[CERT-daily] Tageszusammenfassung - 16.09.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 15-09-2020 18:00 − Mittwoch 16-09-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Malware greift Microsoft Datenbanken an ∗∗∗
---------------------------------------------
Eine neue Malware-Gang hat sich in den letzten Monaten einen Namen gemacht, indem sie sich in die Datenbank Microsoft SQL Server (MSSQL) gehackt und einen Crypto-Miner installiert hat.
---------------------------------------------
https://www.zdnet.de/88382758/malware-greift-microsoft-datenbanken-an/


∗∗∗ Netflix-KundInnen aufgepasst: Betrügerische E-Mails im Umlauf! ∗∗∗
---------------------------------------------
Derzeit häufen sich Meldungen über betrügerische E-Mails, die angeblich von Netflix stammen. In diesen E-Mails werden die Opfer darum gebeten, ihre Zahlungsinformationen zu aktualisieren, da es Probleme mit der Rechnung gäbe. Die Mails stammen jedoch nicht von Netflix, sondern von Kriminellen, die versuchen an die Kreditkartendaten der EmpfängerInnen zu kommen.
---------------------------------------------
https://www.watchlist-internet.at/news/netflix-kundinnen-aufgepasst-betruegerische-e-mails-im-umlauf/


∗∗∗ This security awareness training email is actually a phishing scam ∗∗∗
---------------------------------------------
​A creative phishing campaign uses an email template that pretends to be a reminder to complete security awareness training from a well-known security company.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/this-security-awareness-training-email-is-actually-a-phishing-scam/


∗∗∗ DNS security best practices: Preventing DNS hijacking, poisoning and redirection ∗∗∗
---------------------------------------------
The importance of DNS The Domain Name System (DNS) is one of the fundamental protocols of the Internet. It provides a lookup service that converts domain names (like google.com) into IP addresses (like 192.168.0.0). While DNS has always been an important protocol, the growing use of cloud-based services has made it even more so.
---------------------------------------------
https://resources.infosecinstitute.com/dns-security-best-practices-preventing-dns-hijacking-poisoning-and-redirection/


∗∗∗ Do Vulnerabilities Ever Get Old? Recent "Mirai" Variant Scanning for 20 Year Old Amanda Version?, (Wed, Sep 16th) ∗∗∗
---------------------------------------------
We always say how network security is changing every day. Take a long lunch, and you may miss a critical exploit. But sometimes, time appears to stand still. We just passed 1.6 Billion seconds in the Unix Epoch. Back when the Unix timestamp still had 9 digits, in the late 90s also known as "pre Y2K", one of the servers you may have used for backups was Amanda (Advanced Maryland Automatic Network Disk Archiver). Still active and alive today, back then Amanda V 2.3 was current.
---------------------------------------------
https://isc.sans.edu/diary/rss/26572


∗∗∗ The Hacker Motive: What Attackers Are Doing with Your Hacked Site ∗∗∗
---------------------------------------------
Yesterday, September 15, 2020, the Wordfence Live team covered The Hacker Motive: What Attackers Are Doing with Your Hacked Site. This companion blog post reviews the motives we discussed live during Wordfence Live and dives deeper into the minds of attackers.
---------------------------------------------
https://www.wordfence.com/blog/2020/09/the-hacker-motive-what-attackers-are-doing-with-your-hacked-site/


∗∗∗ Billions of devices vulnerable to new BLESA Bluetooth security flaw ∗∗∗
---------------------------------------------
New BLESA attack goes after the often ignored Bluetooth reconnection process, unlike previous vulnerabilities, most found in the pairing operation.
---------------------------------------------
https://www.zdnet.com/article/billions-of-devices-vulnerable-to-new-blesa-bluetooth-security-flaw/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco Content Security Management Appliance and Cisco Web Security Appliance Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Content Security Management Appliance (SMA) and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP


∗∗∗ Schadcode-Lücken in Nitro Pro PDF geschlossen ∗∗∗
---------------------------------------------
Es sind wichtige Sicherheitsupdates für die PDF-Anwendung Nitro Pro erschienen.
---------------------------------------------
https://heise.de/-4902752


∗∗∗ IBM: Sicherheitsupdates für zahlreiche Produkte verfügbar ∗∗∗
---------------------------------------------
Seit Anfang voriger Woche hat IBM eine ganze Reihe von Lücken aus seinem Produktportfolio beseitigt – darunter einige mit hohem bis kritischem Schweregrad.
---------------------------------------------
https://heise.de/-4902825


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (libssh, python35, and xen), Oracle (kernel), Red Hat (librepo and mysql:8.0), SUSE (perl-DBI), and Ubuntu (Apache Log4j, Apache XML-RPC, bsdiff, libdbi-perl, luajit, milkytracker, OpenJPEG, ruby-loofah, and ruby-websocket-extensions).
---------------------------------------------
https://lwn.net/Articles/831654/


∗∗∗ Flaws in Philips Patient Monitoring Products Can Lead to Patient Data Exposure ∗∗∗
---------------------------------------------
Multiple vulnerabilities identified in Philips patient monitoring solutions could provide attackers with unauthorized access to patient data. read more
---------------------------------------------
https://www.securityweek.com/flaws-philips-patient-monitoring-products-can-lead-patient-data-exposure


∗∗∗ Security Advisory - Use-after-free Vulnerability in Some Huawei Smart Phone ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200916-01-smartphone-en


∗∗∗ Trend Micro ServerProtect for Linux: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0905


∗∗∗ Node.js: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0904

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily