[CERT-daily] Tageszusammenfassung - 10.09.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 09-09-2020 18:00 − Donnerstag 10-09-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ ProLock ransomware increases payment demand and victim count ∗∗∗
---------------------------------------------
Using standard tactics, the operators of ProLock ransomware were able to deploy a large number of attacks over the past six months, averaging close to one target every day.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/prolock-ransomware-increases-payment-demand-and-victim-count/


∗∗∗ An overview of targeted attacks and APTs on Linux ∗∗∗
---------------------------------------------
Perhaps unsurprisingly, a lot has been written about targeted attacks on Windows systems. Windows is, due to its popularity, the platform for which we discover most APT attack tools. At the same time, there’s a widely held opinion that Linux [...]
---------------------------------------------
https://securelist.com/an-overview-of-targeted-attacks-and-apts-on-linux/98440/


∗∗∗ Zeppelin Ransomware Returns with New Trojan on Board ∗∗∗
---------------------------------------------
The malware has popped up in a targeted campaign and a new infection routine.
---------------------------------------------
https://threatpost.com/zeppelin-ransomware-returns-trojan/159092/


∗∗∗ O365 Phishing Attack Used Real-Time Validation against Active Directory ∗∗∗
---------------------------------------------
A phishing attack used real-time validation against an organization’s Active Directory in order to steal users’ Office 365 credentials. According to Armorblox, the phishing attack targeted an executive working at an American brand that was named one of the world’s Top 50 most innovative companies for 2019 on a Friday evening. The email used spoofing [...]
---------------------------------------------
https://www.tripwire.com/state-of-security/security-data-protection/o365-phishing-attack-used-real-time-validation-against-active-directory/


∗∗∗ BLURtooth Vulnerability Can Allow Bluetooth MITM Attacks ∗∗∗
---------------------------------------------
A security vulnerability in the Cross-Transport Key Derivation (CTKD) of devices supporting both Bluetooth BR/EDR and LE could allow an attacker to overwrite encryption keys, researchers have discovered.
---------------------------------------------
https://www.securityweek.com/blurtooth-vulnerability-can-allow-bluetooth-mitm-attacks


∗∗∗ Fake Gewinnspiel mit Cineplexx-Gutschein lockt in Abo-Falle ∗∗∗
---------------------------------------------
Auf Facebook wird über Anzeigen und den Facebook-Messenger ein Gewinnspiel beworben. Sie wurden angeblich, ausgewählt Gutscheine für Cineplexx-Kinos zu erhalten. Dafür sollen Sie 2 Euro für die Versandkosten mit Ihrer Kreditkarte bezahlen. Achtung: Das Gewinnspiel ist fake, die Gutscheine gibt es nicht und Sie landen in einer Abo-Falle! Cineplexx selbst hat nichts mit diesen Gewinnspielen zu tun.
---------------------------------------------
https://www.watchlist-internet.at/news/fake-gewinnspiel-mit-cineplexx-gutschein-lockt-in-abo-falle/


∗∗∗ New CDRThief malware targets VoIP softswitches to steal call detail records ∗∗∗
---------------------------------------------
Malware targets only two very specific softswitches (software switches): Linknat VOS2009 and VOS3000.
---------------------------------------------
https://www.zdnet.com/article/new-cdrthief-malware-targets-voip-softswitches-to-steal-call-detail-records/


∗∗∗ Ransomware-Attacken vervielfacht ∗∗∗
---------------------------------------------
Die Zahl der Ransomware-Angriffe ist im ersten Halbjahr im Vergleich zum Vorjahr um 715% gestiegen. Die Lösegelderpresser werden immer gefährlicher und sorgen für hohe Schäden.
---------------------------------------------
https://www.zdnet.de/88382645/ransomware-attacken-vervielfacht/


∗∗∗ Recent Dridex activity, (Thu, Sep 10th) ∗∗∗
---------------------------------------------
For the past month or so, I hadn't had any luck finding active malspam campaigns pushing Dridex malware. That changed starting this week, and I've since found several examples. Today's diary reviews an infection from Wednesday September 9th, 2020.
---------------------------------------------
https://isc.sans.edu/diary/rss/26550



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (ark, gnupg, go, opendmarc, and python-django), Debian (libxml2), Gentoo (chromium), Oracle (librepo and thunderbird), Red Hat (dovecot and httpd:2.4), SUSE (avahi, kernel, and openldap2), and Ubuntu (xorg-server).
---------------------------------------------
https://lwn.net/Articles/831178/


∗∗∗ Palo Alto Networks Patches Serious DoS, Code Execution Flaws in PAN-OS ∗∗∗
---------------------------------------------
Palo Alto Networks this week announced that it has patched critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall software. read more
---------------------------------------------
https://www.securityweek.com/palo-alto-networks-patches-serious-dos-code-execution-flaws-pan-os


∗∗∗ PEPPERL+FUCHS/VMT Bildverarbeitungssysteme GmbH: VMT MSS and VMT IS - Several vulnerabilities in products utilizing WIBU SYSTEMS CodeMeter components ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2020-034


∗∗∗ PILZ: Multiple products prone to WIBU CodeMeter vulnerabilities ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2020-033


∗∗∗ avahi: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0892


∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0891


∗∗∗ Security Advisory - Information Leak Vulnerability in Huawei Smartphone ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200909-04-smartphone-en


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise/


∗∗∗ Security Bulletin: Vulnerability in jackson-databind shipped with IBM Cloud Pak System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jackson-databind-shipped-with-ibm-cloud-pak-system/


∗∗∗ Security Bulletin: WebSphere Application Server Admin Console is vulnerable to cross-site scripting (CVE-2020-4578) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-admin-console-is-vulnerable-to-cross-site-scripting-cve-2020-4578/


∗∗∗ Security Bulletin: Vulnerabilities in IBM HTTP Server affects IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-http-server-affects-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise/


∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-http-server-affect-ibm-i/


∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affect IBM Cloud Orchestrator (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-affect-ibm-cloud-orchestrator-cve-2020-2654/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily