[CERT-daily] Tageszusammenfassung - 11.11.2020

Daily end-of-shift report team at cert.at
Wed Nov 11 18:11:46 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 10-11-2020 18:00 − Mittwoch 11-11-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Targeted ransomware: it’s not just about encrypting your data! ∗∗∗
---------------------------------------------
When we talk about ransomware, we need to draw a line between what it used to be and what it currently is. Why? Because nowadays ransomware is not just about encrypting data – it’s primarily about data exfiltration.
---------------------------------------------
https://securelist.com/targeted-ransomware-encrypting-data/99255/


∗∗∗ Decrypting OpenSSH sessions for fun and profit ∗∗∗
---------------------------------------------
A while ago we had a forensics case in which a Linux server was compromised and a modified OpenSSH binary was loaded into the memory of a webserver. The modified OpenSSH binary was used as a backdoor to the system for the attackers.
---------------------------------------------
https://blog.fox-it.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/


∗∗∗ So kaufen Sie Weihnachtsgeschenke sicher im Internet ein! ∗∗∗
---------------------------------------------
Damit die Weihnachtsvorfreude nicht durch eine Bestellung bei einem Fake-Shop getrübt wird, zeigen wir Ihnen die wichtigsten Punkte, an denen Sie unseriöse Online-Shops erkennen.
---------------------------------------------
https://www.watchlist-internet.at/news/so-kaufen-sie-weihnachtsgeschenke-sicher-im-internet-ein/


∗∗∗ Play Store identified as main distribution vector for most Android malware ∗∗∗
---------------------------------------------
Mammoth research project using Symantec (now NortonLifeLock) telemetry confirms what everyone suspected.
---------------------------------------------
https://www.zdnet.com/article/play-store-identified-as-main-distribution-vector-for-most-android-malware/


∗∗∗ Neuer Android-Trojaner spioniert 153 mobile Anwendungen aus ∗∗∗
---------------------------------------------
Darunter sind auch vier Apps deutscher Banken. Die Verbreitung erfolgt über Links in Spam-E-Mails. Mithilfe der Android-Bedienungshilfen nistet sich der Trojaner dauerhaft auf einem Gerät ein und erlaubt dessen Fernsteuerung.
---------------------------------------------
https://www.zdnet.de/88389654/neuer-android-trojaner-spioniert-153-mobile-anwendungen-aus/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ NVIDIA fixes severe flaw in GeForce NOW cloud gaming service ∗∗∗
---------------------------------------------
NVIDIA released a security update for the GeForce Now cloud gaming Windows app to address a vulnerability that could allow attackers to execute arbitrary code or escalate privileges on systems running unpatched software.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/nvidia-fixes-severe-flaw-in-geforce-now-cloud-gaming-service/


∗∗∗ VU#231329: Replay Protected Memory Block (RPMB) protocol does not adequately defend against replay attacks ∗∗∗
---------------------------------------------
The Replay Protected Memory Block (RPMB) protocol found in several storage specifications does not securely protect against replay attacks. An attacker with physical access can deceive a trusted component about the status of an RPBM write command or the content of an RPMB area.
---------------------------------------------
https://kb.cert.org/vuls/id/231329


∗∗∗ VU#760767: Macrium Reflect is vulnerable to privilege escalation due to OPENSSLDIR location ∗∗∗
---------------------------------------------
Macrium Reflect contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user can create files.
---------------------------------------------
https://kb.cert.org/vuls/id/760767


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, firefox, gdm, linux-hardened, matrix-synapse, salt, sddm, and wordpress), Debian (firefox-esr, libmaxminddb, and moin), Fedora (cifs-utils, firefox, galera, java-latest-openjdk, mariadb, mariadb-connector-c, and wordpress), Gentoo (blueman, chromium, firefox, mariadb, qemu, salt, tmux, and wireshark), openSUSE (sddm), Oracle (kernel), Red Hat (kernel-alt, microcode_ctl, and rh-nodejs12-nodejs), SUSE (kernel, microcode_ctl, openldap2,
---------------------------------------------
https://lwn.net/Articles/836897/


∗∗∗ Patchday: Microsoft schließt Kernel-Lücke in Windows ∗∗∗
---------------------------------------------
Es sind über 100 Sicherheitsupdates für Microsoft Office, Windows & Co. erschienen. Eine Lücke nutzen Angreifer derzeit aktiv aus.
---------------------------------------------
https://heise.de/-4954195


∗∗∗ Security Advisory - Command Injection Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201111-02-injection-en


∗∗∗ XSA-351 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-351.html


∗∗∗ Citrix Systems Virtual Apps and Desktops: Mehrere Schwachstellen ermöglichen Erlangen von Administratorrechten ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-1107

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list