), Oracle (gnutls, go-toolset:ol8, pacemaker, postgresql:10, postgresql:12, and postgresql:9.6), and SUSE (clamav, groovy, jetty-minimal, and xen).
---------------------------------------------
https://lwn.net/Articles/841163/


∗∗∗ Security Advisory - Memory Leak Vulnerability in Huawei CloudEngine Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201223-01-cloudengine-en


∗∗∗ Security Bulletin: Multiple Vulnerabilities in Websphere Liberty server (WLP) affects IBM Cloud Application Business Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-websphere-liberty-server-wlp-affects-ibm-cloud-application-business-insights/


∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to a Denial of Service on Windows (CVE-2020-4642) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-denial-of-service-on-windows-cve-2020-4642/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM SDK, Java affects IBM Cloud Application Business Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-affects-ibm-cloud-application-business-insights/


∗∗∗ cURL vulnerability CVE-2019-5482 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K41523201


∗∗∗ Asterisk: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1259


∗∗∗ QNAP NAS: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1261


∗∗∗ Grafana: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1260


∗∗∗ Joomla: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1256

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily