[CERT-daily] Tageszusammenfassung - 25.05.2020

Mon May 25 18:50:42 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 22-05-2020 18:00 − Montag 25-05-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Discord client turned into a password stealer by updated malware ∗∗∗
---------------------------------------------
A threat actor converted the AnarchyGrabber trojan into a new malware that steals passwords and user tokens, disables 2FA, and spreads malware to a victims friends.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/discord-client-turned-into-a-password-stealer-by-updated-malware/


∗∗∗ Portscan: Ebay.de scannt den Rechner auf offene Ports ∗∗∗
---------------------------------------------
Mit einem Javascript werden 14 Ports auf dem lokalen PC abgeklopft.
---------------------------------------------
https://www.golem.de/news/portscan-ebay-de-scannt-den-rechner-auf-offene-ports-2005-148690-rss.html


∗∗∗ 70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs ∗∗∗
---------------------------------------------
A lack of awareness about where and how open-source libraries are being used is problematic, researchers say.
---------------------------------------------
https://threatpost.com/70-of-apps-open-source-bugs/156040/


∗∗∗ New activity of DoubleGuns‘ gang, control hundreds of thousands of bots via public cloud service ∗∗∗
---------------------------------------------
Recently, our DNS data based threat monitoning system DNSmon flagged a suspicious domain pro.csocools.com. The system estimates the scale of infection may well above hundreds of thousands of users. By analyzing the related samples and C2s,We traced its family back to the ShuangQiang(double gun) campaign, [...]
---------------------------------------------
https://blog.netlab.360.com/shuangqiang/


∗∗∗ AgentTesla Delivered via a Malicious PowerPoint Add-In, (Sat, May 23rd) ∗∗∗
---------------------------------------------
Attackers are always trying to find new ways to deliver malicious code to their victims. Microsoft Word and Excel are documents that can be easily weaponized by adding malicious VBA macros. Today, they are one of the most common techniques to compromise a computer. Especially because Microsoft implemented automatically executed macros when the document is opened. In Word, the macro must be named AutoOpen(). In Excel, the name must be Workbook_Open(). However, PowerPoint does not support this [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/26162


∗∗∗ Securing SSH: What To Do and What Not To Do ∗∗∗
---------------------------------------------
The SSH service is critical, ensuring its security is key. This blog will describe how best to secure the SSH service from threat actors.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/securing-ssh-what-to-do-and-what-not-to-do/


∗∗∗ Thousands of enterprise systems infected by new Blue Mockingbird malware gang ∗∗∗
---------------------------------------------
Hackers are exploiting a dangerous and hard to patch vulnerability to go after enterprise servers.
---------------------------------------------
https://www.zdnet.com/article/thousands-of-enterprise-systems-infected-by-new-blue-mockingbird-malware-gang/


∗∗∗ Insidious Android malware gives up all malicious features but one to gain stealth ∗∗∗
---------------------------------------------
ESET researchers detect a new way of misusing Accessibility Service, the Achilles’ heel of Android security
---------------------------------------------
https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Apples iPhone und iPad: Aktueller Jailbreak für iOS 13.5 nutzt Zero-Day-Lücke aus ∗∗∗
---------------------------------------------
Kurz nach der Veröffentlichung von iOS 13.5 ist ein Jailbreak erschienen. Damit wird das Sicherheitssystem in iOS und iPadOS ausgehebelt.
---------------------------------------------
https://www.golem.de/news/apples-iphone-und-ipad-aktueller-jailbreak-fuer-ios-13-5-nutzt-zero-day-luecke-aus-2005-148678-rss.html


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, dovecot, openconnect, and powerdns-recursor), Debian (cracklib2, feh, netqmail, ruby-rack, tomcat7, and transmission), Fedora (dovecot, kernel, log4net, openconnect, python-markdown2, and unbound), Mageia (ansible, clamav, dovecot, file-roller, glpi, kernel, kernel-linus, libntlm, microcode, nmap, pdns-recursor, unbound, viewvc, and wireshark), openSUSE (ant, autoyast2, dpdk, file, freetype2, gstreamer-plugins-base, imapfilter, libbsd, [...]
---------------------------------------------
https://lwn.net/Articles/821347/


∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on FOX615 Multiservice-Multiplexer ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=1KHW003578&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on Relion 670, Relion 650, SAM600-IO Series ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=1MRG035816&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on AFS66x ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=1MRG000001&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on NSD570 Teleprotection Equipment ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=1KHW003577&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on ETL600 Power Line Carrier System ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=1KHW003576&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on REB500 ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=1KHL501885&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on RTU500 series ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=1KGT090327&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-a-netty-vulnerability-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-insights/


∗∗∗ Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-ze ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vyatta-5600-vrouter-software-patches-release-1801-ze-2/


∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-a-netty-vulnerability/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-kernel-vulnerabilities-2/


∗∗∗ Grafana: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0495

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily