[CERT-daily] Tageszusammenfassung - 12.11.2020

Daily end-of-shift report team at cert.at
Thu Nov 12 18:44:59 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 11-11-2020 18:00 − Donnerstag 12-11-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Angeblich Quellcode des Exploit-Toolkits Cobalt Strike durchgesickert ∗∗∗
---------------------------------------------
Auf GitHub findet sich seit fast zwei Wochen ein Repository mit dem Namen CobaltStrike. Es enthält angeblich den Code von Cobalt Strike 4.0. Der Autor entfernt zudem die Lizenzprüfung, was auf eine geknackte Version schließen lässt.
---------------------------------------------
https://www.zdnet.de/88389725/angeblich-quellcode-des-exploit-toolkits-cobalt-strike-durchgesickert/


∗∗∗ Hungrig nach Daten – ModPipe Backdoor bedroht POS‑Software im Gastgewerbe ∗∗∗
---------------------------------------------
Die Backdoor-Autoren verfügen offenbar über umfassende Kenntnisse der Software und entschlüsseln Datenbankkennwörter aus Windows-Registry-Werten.
---------------------------------------------
https://www.welivesecurity.com/deutsch/2020/11/12/hungrig-nach-daten-modpipe-backdoor-bedroht-pos-software-im-gastgewerbe/


∗∗∗ Extrapolating Adversary Intent Through Infrastructure ∗∗∗
---------------------------------------------
Hear from Senior Security Researcher Joe Slowik to discover the significance behind domain name patterns and learn how defenders can use these thematic insights to further their security operations.
---------------------------------------------
https://www.domaintools.com/resources/blog/extrapolating-adversary-intent-through-infrastructure


∗∗∗ 2 More Google Chrome Zero-Days Under Active Exploitation ∗∗∗
---------------------------------------------
Browser users are once again being asked to patch severe vulnerabilities that can lead to remote code execution.
---------------------------------------------
https://threatpost.com/2-zero-day-bugs-google-chrome/161160/


∗∗∗ Preventing Exposed Azure Blob Storage, (Thu, Nov 12th) ∗∗∗
---------------------------------------------
In the previous diary, I explained the three public access levels of Azure Blob Storage, and how to investigate the setup for any issues. Until a couple of months ago, there was no reliable way to prevent the problem from occurring in the first place, but thankfully, Microsoft has finally seen the light.
---------------------------------------------
https://isc.sans.edu/diary/rss/26786


∗∗∗ Attacking SCADA Part II: Vulnerabilities in Schneider Electric EcoStruxure Machine Expert and M221 PLC ∗∗∗
---------------------------------------------
We present two vulnerabilities in EcoStruxure Machine Expert v1.0 and Schneider Electric M221 (Firmware 1.10.2.2) Programmable Logic Controller (PLC). All three vulnerabilities were disclosed to Schneider Electric and the details were released on 10 November 2020.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/attacking-scada-part-ii-vulnerabilities-in-schneider-electric-ecostruxure-machine-expert-and-m221-plc/


∗∗∗ Exploring the Exploitability of "Bad Neighbor": The Recent ICMPv6 Vulnerability (CVE-2020-16898) ∗∗∗
---------------------------------------------
We wanted to find out whether something else could be done with this vulnerability, aside from triggering the buffer overflow and causing a blue screen (BSOD)
---------------------------------------------
https://blog.zecops.com/vulnerabilities/exploring-the-exploitability-of-bad-neighbor-the-recent-icmpv6-vulnerability-cve-2020-16898/


∗∗∗ CRAT wants to plunder your endpoints ∗∗∗
---------------------------------------------
Cisco Talos has observed a new version of a remote access trojan (RAT) family known as CRAT. Apart from the prebuilt RAT capabilities, the malware can download and deploy additional malicious plugins on the infected endpoint. One of the plugins is a ransomware known as "Hansom."
---------------------------------------------
https://blog.talosintelligence.com/2020/11/crat-and-plugins.html


∗∗∗ Avionics Safety and Secured Connectivity: A Look at DO-326A/ED-202A, DO-355 and DO-356 ∗∗∗
---------------------------------------------
One of the major improvements that the avionics industry is undergoing is an Internet of Things (IoT) upgrade. And this is inevitably affecting how airlines approach aircraft safety. From the beginning, safety has been paramount to the aviation industry. But while it is a welcome innovation, the incorporation of IoT devices in aircraft comes with [...]
---------------------------------------------
https://www.tripwire.com/state-of-security/regulatory-compliance/avionics-safety-secured-connectivity-do-326a-ed-202a-do-355-do-356/


∗∗∗ Comodo open-sources its EDR solution ∗∗∗
---------------------------------------------
OpenEDR, announced in September, is available on GitHub starting this week.
---------------------------------------------
https://www.zdnet.com/article/comodo-open-sources-its-edr-solution/


∗∗∗ Why you should keep your Netflix password to yourself ∗∗∗
---------------------------------------------
Sharing is caring - except when it isn't. Here’s why you shouldn't share your password for online media services with other people.
---------------------------------------------
https://www.welivesecurity.com/2020/11/11/why-you-should-keep-netflix-password-yourself/


∗∗∗ Cryptominers Exploiting Weblogic RCE CVE-2020-14882 ∗∗∗
---------------------------------------------
Intro Towards the end of October, we started seeing attackers take advantage of a Weblogic RCE vulnerability (CVE-2020-14882). Recently, SANS ISC talked about this vulnerability being exploited in the wild, [...]
---------------------------------------------
https://thedfirreport.com/2020/11/12/cryptominers-exploiting-weblogic-rce-cve-2020-14882/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (codemirror-js, firefox-esr, and pacemaker), Fedora (firefox, java-latest-openjdk, and xen), openSUSE (sddm), Oracle (bind, curl, fence-agents, kernel, librepo, libvirt, python3, qt and qt5-qtbase, and tomcat), SUSE (firefox), and Ubuntu (intel-microcode, openldap, and raptor2).
---------------------------------------------
https://lwn.net/Articles/836994/


∗∗∗ Encryption Vulnerabilities Allow Hackers to Take Control of Schneider Electric PLCs ∗∗∗
---------------------------------------------
Schneider Electric this week released advisories for vulnerabilities impacting various products, including flaws that can be exploited to take control of Modicon M221 programmable logic controllers (PLCs).
---------------------------------------------
https://www.securityweek.com/encryption-vulnerabilities-allow-hackers-take-control-schneider-electric-plcs


∗∗∗ Security Advisory - Denial of Service Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201111-02-dos-en


∗∗∗ Security Bulletin: IBM API Connect V5 is vulnerable to denial of service (CVE-2019-11479) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v5-is-vulnerable-to-denial-of-service-cve-2019-11479/


∗∗∗ Security Bulletin: Vulnerability in HTTPD affects IBM Integrated Analytics System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-httpd-affects-ibm-integrated-analytics-system/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list