Daily

daily@lists.cert.at

1 participants
3085 discussions

Tageszusammenfassung - 05.10.2020
by Daily end-of-shift report 05 Oct '20

05 Oct '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 02-10-2020 18:00 − Montag 05-10-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ MosaicRegressor: Lurking in the Shadows of UEFI ∗∗∗ --------------------------------------------- We found a compromised UEFI firmware image that contained a malicious implant. To the best of our knowledge, this is the second known public case where malicious UEFI firmware in use by a threat actor was found in the wild. --------------------------------------------- https://securelist.com/mosaicregressor/98849/ ∗∗∗ Egregor Ransomware Threatens ‘Mass-Media’ Release of Corporate Data ∗∗∗ --------------------------------------------- The newly discovered ransomware is hitting companies worldwide, including the GEFCO global logistics company. --------------------------------------------- https://threatpost.com/egregor-ransomware-mass-media-corporate-data/159816/ ∗∗∗ Scanning for SOHO Routers, (Sat, Oct 3rd) ∗∗∗ --------------------------------------------- In the past 30 days lots of scanning activity looking for small office and home office (SOHO) routers targeting Netgear. --------------------------------------------- https://isc.sans.edu/diary/rss/26638 ∗∗∗ Raccine-Tool soll Schattenkopien von Windows vor Ransomware schützen ∗∗∗ --------------------------------------------- Erpressungstrojaner verschlüsseln Dateien und löschen Daten, die Opfer zur Wiederherstellung nutzen könnten. Das Gratis-Tool Raccine will Hilfe anbieten. --------------------------------------------- https://heise.de/-4920206 ∗∗∗ Attacks Aimed at Disrupting the Trickbot Botnet ∗∗∗ --------------------------------------------- Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations. --------------------------------------------- https://krebsonsecurity.com/2020/10/attacks-aimed-at-disrupting-the-trickbo… ∗∗∗ Black-T: New Cryptojacking Variant from TeamTnT ∗∗∗ --------------------------------------------- Code within the Black-T malware sample gives evidence of a shift in tactics, techniques and procedures for TeamTnT operations. --------------------------------------------- https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/ ∗∗∗ Shodan Verified Vulns 2020-10-05 ∗∗∗ --------------------------------------------- Wie in unserem Blogpost vom September angekündigt, wollen wir monatlich einen Überblick zu Shodans "Verified Vulnerablilities" in Österreich bieten. --------------------------------------------- https://cert.at/de/aktuelles/2020/10/shodan-verified-vulns-2020-10-05 ===================== = Vulnerabilities = ===================== ∗∗∗ Tenda Router Zero-Days Emerge in Spyware Botnet Campaign ∗∗∗ --------------------------------------------- A variant of the Mirai botnet, called Ttint, has added espionage capabilities to complement its denial-of-service functions. --------------------------------------------- https://threatpost.com/tenda-router-zero-days-spyware-botnet/159834/ ∗∗∗ Dringend patchen: Rund eine viertel Million Exchange-Server angreifbar ∗∗∗ --------------------------------------------- Kriminelle nutzen eine Lücke in Microsoft Exchange, um Server zu übernehmen. Dabei gibt es seit Februar einen Patch. --------------------------------------------- https://heise.de/-4920095 ∗∗∗ Security Bulletin: IBM Cloud Pak for Integration Operators affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- Operators for BM Cloud Pak for Integration (CP4I) version 2020.2 are affected by vulnerabilities in Go prior to Go version 1.14.7. --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integra… ∗∗∗ Multiple critical vulnerabilities in RocketLinx Series ∗∗∗ --------------------------------------------- https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilitie… ∗∗∗ WAGO: XSS vulnerability in Web-UI in WAGO 750-88X and WAGO 750-89X ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-029 ∗∗∗ WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version <= FW07 ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-027 ∗∗∗ WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Versions <= FW03 ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-028 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.10.2020
by Daily end-of-shift report 02 Oct '20

02 Oct '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 01-10-2020 18:00 − Freitag 02-10-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sichere Software entwickeln mit OWASP SAMM ∗∗∗ --------------------------------------------- Sicherheit ist im gesamten Entwicklungsprozess wichtig, und OWASP SAMM bietet ein flexibles Rahmenwerk zur Umsetzung. --------------------------------------------- https://heise.de/-4918292 ∗∗∗ Common Ways Attackers Are Stealing Credentials ∗∗∗ --------------------------------------------- A few weeks ago, we reviewed some of the worst website hacks we’ve ever seen. Every one of them started with poor password choices and escalated into a disastrous event for the site owner. Strong passwords and good password hygiene are often the first line of defense. --------------------------------------------- https://www.wordfence.com/blog/2020/10/common-ways-attackers-are-stealing-c… ∗∗∗ Massenhaft gefälschte Post-Mails: So entlarven Sie den Betrug! ∗∗∗ --------------------------------------------- Derzeit versenden BetrügerInnen zahlreiche E-Mails im Namen der Post. Die Kriminellen täuschen darin vor, dass Versandkosten fehlen und ein Paket daher nicht zugestellt werden könne. Tatsächlich handelt es sich um einen sogenannten „Phishing-Versuch“. Die Kriminellen versuchen so an Ihre Zugangsdaten zu kommen. Wir erklären Ihnen, wie Sie den Betrug entlarven! --------------------------------------------- https://www.watchlist-internet.at/news/massenhaft-gefaelschte-post-mails-so… ∗∗∗ New service checks if your email was used in Emotet attacks ∗∗∗ --------------------------------------------- A new service has been launched that allows you to check if an email domain or address was in an Emotet spam campaign. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-service-checks-if-your-e… ∗∗∗ QR Codes: A Sneaky Security Threat ∗∗∗ --------------------------------------------- What to watch out for, and how to protect yourself from malicious versions of these mobile shortcuts. --------------------------------------------- https://threatpost.com/qr-codes-sneaky-security-threat/159757/ ∗∗∗ Serious Security: Phishing without links - when phishers bring along their own web pages ∗∗∗ --------------------------------------------- How do you "check the URL before you click" if the web page youre visiting is already on your own computer? --------------------------------------------- https://nakedsecurity.sophos.com/2020/10/02/serious-security-phishing-witho… ∗∗∗ GFX Xsender Hack Tool: A Spam Mailer ∗∗∗ --------------------------------------------- PHP hack tools are created and used by attackers to help automate frequent or tedious tasks. During a recent investigation, we came across a hack tool used to simplify the process of sending predefined HTML emails to a list of email addresses. The tool runs on top of PHPMailer’s library, which handles the connection and sending of the malicious emails. The hack tool also grants the ability to authenticate to an email address on a remote server. --------------------------------------------- https://blog.sucuri.net/2020/10/gfx-xsender-hack-tool-a-spam-mailer.html ∗∗∗ [SANS ISC] Analysis of a Phishing Kit ∗∗∗ --------------------------------------------- I published the following diary on isc.sans.edu: “Analysis of a Phishing Kit“: Sometimes, attackers make mistakes and allow security researchers to access interesting resources. This time, it’s another phishing kit that was left in the wild on the compromised server. --------------------------------------------- https://blog.rootshell.be/2020/10/02/sans-isc-analysis-of-a-phishing-kit/ ===================== = Vulnerabilities = ===================== ∗∗∗ macOS 10.14.6 Supplemental Update ∗∗∗ --------------------------------------------- macOS 10.14.6 Supplemental Update for macOS Mojave includes the security content of Safari 14.0. --------------------------------------------- https://support.apple.com/kb/HT211872 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jruby and ruby2.3), Fedora (crun, pdns, and podman), openSUSE (go1.14 and kernel), Oracle (qemu-kvm and virt:ol), Red Hat (qemu-kvm-ma and thunderbird), SUSE (nodejs10, nodejs12, perl-DBI, permissions, and xen), and Ubuntu (ntp). --------------------------------------------- https://lwn.net/Articles/833343/ ∗∗∗ Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ruby-o… ∗∗∗ Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2020-8166). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ruby-o… ∗∗∗ Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2020-8164). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ruby-o… ∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data – Node.js (CVE-2020-8203) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: App Connect Enterprise Certified Container is vulnerable to CVE-2019-11324 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-ce… ∗∗∗ Security Bulletin: Multiple IBM DB2 Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-s… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to Authentication Bypass (CVE-2020-4493) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: Vulnerability in Apache Commons Codec affects IBM Cúram Social Program Management (177835) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-c… ∗∗∗ Security Bulletin: Multiple IBM DB2 Server Security Vulnerabilities Affect IBM Emptoris Contract Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-s… ∗∗∗ Security Bulletin: Vulnerability in WebSphere Application Server Liberty affect IBM Operations Analytics – Log Analysis (CVE-2020-4590) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-webspher… ∗∗∗ Multiple Vulnerabilities in SevOne Network Management System (NMS) ∗∗∗ --------------------------------------------- https://sec-consult.com/./en/blog/advisories/multiple-vulnerabilities-in-se… ∗∗∗ PHP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0949 ∗∗∗ Trend Micro AntiVirus for Mac: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0948 ∗∗∗ Bitdefender Produkte: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0947 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.10.2020
by Daily end-of-shift report 01 Oct '20

01 Oct '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 30-09-2020 18:00 − Donnerstag 01-10-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Über die Verantwortung, die mit guter JavaScript-Unterstützung einhergeht ∗∗∗ --------------------------------------------- Warum Websites und Apps nicht zwangsläufig "ohne JavaScript funktionieren" müssen - aber sie und wir JavaScript verantwortungsvoller verwenden könnten. --------------------------------------------- https://heise.de/-4907606 ∗∗∗ Keine WhatsApp-Nachrichten für Emojis und Smileys teilen! ∗∗∗ --------------------------------------------- Gehäuft werden WhatsApp-Nachrichten von Kriminellen verschickt, die kostenlose Angebote bewerben und zur weiteren Verbreitung auffordern. Derzeit kursiert eine Betrugsnachricht, die neue Emojis für WhatsApp verspricht, wenn sie 20 mal geteilt wird. Die Nachricht ist fake und führt zu weiteren unseriösen Angeboten. --------------------------------------------- https://www.watchlist-internet.at/news/keine-whatsapp-nachrichten-fuer-emoj… ∗∗∗ Phishing mit Captchas ∗∗∗ --------------------------------------------- Eine Flut von Phishing-E-Mails mit dem Ziel Microsoft Office 365 setzt Captchas ein, um die Opfer in ein Gefühl der Sicherheit zu wiegen. --------------------------------------------- https://www.zdnet.de/88383103/phishing-mit-captchas/ ∗∗∗ IOCs turning into IOOIs, (Thu, Oct 1st) ∗∗∗ --------------------------------------------- Remember, back in the days, when the anti-virus vendors looked with derision at some of their competition, exclaiming "But they are using just SIGNATURES. Our tool detects BEHAVIOURS". That was like 15 years ago. Fast forward to today, with many of the same vendors now selling "threat intelligence feeds" for good money, and the most frequent attributes pushed over these feeds are MD5/SHA1 hashes and IP addresses. The main thing that changed is that we now call these items [...] --------------------------------------------- https://isc.sans.edu/diary/rss/26624 ∗∗∗ Network Detection for ZeroLogon (CVE-2020-1472) ∗∗∗ --------------------------------------------- ZeroLogon has quickly become popular and well known because of multiple proofs of concept and exploits implemented in Python, .NET, Powershell, and Mimikatz implemented a module for it. So if you are an attacker or need to test your environment then you have plenty of options. As defenders, we also have options for detection on the network. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/network-det… ∗∗∗ Evasive URLs in Spam: Part 2 ∗∗∗ --------------------------------------------- A URL can be completely valid, yet still misleading. In this blog, we will present another technique with URLs that we observed in a recent malicious spam campaign. This is the continuation of an earlier blog that discussed how valid URL formats can be used in evading detection. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/evasive-url… ∗∗∗ Detecting Microsoft 365 and Azure Active Directory Backdoors ∗∗∗ --------------------------------------------- Mandiant has seen an uptick in incidents involving Microsoft 365 (M365) and Azure Active Directory (Azure AD). Most of these incidents are the result of a phishing email coercing a user to enter their credentials used for accessing M365 into a phishing site. Other incidents have been a result of password spraying, password stuffing, or simple brute force attempts against M365 tenants. In almost all of these incidents, the user or account was not protected by multi-factor authentication (MFA). --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/09/detecting-microsoft-365… ∗∗∗ Three immediate steps to take to protect your APIs from security risks ∗∗∗ --------------------------------------------- In one form or another, APIs have been around for years, bringing the benefits of ease of use, efficiency and flexibility to the developer community. The advantage of using APIs for mobile and web apps is that developers can build and deploy functionality and data integrations quickly. API security posture But there is a huge downside to this approach. --------------------------------------------- https://www.helpnetsecurity.com/2020/10/01/api-security-posture/ ∗∗∗ A complete stranger controlled this woman’s home security system, but they’re not the one she’s angry with ∗∗∗ --------------------------------------------- Imagine being contacted by a complete stranger via Facebook, and them telling you that they have complete control over the security system in your new home. --------------------------------------------- https://www.bitdefender.com/box/blog/iot-news/complete-stranger-controlled-… ∗∗∗ IPStorm botnet expands from Windows to Android, Mac, and Linux ∗∗∗ --------------------------------------------- IPStorm botnet quadruples in size to reach 13,500 infected systems. --------------------------------------------- https://www.zdnet.com/article/ipstorm-botnet-expands-from-windows-to-androi… ===================== = Vulnerabilities = ===================== ∗∗∗ Critical Flaws Discovered in Popular Industrial Remote Access Systems ∗∗∗ --------------------------------------------- Cybersecurity researchers have found critical security flaws in two popular industrial remote access systems that can be exploited to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets. The flaws, discovered by Tel Aviv-based OTORIO, were identified in B&R Automations SiteManager and GateManager, and MB Connect [...] --------------------------------------------- https://thehackernews.com/2020/10/industrial-remote-access.html ∗∗∗ Sony IPELA Network Camera (ftpclient.cgi) Remote Stack Buffer Overflow ∗∗∗ --------------------------------------------- The vulnerability is caused due to a boundary error in the processing of received FTP traffic through the FTP client functionality (ftpclient.cgi), which can be exploited to cause a stack-based buffer overflow when a user issues a POST request to connect to a malicious FTP server. Successful exploitation could allow execution of arbitrary code on the affected device or cause denial of service scenario. --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5596.php ∗∗∗ Vulnerability Spotlight: Remote code execution bugs in NVIDIA D3D10 driver ∗∗∗ --------------------------------------------- Cisco Talos recently discovered multiple remote code execution vulnerabilities in the NVIDIA D3D10 driver. This driver supports multiple GPUs that NVIDIA produces. An adversary could exploit these vulnerabilities by supplying the user with a malformed shader, eventually allowing them to execute code on the victim machine. These bugs could also allow the attacker to perform a guest-to-host escape through Hyper-V [...] --------------------------------------------- https://blog.talosintelligence.com/2020/09/vuln-spotlight-nvidia-d3d10-.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ruby-json-jwt and ruby-rack-cors), Fedora (xen), SUSE (aspell and tar), and Ubuntu (ruby-gon, ruby-kramdown, and ruby-rack). --------------------------------------------- https://lwn.net/Articles/833191/ ∗∗∗ Broken access control in Platinum Mobile ∗∗∗ --------------------------------------------- https://sec-consult.com/./en/blog/advisories/broken-access-control-in-plati… ∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0946 ∗∗∗ Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-13935) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-open-source-apache-tomcat… ∗∗∗ Security Bulletin: IBM Cloud Pak System is affected by a vulnerability in VMware component ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-system-is-a… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: App Connect Enterprise Certified Container is affected by multiple Node.js vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-ce… ∗∗∗ Security Bulletin: A vulnerability in Netty affects IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to an information disclosure vulnerability (CVE-2020-4576) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Vulnerability in Apache Commons Codec Affects IBM Sterling Secure Proxy ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-c… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.09.2020
by Daily end-of-shift report 30 Sep '20

30 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 29-09-2020 18:00 − Mittwoch 30-09-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Fake software crack sites used to push Exorcist 2.0 Ransomware ∗∗∗ --------------------------------------------- The threat actors behind the Exorcist 2.0 ransomware are using malicious advertising to redirect victims to fake software crack sites that distribute their malware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-software-crack-sites-us… ∗∗∗ Over 247K Exchange servers unpatched for actively exploited flaw ∗∗∗ --------------------------------------------- More than 247,000 Microsoft Exchange servers are yet to be patched against the CVE-2020-0688 post-auth remote code execution (RCE) vulnerability impacting all Exchange Server versions under support. --------------------------------------------- https://www.bleepingcomputer.com/news/security/over-247k-exchange-servers-u… ∗∗∗ Microsoft Digital Defense Report 2020: Cyber Threat Sophistication on the Rise ∗∗∗ --------------------------------------------- A new report from Microsoft shows it is clear that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to identify. --------------------------------------------- https://www.microsoft.com/security/blog/2020/09/29/microsoft-digital-defens… ∗∗∗ Its 2020 so not only is your mouse config tool a Node.JS Electron app, its also pwnable by an evil webpage ∗∗∗ --------------------------------------------- Malicious JavaScript can inject commands to execute Earlier this year, peripheral maker Kensington patched its desktop software to close a vulnerability that could have been exploited by malicious websites to quietly hijack victims computers. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2020/09/30/kensingtonwo… ∗∗∗ LodaRAT Update: Alive and Well ∗∗∗ --------------------------------------------- By Chris Neal. During our continuous monitoring of LodaRAT, Cisco Talos observed changes in the threat that add new functionality. Multiple new versions of LodaRAT have been spotted being used in the wild. These new versions of LodaRAT abandoned their previous obfuscation techniques. Direct interaction with the threat actor was observed during analysis, indicating the actor is actively monitoring infected hosts. --------------------------------------------- https://blog.talosintelligence.com/2020/09/lodarat-update-alive-and-well.ht… ∗∗∗ Achtung! Vermeintliche Gutschein-Codes führen in Abo-Falle ∗∗∗ --------------------------------------------- Derzeit tauchen vermehrt gefälschte Gutschein-Codes für verschiedene Anbieter wie Netflix, Steam, Playstation, Google Play oder Amazon auf. Zu finden sind diese Codes in Kommentaren unter verschiedensten YouTube-Videos. Doch anstatt den versprochenen 50 Euro, tappen die Opfer in die Abo-Falle. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vermeintliche-gutschein-code… ∗∗∗ This worm phishing campaign is a game-changer in password theft, account takeovers ∗∗∗ --------------------------------------------- The security incident highlights the need for multi-factor authentication in the enterprise. --------------------------------------------- https://www.zdnet.com/article/this-worm-phishing-campaign-is-a-game-changer… ===================== = Vulnerabilities = ===================== ∗∗∗ Jetzt patchen! Cisco liefert Sicherheitsupdates für Router nach ∗∗∗ --------------------------------------------- Admins sollten professionelle Router von Cisco aus Sicherheitsgründe auf den aktuellen Stand bringen. Angreifer nutzen die Lücken derzeit aus. --------------------------------------------- https://heise.de/-4916417 ∗∗∗ FYI: If youre running HP Device Manager, anyone on your network can get admin on your server via backdoor ∗∗∗ --------------------------------------------- Hidden database account discovered, patches finally available as well as mitigations HP Device Manager, software that allows IT administrators to manage HP Thin Client devices, comes with a backdoor database user account that undermines network security, a UK-based consultant has warned. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2020/09/30/hp_device_ma… ∗∗∗ Huawei Security Advisories ∗∗∗ --------------------------------------------- Huawei hat 16 Security Advisories für verschiedene Produkte veröffentlicht. --------------------------------------------- https://www.huawei.com/en/psirt/all-bulletins ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, firefox, libvirt, and podman), Debian (firefox-esr and nss), Gentoo (bitcoind, chromium, cifs-utils, gpsd, libuv, and xen), Mageia (firefox, gnutls, mediawiki, samba, and Thunderbird), openSUSE (brotli and cifs-utils), Red Hat (audiofile, bluez, cloud-init, cpio, cups, curl, dbus, dnsmasq, e2fsprogs, evince and poppler, exiv2, expat, firefox, fontforge, freeradius, freerdp, glib2 and ibus, glibc, httpd, hunspell, ipa, kernel, kernel-rt, [...] --------------------------------------------- https://lwn.net/Articles/833120/ ∗∗∗ Vulnerabilities in Bosch PRAESIDEO and PRAESENSA ∗∗∗ --------------------------------------------- BOSCH-SA-538331-BT: Two security vulnerabilities have been uncovered in the web based management interface of the PRAESIDEO Network Controller and the PRAESENSA System Controller. The vulnerabilities will allow a Cross-Site Request Forgery (CSRF) attack and a Cross-site Scripting (XSS) attack. For PRAESIDEO a third vulnerability will allow a replay attack with which authentication can be bypassed. This last vulnerability is present in the web server of the PRAESIDEO Network Controller. --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-538331-bt.html ∗∗∗ Advisory: Multiple Vulnerabilities in SiteManager and GateManager ∗∗∗ --------------------------------------------- https://www.br-automation.com/downloads_br_productcatalogue/assets/16000031… ∗∗∗ Advisory: Multiple Vulnerabilities in GateManager ∗∗∗ --------------------------------------------- https://www.br-automation.com/downloads_br_productcatalogue/assets/16000031… ∗∗∗ Red Hat Enterprise Linux: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0939 ∗∗∗ Red Hat Enterprise Linux: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0940 ∗∗∗ Red Hat Enterprise Linux/FreeRDP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0941 ∗∗∗ Red Hat Enterprise Linux/WebKitGTK: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0942 ∗∗∗ Security Bulletin: Security vulnerability in WebSphere Liberty Server shipped with IBM Global Mailbox (CVE-2020-4329) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in… ∗∗∗ Security Bulletin: Version 5.0.5 of Redis included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability (CVE-2020-14147) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-version-5-0-5-of-redis-in… ∗∗∗ Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-websph… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4629) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Version 4.17.15 of Node.js module lodash included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-version-4-17-15-of-node-j… ∗∗∗ Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Commons Codec vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact… ∗∗∗ Security Bulletin: Vulnerability in Apache Commons Codec affects IBM Operations Analytics Predictive Insights ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-c… ∗∗∗ Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-manager-with-op… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.09.2020
by Daily end-of-shift report 29 Sep '20

29 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Montag 28-09-2020 18:00 − Dienstag 29-09-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 ∗∗∗ --------------------------------------------- The Netlogon Remote Protocol (also called MS-NRPC) is an RPC interface that is used exclusively by domain-joined devices. MS-NRPC includes an authentication method and a method of establishing a Netlogon secure channel. These updates enforce the specified Netlogon client behavior to use secure RPC with Netlogon secure channel between member computers and Active Directory (AD) domain controllers (DC). This security update addresses the vulnerability by enforcing secure RPC when using the [...] --------------------------------------------- https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-… ∗∗∗ Windows 10 is offering a confusing mess of Intel driver updates ∗∗∗ --------------------------------------------- Windows 10 2004 is offering optional updates for Intel drivers that are a confusing mess for users who attempt to install them. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/windows-10-is-offering-a-co… ∗∗∗ Backdoor Obfuscation: tempnam & URL Encoding ∗∗∗ --------------------------------------------- In an attempt to avoid detection, attackers and malware authors are always experimenting with different methods to obfuscate their malicious code. During a recent investigation, we came across an interesting backdoor that was leveraging encoding along with common PHP functions to conceal its operations from any active security systems on the host. This PHP web shell uses the following obfuscation method, where the web shell code is stored in URL encoded format and assigned to the variable $i: [...] --------------------------------------------- https://blog.sucuri.net/2020/09/backdoor-obfuscation-tempnam-url-encoding.h… ∗∗∗ [SANS ISC] Managing Remote Access for Partners & Contractors ∗∗∗ --------------------------------------------- I published the following diary on isc.sans.edu: "Managing Remote Access for Partners & Contractors": Yesterday, I wrote a quick diary about a potential security issue that some Tyler customers faced. Some people reacted to my diary with interesting comments in our forums. Two of them were interesting and deserve some [...] --------------------------------------------- https://blog.rootshell.be/2020/09/29/sans-isc-managing-remote-access-for-pa… ∗∗∗ Cloud-y, with a chance of hacking all the wireless things ∗∗∗ --------------------------------------------- Grandstream are a provider of IP video and voice services, as well as Wi-Fi and other related services and equipment. Their products are sold in over 150 countries and they [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/cloudy-with-a-chance-of-hacki… ∗∗∗ Playstation 5 nicht bei biogaming.de vorbestellen ∗∗∗ --------------------------------------------- Viele warten schon sehnsüchtig auf die neue Playstation 5. Um zum Verkaufsstart im November auch mit Sicherheit ein Modell zu ergattern, suchen KonsumentInnen nach Onlineshops, die noch eine Vorbestellung annehmen. Vorsicht ist jedoch geboten: Auch Fake-Shop bieten die Playstation 5 an! Wer beispielsweise bei biogaming.de bestellt, erhält trotz Bezahlung keine Ware. --------------------------------------------- https://www.watchlist-internet.at/news/playstation-5-nicht-bei-biogamingde-… ===================== = Vulnerabilities = ===================== ∗∗∗ Critical Information Disclosure on WP Courses plugin exposes private course videos and materials ∗∗∗ --------------------------------------------- Today weve got an interesting story to share. A vulnerability in WP Courses caused our Java course to be publicly disclosed via the WordPress REST API. Let’s dive into the details and see what happened. --------------------------------------------- https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plug… ∗∗∗ Security-Updates für Windows-Versionen von Foxit Reader und PhantomPDF verfügbar ∗∗∗ --------------------------------------------- Das Foxit-Team hat Sicherheitslücken mit überwiegend hoher Risikoeinstufung aus Reader und PhantomPDF für Windows sowie aus dem 3D Plugin (Beta) beseitigt. --------------------------------------------- https://heise.de/-4915016 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr and mediawiki), openSUSE (firefox, libqt5-qtbase, and rubygem-actionpack-5_1), Red Hat (qemu-kvm, qemu-kvm-ma, and virt:rhel), SUSE (dpdk, firefox, and go1.15), and Ubuntu (dpdk, imagemagick, italc, libpgf, libuv1, pam-python, squid3, ssvnc, and teeworlds). --------------------------------------------- https://lwn.net/Articles/832958/ ∗∗∗ Trend Micro Security Produkte: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0938 ∗∗∗ Security Bulletin: IBM Security Verify Privilege Vault Remote is vulnerable to local user security bypass (CVE-2020-4607) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-privi… ∗∗∗ Security Bulletin: App Connect Enterprise Certified Container is vulnerable to (CVE-2020-8244) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-ce… ∗∗∗ Security Bulletin: App Connect Enterprise Certified Container is vulnerable to an infinite read loop (CVE-2020-16845) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-ce… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Kubernetes vulnerabilities (CVE-2020-8557, CVE-2020-8559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: App Connect Enterprise Certified Container is vulnerable to a regular expression infinite loop (NODE-SECURITY-1488) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-ce… ∗∗∗ Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i is affected by CVE-2020-2590 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java… ∗∗∗ Security Bulletin: Aspera on Cloud CVE-2020-8184 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-aspera-on-cloud-cve-2020-… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to a Kubernetes vulnerability (CVE-2020-8553) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i is affected by CVE-2020-2601 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.09.2020
by Daily end-of-shift report 28 Sep '20

28 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 25-09-2020 18:00 − Montag 28-09-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Some Tyler Technologies Customers Targeted with The Installation of a Bomgar Client, (Mon, Sep 28th) ∗∗∗ --------------------------------------------- One of our readers, a Tyler Technologies's customer, reported to us that he found this morning the Bomgar client[1] (BeyondTrust) installed on one of his servers. There is an ongoing discussion on Reddit with the same kind of reports[2]. --------------------------------------------- https://isc.sans.edu/diary/rss/26610 ∗∗∗ Magento Credit Card Stealing Malware: gstaticapi ∗∗∗ --------------------------------------------- Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information. To obtain sensitive details, the malware loads external javascript whenever the URL contains “checkout” ⁠— this location typically belongs to the step in Magento’s checkout process where users enter their sensitive credit card information and shipping details. --------------------------------------------- https://blog.sucuri.net/2020/09/magento-credit-card-stealing-malware-gstati… ∗∗∗ Kostenloses Entschlüsselungstool für Erpressungstrojaner ThunderX ist da ∗∗∗ --------------------------------------------- Sicherheitsforscher haben einen Fehler in der Verschlüsselung durch die Ransomware ThunderX entdeckt und bieten nun Hilfe an. --------------------------------------------- https://heise.de/-4913470 ===================== = Vulnerabilities = ===================== ∗∗∗ Jetzt patchen! AgeLocker Ransomware hat es auf Qnap NAS abgesehen ∗∗∗ --------------------------------------------- Besitzer von Netzwerkspeichern (NAS) der Firma Qnap, sollten ihr Gerät aus Sicherheitsgründen auf den aktuellen Stand bringen. --------------------------------------------- https://heise.de/-4913513 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, libdbi-perl, linux-4.19, lua5.3, mediawiki, nfdump, openssl1.0, qt4-x11, qtbase-opensource-src, ruby-gon, and yaws), Fedora (f2fs-tools, grub2, libxml2, perl-DBI, singularity, xawtv, and xen), Mageia (cifs-utils, kio-extras, libproxy, mbedtls, nodejs, novnc, and pdns), openSUSE (bcm43xx-firmware, chromium, conmon, fuse-overlayfs, libcontainers-common, podman, firefox, libqt4, libqt5-qtbase, openldap2, ovmf, pdns, rubygem-actionpack-5_1, and [...] --------------------------------------------- https://lwn.net/Articles/832831/ ∗∗∗ MediaWiki: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen, einen Cross-Site Scripting Angriff durchzuführen, Daten zu manipulieren oder weitere Angriffe mit nicht spezifizierten Auswirkungen durchzuführen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0923 ∗∗∗ MediaWiki: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen oder Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0934 ∗∗∗ Trend Micro Apex One: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann mehrere Schwachstellen in Trend Micro Apex One ausnutzen, um seine Privilegien zu erhöhen, Code zur Ausführung zu bringen und Informationen offenzulegen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0925 ∗∗∗ F5 BIG-IP: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in F5 BIG-IP ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0927 ∗∗∗ Security Advisory - Buffer Overflow Vulnerability BootHole in GRUB2 Secure Boot ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200923-… ∗∗∗ Security Bulletin: Insecure Use of InnerHTML or OuterHTML in IBM Enterprise Records ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-insecure-use-of-innerhtml… ∗∗∗ Security Bulletin: Dynamically constructed href attribute in IBM Enterprise Records ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-dynamically-constructed-h… ∗∗∗ Security Bulletin: Apache Commons Codec Vulnerability Affects IBM Control Center ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-codec-vuln… ∗∗∗ Security Bulletin: Multiple Java Vulnerabilities Impact IBM Control Center ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-java-vulnerabili… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to a Node.js lodash vulnerability (CVEID: 183560) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Private – OpenSSL (CVE-2019-1563, CVE-2019-1549, CVE-2019-1547) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Event Streams is affected by a Node.js http-proxy and lodash module vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: IBM Event Streams is affected by a vulnerability in the Go runtime (CVE-2020-16845) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: IBM Event Streams is affected by a Redis vulnerability (CVE-2020-14147) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an Elasticsearch vulnerability (CVE-2019-7614) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from OpenSSH affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to a Netty vulnerability (CVE-2020-11612) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Private – Logstash (CVE-2019-7620) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.12.0 ESR + CVE-2020-15664) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.2.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.12.0 ESR + CVE-2020-15659) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.2.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.12.0 ESR) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.2.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Kibana vulnerabilities (CVE-2020-7015, CVE-2020-7013, CVE-2020-7012) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to a Kubernetes vulnerability (CVEID: 182747) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Private – Node.js (CVE-2019-15605, CVE-2019-15606) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.09.2020
by Daily end-of-shift report 25 Sep '20

25 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 24-09-2020 18:00 − Freitag 25-09-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Datenleck: Airbnb gibt Gastgebern Zugriff auf fremde Postfächer ∗∗∗ --------------------------------------------- Hosts berichten, dass ihnen die Nachrichten anderer Airbnb-Hosts angezeigt werden - bis hin zur PIN, mit der sich die Tür öffnen lässt. --------------------------------------------- https://www.golem.de/news/datenleck-airbnb-gibt-gastgebern-zugriff-auf-frem… ∗∗∗ Sodinokibi Ransomware 101: Origin, Victims, Prevention Strategies ∗∗∗ --------------------------------------------- Cyberattacks have become a part of our reality, but have you ever wondered what might happen if your company gets targeted? You probably imagine that you would lose some money and a great deal of time, maybe fire an employee or too, lose a few clients and have your reputation tainted or eventually even deal [...] --------------------------------------------- https://heimdalsecurity.com/blog/sodinokibi-ransomware-101/ ∗∗∗ Ghost in action: the Specter botnet ∗∗∗ --------------------------------------------- On August 20, 2020, 360Netlab Threat Detect System captured a suspicious ELF file (22523419f0404d628d02876e69458fbe.css) with 0 VT detection. When we took a close look, we see a new botnet that targets AVTECH IP Camera / NVR / DVR devices, and it has flexible configuration, highly modular / plugin, and uses TLS, [...] --------------------------------------------- https://blog.netlab.360.com/ghost-in-action-the-specter-botnet/ ∗∗∗ Securing Exchange Online [Guest Diary], (Fri, Sep 25th) ∗∗∗ --------------------------------------------- [...] The base configuration of Exchange Online is set to allow quick onboarding of customers with minimal barriers to the smooth migration of email into the service. The configuration does require tweaks to in order to make it more secure. I aim to cover some of the more effective tweaks in this document and point the reader to the right documentation to secure their Exchange tenant. --------------------------------------------- https://isc.sans.edu/diary/rss/26600 ∗∗∗ Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers ∗∗∗ --------------------------------------------- As the pandemic continues to accelerate the shift towards working from home, a slew of digital threats have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks. Now according to network security platform provider SAM Seamless Network, over 200,000 businesses that have deployed the Fortigate VPN solution to enable employees to [...] --------------------------------------------- https://thehackernews.com/2020/09/fortigate-vpn-security.html ∗∗∗ Studie: Angreifer wollen ins Homeoffice – millionenfach über RDP-Verbindungen ∗∗∗ --------------------------------------------- In Corona-Zeiten haben Forscher einen signifikanten Anstieg von Attacken auf Remote-Verbindungen registriert. Mit den richtigen Tipps schützt man sich. --------------------------------------------- https://heise.de/-4912452 ∗∗∗ Security-Updatepaket für Ciscos Netzwerkbetriebssysteme IOS und IOS XE ∗∗∗ --------------------------------------------- Admins aufgepasst: Vor dem Start ins Wochenende warten noch Updates für IOS und IOS XE, die insgesamt 34 Schwachstellen mit hoher Risikoeinstufung schließen. --------------------------------------------- https://heise.de/-4912352 ∗∗∗ Handling Incidents in ICS – Getting to the Root of the Problem ∗∗∗ --------------------------------------------- For most organizations, having an incident response plan is a regulatory or even legal requirement these days. Unfortunately just having [...] --------------------------------------------- https://www.dragos.com/blog/industry-news/handling-incidents-in-ics-getting… ===================== = Vulnerabilities = ===================== ∗∗∗ macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave ∗∗∗ --------------------------------------------- This document describes the security content of macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. --------------------------------------------- https://support.apple.com/kb/HT211849 ∗∗∗ iCloud for Windows 11.4 ∗∗∗ --------------------------------------------- This document describes the security content of iCloud for Windows 11.4. --------------------------------------------- https://support.apple.com/kb/HT211846 ∗∗∗ iCloud for Windows 7.21 ∗∗∗ --------------------------------------------- This document describes the security content of iCloud for Windows 7.21. --------------------------------------------- https://support.apple.com/kb/HT211847 ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- Cisco hat 42 Security Advisories mit folgenden "Security Impact Ratings" veröffentlicht: High: 29 Medium: 13 --------------------------------------------- https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&first… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (rails), openSUSE (chromium, jasper, ovmf, roundcubemail, samba, and singularity), Oracle (firefox), SUSE (bcm43xx-firmware, firefox, libqt5-qtbase, qemu, and tiff), and Ubuntu (aptdaemon, atftp, awl, packagekit, and spip). --------------------------------------------- https://lwn.net/Articles/832509/ ∗∗∗ Security Bulletin: IBM InfoSphere Information Server is vulnerable to Cross-frame scripting ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio… ∗∗∗ Security Bulletin: Security Vulnerabilities in IBM® Java SDK July 2020 CPU plus CVE-2020-2590 and CVE-2020-2601 affect multiple IBM Continuous Engineering products based on IBM Jazz Technology ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect IBM Spectrum Conductor and IBM Spectrum Conductor with Spark ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4643) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect IBM Spectrum Conductor and IBM Spectrum Conductor with Spark ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4531 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.09.2020
by Daily end-of-shift report 24 Sep '20

24 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 23-09-2020 18:00 − Donnerstag 24-09-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Security-Checkliste Passwörter & Accounts ∗∗∗ --------------------------------------------- Passwörter sind ein notwendiges Übel. Mit den folgenden Tipps haben Sie so wenig Passwortstress wie nötig, ohne an der Sicherheit zu sparen. --------------------------------------------- https://heise.de/-4886755 ∗∗∗ Vorsicht vor Raiffeisen Phishing SMS ∗∗∗ --------------------------------------------- Momentan werden massenhaft betrügerische Phishing SMS im Namen der Raiffeisen Bank verschickt. Angeblich sollte eine PushTAN Registrierung abgeschlossen werden. Die verlinkte Website sieht der echten dabei zum Verwechseln ähnlich. Achtung: Hier dürfen keinesfalls die eigenen Online Banking Daten eingegeben werden. Diese landen direkt in den Händen Krimineller. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-raiffeisen-phishing-sms/ ∗∗∗ Android-Malware Alien stiehlt Geld ∗∗∗ --------------------------------------------- Ein Android-Trojaner namens Alien ist seit Anfang des Jahres aktiv und wird als Malware-as-a-Service (MaaS) in unterirdischen Hackerforen angeboten. Ziel sind Banking- und Finanz-Apps auch in Deutschland --------------------------------------------- https://www.zdnet.de/88382932/android-malware-alien-stiehlt-geld/ ∗∗∗ Supply Chain bietet Angriffspunkte ∗∗∗ --------------------------------------------- Hacker nutzen zunehmend die Lieferketten im Ökosystem von Unternehmen, um ihre Angriffe vorzutragen. Kleinere Lieferanten mit schwachen Sicherheitsstrukturen bieten Einstiegspunkte für Attacken. --------------------------------------------- https://www.zdnet.de/88382938/supply-chain-bietet-angriffspunkte/ ∗∗∗ Protecting Against PowerShell Attacks: 5 Key Steps ∗∗∗ --------------------------------------------- Admins are already busy maintaining all systems running onsite and remotely, so the extra demand to protect against fileless threats can be overwhelming for manual security operations and inexperienced IT professionals. There are, however, five basic steps you can take to help mitigate the threat --------------------------------------------- https://www.beyondtrust.com/blog/entry/protecting-against-powershell-attack… ∗∗∗ AgeLocker ransomware targets QNAP NAS devices, steals data ∗∗∗ --------------------------------------------- QNAP NAS devices are being targeted in attacks by the AgeLocker ransomware, which encrypts the devices data, and in some cases, steal files from the victim. --------------------------------------------- https://www.bleepingcomputer.com/news/security/agelocker-ransomware-targets… ∗∗∗ Malicious One-Liner Using Hastebin ∗∗∗ --------------------------------------------- Short scripts that deliver malware to a website are nothing new, but during a recent investigation we found a script using hastebin[.]com, which is a domain we see used infrequently. The script was found writing malicious contents into an image directory on a compromised website, allowing an attacker to execute other malicious commands. --------------------------------------------- https://blog.sucuri.net/2020/09/malicious-one-liner-using-hastebin.html ∗∗∗ [SANS ISC] Party in Ibiza with PowerShell ∗∗∗ --------------------------------------------- I published the following diary on isc.sans.edu: "Party in Ibiza with PowerShell": Today, I would like to talk about PowerShell ISE or "Integration Scripting Environment". This tool is installed by default on all Windows computers (besides the classic PowerShell interpreter). From a malware analysis point of view, ISE offers a key feature: [...] --------------------------------------------- https://blog.rootshell.be/2020/09/24/sans-isc-party-in-ibiza-with-powershel… ∗∗∗ Fuzzing Image Parsing in Windows, Part One: Color Profiles ∗∗∗ --------------------------------------------- Image parsing and rendering are basic features of any modern operating system (OS). Image parsing is an easily accessible attack surface, and a vulnerability that may lead to remote code execution or information disclosure in such a feature is valuable to attackers. --------------------------------------------- https://www.fireeye.com/blog/threat-research/2020/09/fuzzing-image-parsing-… ===================== = Vulnerabilities = ===================== ∗∗∗ Jetzt patchen! Attacken auf Zerologon-Lücke in Windows Server ∗∗∗ --------------------------------------------- Microsoft warnt vor Attacken auf eine kritische Sicherheitslücke in verschiedenen Windows-Server-Versionen. Auch Samba ist betroffen. --------------------------------------------- https://heise.de/-4910854 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (firefox, libproxy, mbedtls, samba, and zeromq), openSUSE (chromium and virtualbox), Red Hat (firefox and kernel), SUSE (cifs-utils, conmon, fuse-overlayfs, libcontainers-common, podman, libcdio, python-pip, samba, and wavpack), and Ubuntu (rdflib). --------------------------------------------- https://lwn.net/Articles/832405/ ∗∗∗ Synology-SA-20:22 SRM ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to bypass security constraints via a susceptible version of Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_22 ∗∗∗ Wireshark: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0922 ∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Struts affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-0233, CVE-2019-0230) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor and IBM Spectrum Conductor with Spark ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Manager previously known as IBM Security Privilege Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Vault previously known as IBM Security Secret Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application and IHS server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.09.2020
by Daily end-of-shift report 23 Sep '20

23 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 22-09-2020 18:00 − Mittwoch 23-09-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Security-Checkliste Webbrowser ∗∗∗ --------------------------------------------- Ihr Browser kommt, auch ohne Surfen auf zwielichtigen Websites, sehr häufig mit Schadcode in Kontakt. Umso wichtiger ist es, ihn maximal sicher einzustellen. --------------------------------------------- https://heise.de/-4886750 ∗∗∗ Aufgepasst: Emotet versteckt sich nun in passwortgeschützten Archiven ∗∗∗ --------------------------------------------- Die Drahtzieher hinter Emotet haben eine neue Kampagne gestartet, um die Malware zu verbreiten. Dieses Mal haben Sie aber bei einer Sache gepennt. --------------------------------------------- https://heise.de/-4909712 ∗∗∗ Betrügerische Kredite von Continental Bank und Eran Finance! ∗∗∗ --------------------------------------------- Durch die Auswirkungen der Corona-Krise sind immer mehr Menschen von Finanzhilfen abhängig. Kein Wunder, dass Kredite und Darlehen beliebter werden und dass auch Cyberkriminelle betrügerischen Kredite anbieten. So zum Beispiel der Kreditvermittler royal-eranfinance.com und die Bank continental-groupe.com. Die beiden vermeintlichen Unternehmen arbeiten zusammen. Doch statt Kredite auszuzahlen, stehlen die Unternehmen die Identität der Opfer und verlangen Vorschusszahlungen. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-kredite-von-continent… ∗∗∗ Case Study: Emotet Thread Hijacking, an Email Attack Technique ∗∗∗ --------------------------------------------- Thread hijacking, recently used to distribute Emotet, uses stolen copies of messages collected from infected users' email clients to attack others. --------------------------------------------- https://unit42.paloaltonetworks.com/emotet-thread-hijacking/ ∗∗∗ Linux vulnerabilities: How unpatched servers lead to persistent backdoors ∗∗∗ --------------------------------------------- Vulnerability management is a challenge Humans make mistakes, software has bugs and some of these bugs are exploitable vulnerabilities. The existence of vulnerabilities in software is not a new problem, but as the volume of software in existence grows, so does the number of exploitable vulnerabilities. --------------------------------------------- https://resources.infosecinstitute.com/linux-vulnerabilities-how-unpatched-… ∗∗∗ Looking for sophisticated malware in IoT devices ∗∗∗ --------------------------------------------- Let's talk about the structure of the firmware of an IoT device in order to get a better understanding of the different components. --------------------------------------------- https://securelist.com/looking-for-sophisticated-malware-in-iot-devices/985… ∗∗∗ [SANS ISC] Malicious Word Document with Dynamic Content ∗∗∗ --------------------------------------------- I published the following diary on isc.sans.edu: "Malicious Word Document with Dynamic Content": Here is another malicious Word document that I spotted while hunting. "Another one?" may ask some of our readers. Indeed but malicious documents remain a very common infection vector and you learn a lot when you analyze [...] --------------------------------------------- https://blog.rootshell.be/2020/09/23/sans-isc-malicious-word-document-with-… ===================== = Vulnerabilities = ===================== ∗∗∗ Critical Vulnerabilities Patched in XCloner Backup and Restore Plugin ∗∗∗ --------------------------------------------- On August 14, our Threat Intelligence team discovered several vulnerabilities present in XCloner Backup and Restore, a WordPress plugin installed on over 30,000 sites. This flaw gave authenticated attackers, with subscriber-level or above capabilities, the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution on [...] --------------------------------------------- https://www.wordfence.com/blog/2020/09/critical-vulnerabilities-patched-in-… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by openSUSE (libetpan, libqt4, lilypond, otrs, and perl-DBI), Red Hat (kernel-rt), Slackware (seamonkey), SUSE (grafana, libmspack, openldap2, ovmf, pdns, rubygem-actionpack-5_1, and samba), and Ubuntu (debian-lan-config, ldm, libdbi-perl, and netty-3.9). --------------------------------------------- https://lwn.net/Articles/832276/ ∗∗∗ Samba Issues Patches for Zerologon Vulnerability ∗∗∗ --------------------------------------------- The Samba team has released patches for a critical-severity elevation of privilege vulnerability impacting the Microsoft Windows Netlogon Remote Protocol (MS-NRPC). --------------------------------------------- https://www.securityweek.com/samba-issues-patches-zerologon-vulnerability ∗∗∗ CVE-2020-1472/Zerologon. As an IT manager should I worry? ∗∗∗ --------------------------------------------- TL;DR Yes, apply the update from Microsoft. --------------------------------------------- https://www.pentestpartners.com/security-blog/cve-2020-1472-zerologon-as-an… ∗∗∗ Citrix Hypervisor Security Update ∗∗∗ --------------------------------------------- Several security issues have been identified in Citrix Hypervisor (formerly Citrix XenServer) that may allow privileged code in a guest VM to cause the host to crash or become unresponsive. In addition, unprivileged code in a PV guest VM may be able to [...] --------------------------------------------- https://support.citrix.com/article/CTX282314 ∗∗∗ Security Advisory - Buffer Overflow Vulnerability BootHole in GRUB2 Secure Boot ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200923-… ∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200923-… ∗∗∗ Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4698 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to path traversal (CVE-2019-4582) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2020-15358) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlit… ∗∗∗ Atlassian Confluence: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0920 ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0921 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.09.2020
by Daily end-of-shift report 22 Sep '20

22 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Montag 21-09-2020 18:00 − Dienstag 22-09-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Google Cloud Buckets Exposed in Rampant Misconfiguration ∗∗∗ --------------------------------------------- A too-large percentage of cloud databases containing highly sensitive information are publicly available, an analysis shows. --------------------------------------------- https://threatpost.com/google-cloud-buckets-exposed-misconfiguration/159429/ ∗∗∗ New and improved Security Update Guide! ∗∗∗ --------------------------------------------- We're excited to announce a significant update to the Security Update Guide, our one-stop site for information about all security updates provided by Microsoft. This new version will provide a more intuitive user experience to help protect our customers regardless of what Microsoft products or services they use in their environment. --------------------------------------------- https://msrc-blog.microsoft.com:443/2020/09/21/new-and-improved-security-up… ∗∗∗ Cyberbedrohungen: Kostenlose "Adversary Emulation Plans" für Firmen verfügbar ∗∗∗ --------------------------------------------- Ein neues MITRE-Projekt stellt Informationen bereit, die Red Teams Schritt für Schritt beim Nachstellen realitätsnaher Angriffsszenarien unterstützen sollen. --------------------------------------------- https://heise.de/-4907083 ∗∗∗ instructionsweb.com führt in Abo-Falle ∗∗∗ --------------------------------------------- Die Suche nach einer Gebrauchsanleitung für ein elektronisches Gerät führte Sie zu instructionsweb.com? Sie haben dort schnell und unkompliziert die benötigte Anleitung gefunden? Auch der Preis von 95 Cent ist erschwinglich. Vorsicht: Mit Eingabe Ihrer Kreditkartendaten tappen Sie in eine Abo-Falle, die Sie monatlich € 11,95 kostet! Und: Anleitung gibt's trotz Bezahlung keine! --------------------------------------------- https://www.watchlist-internet.at/news/instructionswebcom-fuehrt-in-abo-fal… ∗∗∗ Does your business have a Well-Known URL for changing passwords? It should! ∗∗∗ --------------------------------------------- If you're a business which has a website that customers access via a password, spend a few minutes create your own .well-known/change-password which points users to the correct place. --------------------------------------------- https://businessinsights.bitdefender.com/business-url-changing-password ∗∗∗ Optimizing Away JavaScript Obfuscation. (arXiv:2009.09170v1 [cs.CR]) ∗∗∗ --------------------------------------------- JavaScript is a popular attack vector for releasing malicious payloads on unsuspecting Internet users. Authors of this malicious JavaScript often employ numerous obfuscation techniques in order to prevent the automatic detection by antivirus and hinder manual analysis by professional malware analysts. Consequently, this paper presents SAFE-Deobs, a JavaScript deobfuscation tool that we have built. --------------------------------------------- https://arxiv.org/abs/2009.09170 ∗∗∗ Microsoft sichert ungeschützten Backend-Server seiner Suchmaschine Bing ∗∗∗ --------------------------------------------- Er gibt 6,5 TByte Daten preis. Es handelt sich ausschließlich um Log-Dateien ohne persönliche Informationen. Microsoft spricht von einer Fehlkonfiguration – dem fraglichen Server fehlte ein Passwort. --------------------------------------------- https://www.zdnet.de/88382854/microsoft-sichert-ungeschuetzten-backend-serv… ===================== = Vulnerabilities = ===================== ∗∗∗ Firefox: Neue Desktop-Versionen beseitigen mögliche Einfallstore für Angreifer ∗∗∗ --------------------------------------------- Mit den Versionen 81 und ESR 78.3 des Webbrowsers Firefox liefert das Mozilla-Team auch diverse Lücken-Fixes aus. --------------------------------------------- https://heise.de/-4909119 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Mageia (mysql-connector-java), openSUSE (chromium, curl, libqt4, and singularity), Red Hat (bash and kernel), SUSE (python-pip and python3), and Ubuntu (busybox, ceph, freeimage, libofx, libpam-tacplus, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-azure, linux-gcp, linux-oracle, novnc, and tnef). --------------------------------------------- https://lwn.net/Articles/832164/ ∗∗∗ VMware Horizon DaaS: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in VMware Horizon DaaS ausnutzen, um Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0916 ∗∗∗ Xen Security Advisories ∗∗∗ --------------------------------------------- The Xen Project has released 10 Security Advisories on 2020-09-22. --------------------------------------------- https://xenbits.xen.org/xsa/ ∗∗∗ Security Bulletin: CVE-2020-2590 (deferred from Oracle Jan 2020 CPU) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2590-deferred-fr… ∗∗∗ Security Bulletin: CVE-2020-2601 (deferred from Oracle Jan 2020 CPU) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2601-deferred-fr… ∗∗∗ Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jul 2020 – Includes Oracle Jul 2020 CPU plus one additional vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: CVE-2020-2601 (deferred from Oracle Jan 2020 CPU) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2601-deferred-fr… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Apache ZooKeeper as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2019-0201) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-zookeeper-as-used-… ∗∗∗ Security Bulletin: CVE-2020-2590 (deferred from Oracle Jan 2020 CPU) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2590-deferred-fr… ∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise V11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-j… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jul 2020 – Includes Oracle Jul 2020 CPU plus one additional vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily