Daily October 2020

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - 02.10.2020
by Daily end-of-shift report 02 Oct '20

02 Oct '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 01-10-2020 18:00 − Freitag 02-10-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sichere Software entwickeln mit OWASP SAMM ∗∗∗ --------------------------------------------- Sicherheit ist im gesamten Entwicklungsprozess wichtig, und OWASP SAMM bietet ein flexibles Rahmenwerk zur Umsetzung. --------------------------------------------- https://heise.de/-4918292 ∗∗∗ Common Ways Attackers Are Stealing Credentials ∗∗∗ --------------------------------------------- A few weeks ago, we reviewed some of the worst website hacks we’ve ever seen. Every one of them started with poor password choices and escalated into a disastrous event for the site owner. Strong passwords and good password hygiene are often the first line of defense. --------------------------------------------- https://www.wordfence.com/blog/2020/10/common-ways-attackers-are-stealing-c… ∗∗∗ Massenhaft gefälschte Post-Mails: So entlarven Sie den Betrug! ∗∗∗ --------------------------------------------- Derzeit versenden BetrügerInnen zahlreiche E-Mails im Namen der Post. Die Kriminellen täuschen darin vor, dass Versandkosten fehlen und ein Paket daher nicht zugestellt werden könne. Tatsächlich handelt es sich um einen sogenannten „Phishing-Versuch“. Die Kriminellen versuchen so an Ihre Zugangsdaten zu kommen. Wir erklären Ihnen, wie Sie den Betrug entlarven! --------------------------------------------- https://www.watchlist-internet.at/news/massenhaft-gefaelschte-post-mails-so… ∗∗∗ New service checks if your email was used in Emotet attacks ∗∗∗ --------------------------------------------- A new service has been launched that allows you to check if an email domain or address was in an Emotet spam campaign. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-service-checks-if-your-e… ∗∗∗ QR Codes: A Sneaky Security Threat ∗∗∗ --------------------------------------------- What to watch out for, and how to protect yourself from malicious versions of these mobile shortcuts. --------------------------------------------- https://threatpost.com/qr-codes-sneaky-security-threat/159757/ ∗∗∗ Serious Security: Phishing without links - when phishers bring along their own web pages ∗∗∗ --------------------------------------------- How do you "check the URL before you click" if the web page youre visiting is already on your own computer? --------------------------------------------- https://nakedsecurity.sophos.com/2020/10/02/serious-security-phishing-witho… ∗∗∗ GFX Xsender Hack Tool: A Spam Mailer ∗∗∗ --------------------------------------------- PHP hack tools are created and used by attackers to help automate frequent or tedious tasks. During a recent investigation, we came across a hack tool used to simplify the process of sending predefined HTML emails to a list of email addresses. The tool runs on top of PHPMailer’s library, which handles the connection and sending of the malicious emails. The hack tool also grants the ability to authenticate to an email address on a remote server. --------------------------------------------- https://blog.sucuri.net/2020/10/gfx-xsender-hack-tool-a-spam-mailer.html ∗∗∗ [SANS ISC] Analysis of a Phishing Kit ∗∗∗ --------------------------------------------- I published the following diary on isc.sans.edu: “Analysis of a Phishing Kit“: Sometimes, attackers make mistakes and allow security researchers to access interesting resources. This time, it’s another phishing kit that was left in the wild on the compromised server. --------------------------------------------- https://blog.rootshell.be/2020/10/02/sans-isc-analysis-of-a-phishing-kit/ ===================== = Vulnerabilities = ===================== ∗∗∗ macOS 10.14.6 Supplemental Update ∗∗∗ --------------------------------------------- macOS 10.14.6 Supplemental Update for macOS Mojave includes the security content of Safari 14.0. --------------------------------------------- https://support.apple.com/kb/HT211872 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jruby and ruby2.3), Fedora (crun, pdns, and podman), openSUSE (go1.14 and kernel), Oracle (qemu-kvm and virt:ol), Red Hat (qemu-kvm-ma and thunderbird), SUSE (nodejs10, nodejs12, perl-DBI, permissions, and xen), and Ubuntu (ntp). --------------------------------------------- https://lwn.net/Articles/833343/ ∗∗∗ Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ruby-o… ∗∗∗ Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2020-8166). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ruby-o… ∗∗∗ Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2020-8164). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ruby-o… ∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data – Node.js (CVE-2020-8203) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: App Connect Enterprise Certified Container is vulnerable to CVE-2019-11324 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-ce… ∗∗∗ Security Bulletin: Multiple IBM DB2 Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-s… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to Authentication Bypass (CVE-2020-4493) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: Vulnerability in Apache Commons Codec affects IBM Cúram Social Program Management (177835) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-c… ∗∗∗ Security Bulletin: Multiple IBM DB2 Server Security Vulnerabilities Affect IBM Emptoris Contract Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-s… ∗∗∗ Security Bulletin: Vulnerability in WebSphere Application Server Liberty affect IBM Operations Analytics – Log Analysis (CVE-2020-4590) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-webspher… ∗∗∗ Multiple Vulnerabilities in SevOne Network Management System (NMS) ∗∗∗ --------------------------------------------- https://sec-consult.com/./en/blog/advisories/multiple-vulnerabilities-in-se… ∗∗∗ PHP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0949 ∗∗∗ Trend Micro AntiVirus for Mac: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0948 ∗∗∗ Bitdefender Produkte: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0947 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.10.2020
by Daily end-of-shift report 01 Oct '20

01 Oct '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 30-09-2020 18:00 − Donnerstag 01-10-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Über die Verantwortung, die mit guter JavaScript-Unterstützung einhergeht ∗∗∗ --------------------------------------------- Warum Websites und Apps nicht zwangsläufig "ohne JavaScript funktionieren" müssen - aber sie und wir JavaScript verantwortungsvoller verwenden könnten. --------------------------------------------- https://heise.de/-4907606 ∗∗∗ Keine WhatsApp-Nachrichten für Emojis und Smileys teilen! ∗∗∗ --------------------------------------------- Gehäuft werden WhatsApp-Nachrichten von Kriminellen verschickt, die kostenlose Angebote bewerben und zur weiteren Verbreitung auffordern. Derzeit kursiert eine Betrugsnachricht, die neue Emojis für WhatsApp verspricht, wenn sie 20 mal geteilt wird. Die Nachricht ist fake und führt zu weiteren unseriösen Angeboten. --------------------------------------------- https://www.watchlist-internet.at/news/keine-whatsapp-nachrichten-fuer-emoj… ∗∗∗ Phishing mit Captchas ∗∗∗ --------------------------------------------- Eine Flut von Phishing-E-Mails mit dem Ziel Microsoft Office 365 setzt Captchas ein, um die Opfer in ein Gefühl der Sicherheit zu wiegen. --------------------------------------------- https://www.zdnet.de/88383103/phishing-mit-captchas/ ∗∗∗ IOCs turning into IOOIs, (Thu, Oct 1st) ∗∗∗ --------------------------------------------- Remember, back in the days, when the anti-virus vendors looked with derision at some of their competition, exclaiming "But they are using just SIGNATURES. Our tool detects BEHAVIOURS". That was like 15 years ago. Fast forward to today, with many of the same vendors now selling "threat intelligence feeds" for good money, and the most frequent attributes pushed over these feeds are MD5/SHA1 hashes and IP addresses. The main thing that changed is that we now call these items [...] --------------------------------------------- https://isc.sans.edu/diary/rss/26624 ∗∗∗ Network Detection for ZeroLogon (CVE-2020-1472) ∗∗∗ --------------------------------------------- ZeroLogon has quickly become popular and well known because of multiple proofs of concept and exploits implemented in Python, .NET, Powershell, and Mimikatz implemented a module for it. So if you are an attacker or need to test your environment then you have plenty of options. As defenders, we also have options for detection on the network. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/network-det… ∗∗∗ Evasive URLs in Spam: Part 2 ∗∗∗ --------------------------------------------- A URL can be completely valid, yet still misleading. In this blog, we will present another technique with URLs that we observed in a recent malicious spam campaign. This is the continuation of an earlier blog that discussed how valid URL formats can be used in evading detection. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/evasive-url… ∗∗∗ Detecting Microsoft 365 and Azure Active Directory Backdoors ∗∗∗ --------------------------------------------- Mandiant has seen an uptick in incidents involving Microsoft 365 (M365) and Azure Active Directory (Azure AD). Most of these incidents are the result of a phishing email coercing a user to enter their credentials used for accessing M365 into a phishing site. Other incidents have been a result of password spraying, password stuffing, or simple brute force attempts against M365 tenants. In almost all of these incidents, the user or account was not protected by multi-factor authentication (MFA). --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/09/detecting-microsoft-365… ∗∗∗ Three immediate steps to take to protect your APIs from security risks ∗∗∗ --------------------------------------------- In one form or another, APIs have been around for years, bringing the benefits of ease of use, efficiency and flexibility to the developer community. The advantage of using APIs for mobile and web apps is that developers can build and deploy functionality and data integrations quickly. API security posture But there is a huge downside to this approach. --------------------------------------------- https://www.helpnetsecurity.com/2020/10/01/api-security-posture/ ∗∗∗ A complete stranger controlled this woman’s home security system, but they’re not the one she’s angry with ∗∗∗ --------------------------------------------- Imagine being contacted by a complete stranger via Facebook, and them telling you that they have complete control over the security system in your new home. --------------------------------------------- https://www.bitdefender.com/box/blog/iot-news/complete-stranger-controlled-… ∗∗∗ IPStorm botnet expands from Windows to Android, Mac, and Linux ∗∗∗ --------------------------------------------- IPStorm botnet quadruples in size to reach 13,500 infected systems. --------------------------------------------- https://www.zdnet.com/article/ipstorm-botnet-expands-from-windows-to-androi… ===================== = Vulnerabilities = ===================== ∗∗∗ Critical Flaws Discovered in Popular Industrial Remote Access Systems ∗∗∗ --------------------------------------------- Cybersecurity researchers have found critical security flaws in two popular industrial remote access systems that can be exploited to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets. The flaws, discovered by Tel Aviv-based OTORIO, were identified in B&R Automations SiteManager and GateManager, and MB Connect [...] --------------------------------------------- https://thehackernews.com/2020/10/industrial-remote-access.html ∗∗∗ Sony IPELA Network Camera (ftpclient.cgi) Remote Stack Buffer Overflow ∗∗∗ --------------------------------------------- The vulnerability is caused due to a boundary error in the processing of received FTP traffic through the FTP client functionality (ftpclient.cgi), which can be exploited to cause a stack-based buffer overflow when a user issues a POST request to connect to a malicious FTP server. Successful exploitation could allow execution of arbitrary code on the affected device or cause denial of service scenario. --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5596.php ∗∗∗ Vulnerability Spotlight: Remote code execution bugs in NVIDIA D3D10 driver ∗∗∗ --------------------------------------------- Cisco Talos recently discovered multiple remote code execution vulnerabilities in the NVIDIA D3D10 driver. This driver supports multiple GPUs that NVIDIA produces. An adversary could exploit these vulnerabilities by supplying the user with a malformed shader, eventually allowing them to execute code on the victim machine. These bugs could also allow the attacker to perform a guest-to-host escape through Hyper-V [...] --------------------------------------------- https://blog.talosintelligence.com/2020/09/vuln-spotlight-nvidia-d3d10-.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ruby-json-jwt and ruby-rack-cors), Fedora (xen), SUSE (aspell and tar), and Ubuntu (ruby-gon, ruby-kramdown, and ruby-rack). --------------------------------------------- https://lwn.net/Articles/833191/ ∗∗∗ Broken access control in Platinum Mobile ∗∗∗ --------------------------------------------- https://sec-consult.com/./en/blog/advisories/broken-access-control-in-plati… ∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0946 ∗∗∗ Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-13935) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-open-source-apache-tomcat… ∗∗∗ Security Bulletin: IBM Cloud Pak System is affected by a vulnerability in VMware component ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-system-is-a… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: App Connect Enterprise Certified Container is affected by multiple Node.js vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-ce… ∗∗∗ Security Bulletin: A vulnerability in Netty affects IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to an information disclosure vulnerability (CVE-2020-4576) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Vulnerability in Apache Commons Codec Affects IBM Sterling Secure Proxy ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-c… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily October 2020