[CERT-daily] Tageszusammenfassung - 04.09.2020

Fri Sep 4 18:06:41 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 03-09-2020 18:00 − Freitag 04-09-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ FBI: Thousands of orgs targeted by RDoS extortion campaign ∗∗∗
---------------------------------------------
The FBI warns US companies that thousands of organizations around the world, from various industry sectors, have been threatened with DDoS attacks within six days unless they pay a Bitcoin ransom.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fbi-thousands-of-orgs-targeted-by-rdos-extortion-campaign/


∗∗∗ Phishing adds overlay on official company page to steal logins ∗∗∗
---------------------------------------------
A phishing campaign deployed recently at various businesses uses the companys home page to disguise the attack and trick potential victims into providing login credentials.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/phishing-adds-overlay-on-official-company-page-to-steal-logins/


∗∗∗ A blast from the past - XXEncoded VB6.0 Trojan, (Fri, Sep 4th) ∗∗∗
---------------------------------------------
While going over what my e-mail malware quarantine caught during this week, I found a message which made me feel rather nostalgic. Among the usual maldocs, ZIPs and ACEs, there was also an e mail carrying an XXE file in its attachment.
---------------------------------------------
https://isc.sans.edu/diary/rss/26538


∗∗∗ Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2020-17496 ∗∗∗
---------------------------------------------
We provide an analysis of CVE-2020-17496, proof of concept code to demonstrate the vulnerability and information on attacks we have observed.
---------------------------------------------
https://unit42.paloaltonetworks.com/cve-2020-17496/


∗∗∗ Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa ∗∗∗
---------------------------------------------
We observed a variant of the Thanos ransomware that attempted to overwrite the master boot record, a more destructive approach than previous versions.
---------------------------------------------
https://unit42.paloaltonetworks.com/thanos-ransomware/


∗∗∗ Firefox will add a new drive-by-download protection ∗∗∗
---------------------------------------------
Firefox will block automatic downloads initiated from sandboxed iframes -- the technology usually used for web embeds.
---------------------------------------------
https://www.zdnet.com/article/firefox-will-add-a-new-drive-by-download-protection/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (curl, dovecot, geary, httpd, lua, mysql-connector-java, and squid), Mageia (lua and lua5.3, sane, and squid), Oracle (dovecot), Scientific Linux (dovecot), SUSE (java-1_7_1-ibm, kernel, php5, and xorg-x11-server), and Ubuntu (firefox).
---------------------------------------------
https://lwn.net/Articles/830632/


∗∗∗ Security Bulletin: IBM InfoSphere Metadata Asset Manager is vulnerable to stored cross-site scripting and server-side request forgery. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-metadata-asset-manager-is-vulnerable-to-stored-cross-site-scripting-and-server-side-request-forgery/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Apr 2020 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-apr-2020-cpu-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Oct 2019 CPU (CVE-2019-2964, CVE-2019-2989 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-oct-2019-cpu-cve-2019-2964-cve-2019-2989-3/


∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Netcool Agile Service Manager (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-netcool-agile-service-manager-cve-2020-2654/


∗∗∗ Security Bulletin: Improper DLL loading vulnerability affecting Aspera Connect 3.9.9 and earlier ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-improper-dll-loading-vulnerability-affecting-aspera-connect-3-9-9-and-earlier/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily