[CERT-daily] Tageszusammenfassung - 12.10.2020

Daily end-of-shift report team at cert.at
Mon Oct 12 18:16:18 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 09-10-2020 18:00 − Montag 12-10-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Sophisticated Android Ransomware Executes with the Home Button ∗∗∗
---------------------------------------------
The malware also has a unique machine-learning module.
---------------------------------------------
https://threatpost.com/android-ransomware-home-button/160001/


∗∗∗ Open Packaging Conventions, (Sat, Oct 10th) ∗∗∗
---------------------------------------------
Office files like .docx, .xlsm, ... are Office Open XML (OOXML) files: a ZIP container containing XML files and possibly other file types.
---------------------------------------------
https://isc.sans.edu/diary/rss/26662


∗∗∗ Operation TrickBot – ein globaler Schlag gegen das Botnetz ∗∗∗
---------------------------------------------
ESET Forscher unterstützten den erfolgreichen Schlag gegen eines der größten Botnetze und Schadcode-Verbreiter.
---------------------------------------------
https://www.welivesecurity.com/deutsch/2020/10/12/operation-trickbot-eset-ist-teil-der-globalen-operation-gegen-das-botnetz/


∗∗∗ Deepfake Voice Technology Iterates on Old Phishing Strategies ∗∗∗
---------------------------------------------
As the world of AI and deepfake technology grows more complex, the risk that deepfakes pose to firms and individuals grows increasingly potent. This growing sophistication of the latest software and algorithms has allowed malicious hackers, scammers and cyber criminals who work tirelessly behind the scenes to stay one step ahead of the authorities, making [...]
---------------------------------------------
https://www.tripwire.com/state-of-security/featured/deepfake-voice-technology-phishing-strategies/


∗∗∗ Vorsicht vor dem Fake-Shop sport-monkey.de! ∗∗∗
---------------------------------------------
Über das Wochenende erreichten die Watchlist Internet unzählige Meldungen zu dem Online-Shop sport-monkey.de. Dieser bietet ein breites Sortiment an Sportausrüstung zu schier unglaublichen Preisen an. Die Preise sind aus einem einzigen Grund so niedrig: Es handelt sich um einen Fake-Shop, der trotz Zahlung per Vorkasse keine Waren liefert.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-dem-fake-shop-sport-monkeyde/


∗∗∗ Event Report - A convenient mechanism to edit, visualize and share reports ∗∗∗
---------------------------------------------
MISP is widely known as a powerful tool to gather, correlate and share information. As a response to the growing information-sharing maturity of the community, more features have been introduced over the past few years to meet analyst skills and requirements.
---------------------------------------------
https://www.misp-project.org/2020/10/08/Event-Reports.html


∗∗∗ Hacker nutzen Bugs in VPN und Windows Netlogon ∗∗∗
---------------------------------------------
Angreifer verschaffen sich Zugang zu Behördennetzwerken, indem sie gezielt Schwachstellen in VPN-Systemen und Windows Netlogon ausnutzen.
---------------------------------------------
https://www.zdnet.de/88383319/hacker-nutzen-bugs-in-vpn-und-windows-netlogon/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Citrix Hypervisor Security Update ∗∗∗
---------------------------------------------
A previous version of this bulletin had links to hotfixes that addressed the security issues but caused stability issues for some deployments that were using the Hypervisor Introspection (HVI) functionality of Citrix Hypervisor.  Customers who are not using HVI functionality and who have already applied the earlier updates need take no further action.
---------------------------------------------
https://support.citrix.com/article/CTX282314


∗∗∗ Atlassian Jira Software: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-0970


∗∗∗ phpMyAdmin: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-0969


∗∗∗ Reflected Cross-Site Scripting and Unauthenticated Malicious File Upload in Sage DPW ∗∗∗
---------------------------------------------
https://sec-consult.com/./en/blog/advisories/reflected-cross-site-scripting-and-unauthenticated-malicious-file-upload-in-sage-dpw-cve-2020-26584/


∗∗∗ Security Bulletin: IBM InfoSphere Information Server is vulnerable to HTML injection. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-vulnerable-to-html-injection/


∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to deserialization of untrusted data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-deserialization-of-untrusted-data-2/


∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-cve-2020-4386-3/


∗∗∗ Security Bulletin: IBM InfoSphere Metadata Asset Manager is vulnerable to stored cross-site scripting. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-metadata-asset-manager-is-vulnerable-to-stored-cross-site-scripting/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an SQLite vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-sqlite-vulnerability-6/


∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-buffer-overflow-leading-to-a-privileged-escalation-cve-2020-4363-4/


∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure and denial of service (CVE-2020-4414) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-and-denial-of-service-cve-2020-4414-3/


∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4387) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-cve-2020-4387-3/


∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to a denial of service attack (CVE-2020-4420) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-denial-of-service-attack-cve-2020-4420-2/


∗∗∗ Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-db2-shipped-with-ibm-license-metric-tool-v9-2/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list