[CERT-daily] Tageszusammenfassung - 30.10.2020

Fri Oct 30 18:21:53 CET 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 29-10-2020 18:00 − Freitag 30-10-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ „2. Lockdown! Krise! Was jetzt?“ – SMS bewirbt betrügerische Investment-Plattform ∗∗∗
---------------------------------------------
Eine Verschärfung der Corona-Maßnahmen bedeutet für viele Menschen weniger Einkommen. Das wissen auch BetrügerInnen. Sie nutzen diese Notsituation bewusst aus. So kursiert derzeit eine betrügerische SMS, in der eine scheinbar einfache Lösung angeboten wird: Das Investieren in Bitcoins – allerdings auf einer unseriösen Plattform. Die Schadenssummen, die dabei entstehen, reichen von 200 Euro bis weit über 100.000 Euro. Löschen Sie daher die SMS!
---------------------------------------------
https://www.watchlist-internet.at/news/2-lockdown-krise-was-jetzt-sms-bewirbt-betruegerische-investment-plattform/


∗∗∗ [SANS ISC] Quick Status of the CAA DNS Record Adoption ∗∗∗
---------------------------------------------
I published the following diary on isc.sans.edu: “Quick Status of the CAA DNS Record Adoption“: In 2017, we already published a guest diary about “CAA” or “Certification Authority Authorization”. I was curious about the status of this technique and the adoption level in 2020. Has it been adopted massively sinceThe post [SANS ISC] Quick Status of the CAA DNS Record Adoption appeared first on /dev/random.
---------------------------------------------
https://blog.rootshell.be/2020/10/30/sans-isc-quick-status-of-the-caa-dns-record-adoption/


∗∗∗ BEC Attacks Targeting Energy and Infrastructure Rise by 93% ∗∗∗
---------------------------------------------
Business email compromise attacks (BEC) have continued to grow in Q3 of 2020, rising by 15% overall compared to Q2, according to Abnormal Security’s Quarterly BEC Report. The average weekly volume of BEC attacks increased quarter-by-quarter in six out of eight industries, with the biggest rise observed in the energy/infrastructure sector, at 93%.
---------------------------------------------
https://www.infosecurity-magazine.com/news/bec-attacks-energy-infrastructure/


∗∗∗ Pktvisor: Open source tool for network visibility ∗∗∗
---------------------------------------------
NS1 announced that pktvisor, a lightweight, open source tool for real-time network visibility, is available on GitHub. The importance of applications and digital services has skyrocketed in 2020. Connectivity and resilience are imperative to keeping people connected and business moving forward. Visibility into network traffic, especially in distributed edge environments and with malicious attacks on the rise, is a critical part of ensuring uptime and performance.
---------------------------------------------
https://www.helpnetsecurity.com/2020/10/30/pktvisor-open-source-tool/


∗∗∗ Oh ... Ransomware hat auch meine Backups verschlüsselt ... Was nun? ∗∗∗
---------------------------------------------
Das Thema Ransomware verfolgt Unternehmen weltweit nun schon ein bis zwei Jahrzehnte [1]. Es ist auch kein Trend zu erkennen, dass sich das bald ändern sollte. Es muss leider vom Gegenteil ausgegangen werden. Die Anzahl an Vorfällen ist besonders in den letzten Jahren gestiegen [2]. Angreifer setzten inzwischen nicht nur auf Verschlüsselung, sondern drohen mit der Veröffentlichung von Unternehmensdaten, welche vor dem Unbrauchbarmachen exfiltriert wurden, um die [...]
---------------------------------------------
https://cert.at/de/blog/2020/10/oh-ransomware-hat-auch-meine-backups-verschlusselt-was-nun


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Attacks exploiting Netlogon vulnerability (CVE-2020-1472) ∗∗∗
---------------------------------------------
Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol (CVE-2020-1472) which was previously addressed in security updates starting on August 11, 2020. If the original guidance is not applied, the vulnerability could allow an attacker to spoof a domain controller account that could be [...]
---------------------------------------------
https://msrc-blog.microsoft.com:443/2020/10/29/attacks-exploiting-netlogon-vulnerability-cve-2020-1472/


∗∗∗ Sicherheitslücken: Nvidia veröffentlicht BMC-Firmware-Updates für DGX-Server ∗∗∗
---------------------------------------------
Aus der AMI BMC-Firmware für Nvidias Deep-Learning-Server DGX-1, DGX-2 und DGX A100 wurden neun Sicherheitslücken entfernt, von denen eine als kritisch gilt.
---------------------------------------------
https://heise.de/-4943948


∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Synology SRM (Synology Router Manager) ∗∗∗
---------------------------------------------
Cisco Talos recently discovered multiple remote vulnerabilities in software that helps power Synology routers. The bugs exist in Synology Router Manager (SRM) - a Linux-based operating system for Synology routers - and QuickConnect, a feature inside SRM that allows users to remotely connect to their routers. An adversary could use these vulnerabilities to carry out a range of [...]
---------------------------------------------
https://blog.talosintelligence.com/2020/10/vulnerability-spotlight-multiple.html


∗∗∗ October 29, 2020   TNS-2020-07   [R1] Nessus Agent 8.2.0 Fixes One Vulnerability ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2020-07


∗∗∗ October 29, 2020   TNS-2020-08   [R1] Nessus 8.12.1 Fixes One Vulnerability ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2020-08


∗∗∗ Wireshark: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-1054

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily