[CERT-daily] Tageszusammenfassung - 06.07.2020

Mon Jul 6 18:28:05 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 03-07-2020 18:00 − Montag 06-07-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Neue Welle an betrügerischen Spam-Anrufen in Österreich ∗∗∗
---------------------------------------------
Die Zahl an ungewollten Anrufen ist aktuell wieder am Steigen, auch Robocalls werden mittlerweile in Österreich verzeichnet.
---------------------------------------------
https://futurezone.at/digital-life/neue-welle-an-betruegerischen-spam-anrufen-in-oesterreich/400962179


∗∗∗ Pig in a poke: smartphone adware ∗∗∗
---------------------------------------------
Our support team continues to receive more and more requests from users complaining about intrusive ads on their smartphones from unknown sources.
---------------------------------------------
https://securelist.com/pig-in-a-poke-smartphone-adware/97607/


∗∗∗ The Gafgyt variant vbot seen in its 31 campaigns ∗∗∗
---------------------------------------------
Gafgyt botnets have a long history of infecting Linux devices to launch DDoS attacks. While dozens of variants have been detected, new variants are constantly emerging with changes in terms of register message, exploits, and attacking methods.
---------------------------------------------
https://blog.netlab.360.com/the-gafgyt-variant-vbot-and-its-31-campaigns/


∗∗∗ Intel Owl 1.0.0 released ∗∗∗
---------------------------------------------
Intel Owl is an Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale. It integrates a number of analyzers available online and is for everyone who needs a single point to query for info about a specific file or observable.
---------------------------------------------
https://www.honeynet.org/2020/07/05/intel-owl-release-v1-0-0/


∗∗∗ Sicherheitsupdates F5 BIG-IP: Schadcode-Lücke im Konfigurationstool ∗∗∗
---------------------------------------------
BIG-IP Appliances von F5 sind über mehrere Lücken attackierbar. Darunter findet sich eine kritische Schwachstelle mit Höchstwertung, die Angreifer ausnutzen.
---------------------------------------------
https://heise.de/-4836220


∗∗∗ Let Me Out of Your Net - Egress Testing ∗∗∗
---------------------------------------------
Use-cases:IT Admin, Firewall Admin, or Security staff at a company and want to confirm what ports and protocols are allowed of your network.Pentester that intends to identify ports and protocols that can be used for a pentest to gain C2 outbound.Purple Team testing ports and protocol detection for C2.Egress testing is an exciting problem due to the uniqueness of most networks. You may find fully open networks like those found in many Silicon Valley companies or companies attempting to move to a [...]
---------------------------------------------
https://malicious.link/post/2020/lmo-egress-testing/


∗∗∗ Patchless AMSI bypass using SharpBlock ∗∗∗
---------------------------------------------
Introduction For those that followed my personal blog posts on Creating an EDR and Bypassing It, I developed a new tool called SharpBlock. The tool implements a Windows debugger to [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/patchless-amsi-bypass-using-sharpblock/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitsupdates: Samba-Software für DoS-Attacken anfällig ∗∗∗
---------------------------------------------
In bestimmten Situationen könnten Angreifer Computer mit Samba-Software lahmlegen.
---------------------------------------------
https://heise.de/-4836294


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, php7.0, and thunderbird), Fedora (ceph, gssdp, gupnp, libfilezilla, libldb, mediawiki, python-pillow, python36, samba, and xpdf), Mageia (curl, docker, firefox, libexif, libupnp, libvncserver, libxml2, mailman, ntp, perl-YAML, python-httplib2, tcpreplay, tomcat, and vlc), openSUSE (chocolate-doom, python3, and Virtualbox), Slackware (libvorbis), and SUSE (mozilla-nspr, mozilla-nss, systemd, tomcat, and zstd).
---------------------------------------------
https://lwn.net/Articles/825412/


∗∗∗ Security Bulletin: Security Vulnerabilities in IBM® Java SDK April 2020 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-april-2020-cpu-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology-3/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily