[CERT-daily] Tageszusammenfassung - 28.12.2020

Mon Dec 28 18:10:07 CET 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 23-12-2020 18:00 − Montag 28-12-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Jahresrückblick 2020: Diese Themen beschäftigten uns heuer! ∗∗∗
---------------------------------------------
Die Corona-Krise hat 2020 die ganze Welt in Atem gehalten. Auch bei der Watchlist Internet blieb die Corona-Krise nicht unbemerkt. Kriminelle nutzten die globale Gesundheitskrise für verschiedene Betrugsmaschen – von Fake-Shops, die Atemschutzmasken in ihr Angebot aufnahmen, über betrügerische Jobangebote bis hin zu Phishing-Nachrichten. Ebenfalls mit verschiedenen Betrugsmaschen in Verbindung steht der wachsende Trend von unseriöser Werbung. Fake-Shops werden dabei [...]
---------------------------------------------
https://www.watchlist-internet.at/news/jahresrueckblick-2020-diese-themen-beschaeftigten-uns-heuer/


∗∗∗ Amazon-Geschenkkarte mit Banking-Trojaner Dridex ∗∗∗
---------------------------------------------
Ein unwillkommenes Mitbringsel präsentiert eine angebliche Amazon-Geschenkkarte. Unaufmerksame Verbraucher werden mit dem Banking-Trojaner Dridex bestohlen.
---------------------------------------------
https://www.zdnet.de/88391026/amazon-geschenkkarte-mit-banking-trojaner-dridex/


∗∗∗ Hacker missbrauchen Citrix-Geräte für DDoS-Attacken ∗∗∗
---------------------------------------------
Bedrohungsakteure haben eine Möglichkeit entdeckt, Junk-Web-Traffic gegen Citrix ADC-Netzwerkgeräte zu verstärken, um Distributed Denial of Service (DDoS)-Angriffe zu starten.
---------------------------------------------
https://www.zdnet.de/88391041/hacker-missbrauchen-citrix-geraete-fuer-ddos-attacken/


∗∗∗ DevOps und Security im Einklang ∗∗∗
---------------------------------------------
DevOps-Teams sehen Sicherheit oft als Innovationsbremse. Wir geben einige Tipps, wie Sie effektive Entwicklerarbeit und Security unter einen Hut bringen.
---------------------------------------------
https://www.zdnet.de/88391052/devops-und-security-im-einklang/


∗∗∗ CrowdStrike releases free Azure security tool after failed hack ∗∗∗
---------------------------------------------
Leading cybersecurity firm CrowdStrike was notified by Microsoft that threat actors had attempted to read the companys emails through compromised by Microsoft Azure credentials.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/crowdstrike-releases-free-azure-security-tool-after-failed-hack/


∗∗∗ GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic ∗∗∗
---------------------------------------------
A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/github-hosted-malware-calculates-cobalt-strike-payload-from-imgur-pic/


∗∗∗ Multi-platform card skimmer found on Shopify, BigCommerce stores ∗∗∗
---------------------------------------------
A recently discovered multi-platform credit card skimmer can harvest payment info on compromised stores powered by Shopify, BigCommerce, Zencart, and Woocommerce.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/multi-platform-card-skimmer-found-on-shopify-bigcommerce-stores/


∗∗∗ Third-Party APIs: How to Prevent Enumeration Attacks ∗∗∗
---------------------------------------------
Jason Kent, hacker-in-residence at Cequence, walks through online-retail card fraud and what to do about it.
---------------------------------------------
https://threatpost.com/third-party-apis-enumeration-attacks/162589/


∗∗∗ Analysis Dridex Dropper, IoC extraction (guest diary), (Wed, Dec 23rd) ∗∗∗
---------------------------------------------
A couple of weeks ago, I assisted Xavier when he taught FOR610 in (virtual) Frankfurt. Last week, one of our students (Nicklas Keijser) sent us this analysis that we decided to share as a guest diary.
---------------------------------------------
https://isc.sans.edu/diary/rss/26920


∗∗∗ CISA Releases Free Detection Tool for Azure/M365 Environment ∗∗∗
---------------------------------------------
CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and authentication-based attacks seen in multiple sectors.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2020/12/24/cisa-releases-free-detection-tool-azurem365-environment


∗∗∗ The History of DNS Vulnerabilities and the Cloud ∗∗∗
---------------------------------------------
We review the history of DNS vulnerabilities, particularly DNS cache poisoning, examining both past vulnerabilities and more advanced attacks.
---------------------------------------------
https://unit42.paloaltonetworks.com/dns-vulnerabilities/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Project Zero: Schlecht gepatchte Windows-Lücke weiter ausnutzbar ∗∗∗
---------------------------------------------
Eine aktiv ausgenutzte Sicherheitslücke in Windows ist trotz Hinweisen von Google und einem unzureichenden Patch immer noch nicht behoben.
---------------------------------------------
https://www.golem.de/news/project-zero-schlecht-gepatchte-windows-luecke-weiter-ausnutzbar-2012-153063-rss.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (spip and sympa), Gentoo (c-ares, cherokee, curl, dbus, firefox, gdk-pixbuf, haproxy, libass, nss, openssl, pdns, pdns-recursor, php, samba, tomcat, and webkit-gtk), and SUSE (java-1_8_0-ibm, openexr, and python3).
---------------------------------------------
https://lwn.net/Articles/841225/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (xen) and SUSE (flac and openexr).
---------------------------------------------
https://lwn.net/Articles/841243/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (horizon, kitty, python-apt, and roundcube), Fedora (libmaxminddb, mediawiki, mingw-binutils, and thunderbird), Mageia (erlang-rebar3), openSUSE (blosc, ceph, firefox, flac, kdeconnect-kde, openexr, ovmf, PackageKit, python3, thunderbird, and xen), and SUSE (thunderbird).
---------------------------------------------
https://lwn.net/Articles/841378/


∗∗∗ VU#429301: Veritas Backup Exec is vulnerable to privilege escalation due to OPENSSLDIR location ∗∗∗
---------------------------------------------
https://kb.cert.org/vuls/id/429301


∗∗∗ VU#843464: SolarWinds Orion API authentication bypass allows remote command execution ∗∗∗
---------------------------------------------
https://kb.cert.org/vuls/id/843464


∗∗∗ Security Bulletin: IBM MQ is affected by a vulnerability in Eclipse Jetty (CVE-2019-17638) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-vulnerability-in-eclipse-jetty-cve-2019-17638/


∗∗∗ Security Bulletin: tzdata has been updated to tzdata-2020d to address Fiji and Palestine time zone changes ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-tzdata-has-been-updated-to-tzdata-2020d-to-address-fiji-and-palestine-time-zone-changes/


∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Samba affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-samba-affects-ibm-netezza-host-management/


∗∗∗ Linux kernel and TMM vulnerability CVE-2020-25705 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K09604370


∗∗∗ Linux kernel vulnerability CVE-2018-10675 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K40540405

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily