[CERT-daily] Tageszusammenfassung - 02.07.2020

Thu Jul 2 18:17:42 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 01-07-2020 18:00 − Donnerstag 02-07-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ TrickBot malware now checks screen resolution to evade analysis ∗∗∗
---------------------------------------------
The infamous TrickBot trojan has started to check the screen resolutions of victims to detect whether the malware is running in a virtual machine.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/trickbot-malware-now-checks-screen-resolution-to-evade-analysis/


∗∗∗ GoldenSpy backdoor installed by tax software gets remotely removed ∗∗∗
---------------------------------------------
As soon as security researchers uncovered the activity of GoldenSpy backdoor, the actor behind it fell back and delivered an uninstall tool to remove all traces of the malware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/goldenspy-backdoor-installed-by-tax-software-gets-remotely-removed/


∗∗∗ FakeSpy Android Malware Spread Via ‘Postal-Service’ Apps ∗∗∗
---------------------------------------------
New ‘smishing’ campaigns from the Roaming Mantis threat group infect Android users with the FakeSpy infostealer.
---------------------------------------------
https://threatpost.com/fakespy-android-malware-spread-via-postal-service-apps/157102/


∗∗∗ Setting up the Dshield honeypot and tcp-honeypot.py, (Wed, Jul 1st) ∗∗∗
---------------------------------------------
After Johannes did his Tech Tuesday presentation last week on setting up Dshield honeypots, I thought I'd walk you through how I setup my honeypots.
---------------------------------------------
https://isc.sans.edu/diary/rss/26302


∗∗∗ PhishINvite with Malicious ICS Files ∗∗∗
---------------------------------------------
Employing a popular type of file as an attachment to malicious emails is a common trick by cybercriminals to boost the success rate of their cyber-attacks. As iCalendars files are not included in the list of automatically blocked attachments by email clients like Outlook, the possibility of the maliciously crafted iCalendar falling to the targets’ mailbox is increased.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishinvite-with-malicious-ics-files/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium and firefox-esr), Fedora (chromium and ntp), SUSE (ntp and unbound), and Ubuntu (libvncserver).
---------------------------------------------
https://lwn.net/Articles/825070/


∗∗∗ Cisco AnyConnect Secure Mobility Client for Mac OS File Corruption Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-dos-36s2y3Lv


∗∗∗ Cisco Small Business Smart and Managed Switches Session Management Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbswitch-session-JZAS5jnY


∗∗∗ Cisco Small Business RV042 and RV042G Routers Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3


∗∗∗ Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlt-ise-strd-xss-nqFhTtx7


∗∗∗ Cisco Digital Network Architecture Center Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-info-disc-6xsCyDYy


∗∗∗ Cisco Unified Customer Voice Portal Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvp-info-dislosure-NZBEwj9V


∗∗∗ Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq


∗∗∗ Cisco Unified Communications Products Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-cuc-imp-xss-OWuSYAp


∗∗∗ Cisco Small Business Smart and Managed Switches Session Management Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbswitch-session-JZAS5jnY


∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects Rational Asset Analyzer ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-rational-asset-analyzer/


∗∗∗ Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-affected-by-a-websphere-application-server-vulnerability-4/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Asset Analyzer ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-asset-analyzer-2/


∗∗∗ Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-affected-by-a-websphere-application-server-vulnerability-3/


∗∗∗ Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-affected-by-a-websphere-application-server-vulnerability-2/


∗∗∗ Security Bulletin: Asset Analyzer (RAA) is affected by two WebSphere Application Server vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-affected-by-two-websphere-application-server-vulnerabilities/


∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Netcool Impact (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-tivoli-netcool-impact-cve-2020-2654/


∗∗∗ Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-raa-is-affected-by-a-websphere-application-server-vulnerability-3/


∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect Rational Asset Analyzer. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-rational-asset-analyzer/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily