[CERT-daily] Tageszusammenfassung - 01.09.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 31-08-2020 18:00 − Dienstag 01-09-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Hackers are backdooring QNAP NAS devices with 3-year old RCE bug ∗∗∗
---------------------------------------------
Hackers are scanning for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions, trying to exploit a remote code execution (RCE) vulnerability addressed by QNAP in a previous release.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-are-backdooring-qnap-nas-devices-with-3-year-old-rce-bug/


∗∗∗ DLL Fixer leads to Cyrat Ransomware ∗∗∗
---------------------------------------------
A new ransomware uses an unusual symmetric encryption method named "Fernet". It is Python based and appends .CYRAT to encrypted files.
---------------------------------------------
https://feeds.feedblitz.com/~/634890360/0/gdatasecurityblog-en~DLL-Fixer-leads-to-Cyrat-Ransomware


∗∗∗ Notarisierte Mac-Malware: Apple beglaubigte offenbar mehrfach Trojaner ∗∗∗
---------------------------------------------
Apples Notarisierungsdienst soll Mac-Nutzer vor Malware schützen. Nun beglaubigte der Hersteller auch den notorischen Schädling "Shlayer".
---------------------------------------------
https://heise.de/-4882770


∗∗∗ New web skimmer steals credit card data, sends to crooks via Telegram ∗∗∗
---------------------------------------------
Criminals steal payment data from online shoppers by abusing the Telegram instant messaging API, inserting credit card skimming code.
---------------------------------------------
https://blog.malwarebytes.com/web-threats/2020/09/web-skimmer-steals-credit-card-data-via-telegram/


∗∗∗ Quarterly Report: Incident Response trends in Summer 2020 ∗∗∗
---------------------------------------------
By David Liebenberg and Caitlin Huey. For the fifth quarter in a row, Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape. Infections involved a wide variety of malware families including Ryuk, Maze, LockBit, and Netwalker, among others. In a continuation of trends observed in last quarter’s report, these ransomware attacks have relied much less on commodity trojans such as Emotet and Trickbot.
---------------------------------------------
https://blog.talosintelligence.com/2020/09/CTIR-quarterly-trends-Q4-2020.html


∗∗∗ Gratis iPhone 11 oder Samsung Galaxy S20 durch Hofer-Umfrage? ∗∗∗
---------------------------------------------
Kriminelle geben sich als Hofer aus und versenden wahllos E-Mails, in denen behauptet wird, Ihre E-Mail- bzw. IP-Adresse sei ausgewählt worden. Sie sollen daher an einer kurzen Umfrage teilnehmen und dadurch ein kostenloses iPhone 11 oder Samsung Galaxy S20 erhalten. Vorsicht: Die E-Mail stammt nicht von Hofer, Sie erhalten kein Smartphone geschenkt und Sie landen in einer teuren Abo-Falle!
---------------------------------------------
https://www.watchlist-internet.at/news/gratis-iphone-11-oder-samsung-galaxy-s20-durch-hofer-umfrage/


∗∗∗ Cybersquatting: Attackers Mimicking Domains of Major Brands Including Facebook, Apple, Amazon and Netflix to Scam Consumers ∗∗∗
---------------------------------------------
Our researchers analyzed data on cybersquatting to learn which domains attackers most often mimic and other key details of the practice.
---------------------------------------------
https://unit42.paloaltonetworks.com/cybersquatting/


∗∗∗ "Accessible Ubiquiti Service Discovery": Erster Datenfeed in der Taxonomie "Intrusions" ∗∗∗
---------------------------------------------
Ubiquiti Geräte benutzen ein Discovery Protokoll, um sich gegenseitig automatisch zu erkennen. Während das innerhalb des eigenen Netzwerks nützlich sein kann, machen fehlerhaft konfigurierte Geräte eine Vielzahl an Daten über sich öffentlich abrufbar. Als wäre dieses Problem nicht genug, gab es in älteren Firmware-Versionen eine Schwachstelle, die eine automatisierte Übernahme der betroffenen Systeme ermöglicht(e).
---------------------------------------------
https://cert.at/de/blog/2020/9/accessible-ubiquiti-service-discovery-erster-datenfeed-in-der-taxonomie-intrusions



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitsupdates: Schutzsoftware von Trend Micro kann PCs gefährden ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitspatches für Trend Micro Apex One und OfficeScan XG.
---------------------------------------------
https://heise.de/-4883268


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (apache2 and libx11), Fedora (batik, ecj, eclipse, eclipse-cdt, eclipse-ecf, eclipse-emf, eclipse-gef, eclipse-m2e-core, eclipse-mpc, eclipse-mylyn, eclipse-remote, eclipse-webtools, firefox, httpd, jetty, lucene, selinux-policy, and univocity-parsers), Mageia (hylafax+), openSUSE (ark and chromium), Red Hat (virt:8.2 and virt-devel:8.2), SUSE (freeradius-server, freerdp, php7, php72, php74, and xorg-x11-server), and Ubuntu (freerdp2, keystone, [...]
---------------------------------------------
https://lwn.net/Articles/830278/


∗∗∗ QNAP NAS: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0857


∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affect IBM Cloud Manager with OpenStack (CVE-2019-2949) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-affect-ibm-cloud-manager-with-openstack-cve-2019-2949/


∗∗∗ Security Bulletin: Vulnerabilities in Faster-XML jackson-databind affects IBM Operations Analytics Predictive Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affects-ibm-operations-analytics-predictive-insights/


∗∗∗ Security Bulletin: Vulnerabilities in Faster-XML jackson-databind affect IBM Operations Analytics Predictive Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-operations-analytics-predictive-insights-4/


∗∗∗ Security Bulletin: IBM® Java™ SDK Technology Edition, Oct 2019, affects IBM Security Identity Manager Virtual Appliance ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-technology-edition-oct-2019-affects-ibm-security-identity-manager-virtual-appliance/


∗∗∗ Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-ibm-sdk-java-technology-edition-for-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoin-4/


∗∗∗ Security Bulletin: Vulnerabilities in Faster-XML jackson affect IBM Operations Analytics Predictive Insights (CVE-2019-14060, CVE-2019-14661, CVE-2019-14662) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-affect-ibm-operations-analytics-predictive-insights-cve-2019-14060-cve-2019-14661-cve-2019-14662/


∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Apache Struts Affect IBM Sterling File Gateway (CVE-2019-0233, CVE-2019-0230) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-apache-struts-affect-ibm-sterling-file-gateway-cve-2019-0233-cve-2019-0230/


∗∗∗ Security Bulletin: Vulnerability in Bash affects IBM Spectrum Protect Plus (CVE-2019-9924) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bash-affects-ibm-spectrum-protect-plus-cve-2019-9924-4/


∗∗∗ Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities – Apache Thrift (CVE-2019-0205) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-apache-thrift-cve-2019-0205/


∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server(Liberty profile) affects IBM Operations Analytics Predictive Insights (CVE-2020-4329) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-serverliberty-profile-affects-ibm-operations-analytics-predictive-insights-cve-2020-4329/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily