[CERT-daily] Tageszusammenfassung - 22.06.2020

Daily end-of-shift report team at cert.at
Mon Jun 22 18:17:20 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 19-06-2020 18:00 − Montag 22-06-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Top 8 tips for office security when employees are working from home ∗∗∗
---------------------------------------------
Who’s minding the store? Cybersecurity has become even more high profile during the current COVID-19 pandemic. A recent warning from the UK National Cyber Security Centre and the US Department of Homeland Security talks of state-backed hackers targeting healthcare organizations. Many other examples of pandemic-focused cyberattacks have popped up since the coronavirus appeared.
---------------------------------------------
https://resources.infosecinstitute.com/top-8-tips-for-office-security-when-employees-are-working-from-home/


∗∗∗ Web skimming with Google Analytics ∗∗∗
---------------------------------------------
Recently, we identified several cases where Google Analytics was misused: attackers injected malicious code into sites, which collected all the data entered by users, and then sent it via Analytics.
---------------------------------------------
https://securelist.com/web-skimming-with-google-analytics/97414/


∗∗∗ Pi Zero HoneyPot , (Sat, Jun 20th) ∗∗∗
---------------------------------------------
The ISC has had a Pi honeypot(1) for the last couple of years, but I haven't had much time to try it on the Pi zero. Recently, I've had a chance to try it out, and it works great.
---------------------------------------------
https://isc.sans.edu/diary/rss/26260


∗∗∗ Hijacking DLLs in Windows ∗∗∗
---------------------------------------------
DLL Hijacking is a popular technique for executing malicious payloads. This post lists nearly 300 executables vulnerable to relative path DLL Hijacking on Windows 10 (1909), and shows how with a few lines of VBScript some of the DLL hijacks can be executed with elevated privileges, bypassing UAC.
---------------------------------------------
https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows


∗∗∗ Turn on MFA Before Crooks Do It For You ∗∗∗
---------------------------------------------
Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who dont take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Heres the story of one such incident.
---------------------------------------------
https://krebsonsecurity.com/2020/06/turn-on-mfa-before-crooks-do-it-for-you/


∗∗∗ Achtung vor gefährlicher "BawagPSK" Phishing-SMS ∗∗∗
---------------------------------------------
BetrügerInnen senden derzeit eine SMS-Nachricht im Namen der BAWAG P.S.K. aus. Als Absender wird keine Telefonnummer, sondern „BawagPSK“ angegeben. Laut der Nachricht müssen Sie einem Link folgen, um eine Anfrage zu Ihrem mobilen Banking zu bestätigen. Folgen Sie dem Link nicht! Er führt auf eine gefälschte Website und eingegebene Daten landen direkt in den Händen der Kriminellen.
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-vor-gefaehrlicher-bawagpsk-phishing-sms/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitsupdate: Firmware-Bug gefährdet XG Firewalls von Sophos ∗∗∗
---------------------------------------------
Angreifer könnten über ein Schlupfloch in Sophos XG Firewalls Schadcode in Netzwerken ausführen.
---------------------------------------------
https://heise.de/-4790793


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (lynis, mutt, neomutt, ngircd, and rails), Mageia (gnutls), Oracle (thunderbird), Red Hat (chromium-browser, gnutls, grafana, thunderbird, and unbound), Scientific Linux (thunderbird and unbound), and SUSE (bind, java-1_8_0-openjdk, kernel, libgxps, and osc).
---------------------------------------------
https://lwn.net/Articles/824113/


∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Elastic Elasticsearch ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-elastic-elasticsearch/


∗∗∗ Security Bulletin: OpenSSL for IBM i is affected by CVE-2020-1967 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affected-by-cve-2020-1967/


∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management/


∗∗∗ Security Bulletin: Potential vulnerability with FasterXML jackson-databind ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-fasterxml-jackson-databind/


∗∗∗ Security Bulletin: Multiple potential vulnerabilities in Node.js ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-potential-vulnerabilities-in-node-js/


∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-java/


∗∗∗ Security Bulletin: Apache Commons FileUpload (Publicly disclosed vulnerability) in IBM eDiscovery Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-fileupload-publicly-disclosed-vulnerability-in-ibm-ediscovery-manager/


∗∗∗ Security Bulletin: January 2020 Critical Patch Update for Java ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-january-2020-critical-patch-update-for-java/


∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-6/


∗∗∗ Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-server-security-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list