Daily

daily@lists.cert.at

1 participants
3150 discussions

Tageszusammenfassung - 14.09.2020
by Daily end-of-shift report 14 Sep '20

14 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 11-09-2020 18:00 − Montag 14-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Zerologon übernimmt Domain-Controller ∗∗∗ --------------------------------------------- Unbemerkt von vielen hat Microsoft im August letzten Monats einen der schwerwiegendsten Fehler behoben, der dem Unternehmen jemals gemeldet wurde. Dieses Problem könnte dazu missbraucht werden, Windows-Server, die als Domänencontroller in Unternehmensnetzwerken laufen, einfach zu übernehmen. --------------------------------------------- https://www.zdnet.de/88382688/zerologon-uebernimmt-domain-controller/ ∗∗∗ Magento stores hit by largest automated hacking attack since 2015 ∗∗∗ --------------------------------------------- In the largest automated hacking campaign against Magento sites, attackers compromised almost 2,000 online stores this weekend to steal credit cards. --------------------------------------------- https://www.bleepingcomputer.com/news/security/magento-stores-hit-by-larges… ∗∗∗ Creating patched binaries for pentesting purposes, (Sun, Sep 13th) ∗∗∗ --------------------------------------------- When doing pentestings, the establishment of backdoors is vital to be able to carry out lateral movements in the network or to reach the stage of action on objectives. This is usually accomplished by inviting someone to click on a commonly used executable on the computer using social engineering techniques. --------------------------------------------- https://isc.sans.edu/diary/rss/26560 ∗∗∗ ModSecurity, Regular Expressions and Disputed CVE-2020-15598 ∗∗∗ --------------------------------------------- This blog post will discuss that tradeoff in the context of regular expressions in ModSecurity. It will cover an issue raised by a member of the community as a security issue (assigned CVE-2020-15598), which we disputed, and some tips for how to avoid the more problematic aspects of regular expressions in ModSecurity. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity… ∗∗∗ New BlindSide attack uses speculative execution to bypass ASLR ∗∗∗ --------------------------------------------- New BlindSide technique abuses the CPUs internal performance-boosting feature to bypass OS security protection. --------------------------------------------- https://www.zdnet.com/article/new-blindside-attack-uses-speculative-executi… ===================== = Vulnerabilities = ===================== ∗∗∗ Hyland OnBase Arbitrary File Upload ∗∗∗ --------------------------------------------- Hyland OnBase allows malicious attackers to directly upload arbitrary files to the OnBase server using file upload methods. The client-side sometimes restricts file types, but the server-side does not allowing attackers with direct server access to upload files of any type including malicious files designed to compromise clients that view the data. OnBase also appears to lack the proper mechanisms to verify that files are of the type claimed and instead relies on file extensions, allowing attackers to upload malicious files whose extensions do not match the actual file type. This allows a second vector for malicious file upload and attacking clients. --------------------------------------------- https://cxsecurity.com/issue/WLB-2020090071 ∗∗∗ WordPress Plugin Flaw Allows Attackers to Forge Emails ∗∗∗ --------------------------------------------- The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites. --------------------------------------------- https://threatpost.com/wordpress-plugin-flaw/159172/ ∗∗∗ Sicherheitsupdates: Root-Lücke bedroht Firewalls von Palo Alto ∗∗∗ --------------------------------------------- Eine kritische Lücke im Betriebssystem PAN-OS gefährdet Firewalls aus dem Hause Palo Alto. --------------------------------------------- https://heise.de/-4892796 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (thunderbird), Debian (libproxy, qemu, and wordpress), Fedora (ansible, chromium, community-mysql, dotnet-build-reference-packages, dotnet3.1, drupal7, grub2, java-1.8.0-openjdk-aarch32, kernel, kernel-headers, kernel-tools, mingw-gnutls, php-symfony4, python-django, and selinux-policy), Gentoo (DBI, file-roller, gnome-shell, gst-rtsp-server, nextcloud-client, php, proftpd, qtgui, and zeromq), openSUSE (gimp, libjpeg-turbo, openldap2, [...] --------------------------------------------- https://lwn.net/Articles/831524/ ∗∗∗ Vulnerabilities Expose Thousands of MobileIron Servers to Remote Attacks ∗∗∗ --------------------------------------------- Researchers have disclosed the details of several potentially serious vulnerabilities affecting MobileIron’s mobile device management (MDM) solutions, including a flaw that can be exploited by an unauthenticated attacker for remote code execution on affected servers. --------------------------------------------- https://www.securityweek.com/vulnerabilities-expose-thousands-mobileiron-se… ∗∗∗ Multiple vulnerabilities in Buffalo AirStation WHR-G54S ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN09166495/ ∗∗∗ Security Bulletin: IBM Cloud Pak System is affected by a vulnerability in VMware component ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-system-is-a… ∗∗∗ Security Bulletin: A vulnerability in Apache AvtiveMQ affects IBM Operations Analytics Predictive Insights (CVE-2020-1941) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache… ∗∗∗ Security Bulletin: Vulnerability in libcurl affects the OS image for RedHat Enterprise Linux for IBM Cloud Pak System (CVE-2019-5436) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-libcurl-… ∗∗∗ Security Bulletin: Vulnerability in OpenSSL library affects OS Pattern Kit used in IBM Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-… ∗∗∗ Security Bulletin: IBM Kenexa LMS On Premise -IBM SDK, Java Technology Edition Quarterly CPU -Jul 2020 – Includes Oracle Jul 2020 CPU plus one additional vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise… ∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – [All] jQuery (Publicly disclosed vulnerability) CVEID: 180875 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-o… ∗∗∗ Security Bulletin: Vulnerability in side channel in Intel CPUs affect IBM Cloud Pak System (CVE-2019-11135) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-side-cha… ∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – [All] jQuery (Publicly disclosed vulnerability) CVE-2020-11023, CVE-2020-11022 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-o… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK addressed in IBM Cloud Pak System (April 2020 updates) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.09.2020
by Daily end-of-shift report 11 Sep '20

11 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 10-09-2020 18:00 − Freitag 11-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Zoom adds two-factor authentication (2FA) support to all accounts ∗∗∗ --------------------------------------------- Zoom has announced that starting today it has added two-factor authentication (2FA) support to all user accounts to make it simpler to secure them against security breaches and identity theft. --------------------------------------------- https://www.bleepingcomputer.com/news/security/zoom-adds-two-factor-authent… ∗∗∗ Whats in Your Clipboard? Pillaging and Protecting the Clipboard, (Fri, Sep 11th) ∗∗∗ --------------------------------------------- Recently I happened to notice that the Cisco AnyConnect VPN client clears the clipboard if you paste a password into it. (Note - if you know and can type any of your passwords in 2020, you should at least partially examine your life choices). Several password managers also do this "right thing" - retaining passwords in the clipboard is a great way for folks to accidentally paste that information into the worst [...] --------------------------------------------- https://isc.sans.edu/diary/rss/26556 ∗∗∗ WordPress Malware Disables Security Plugins to Avoid Detection ∗∗∗ --------------------------------------------- An alarm or monitoring system is a great tool that can be used to improve the security of a home or website, but what if an attacker can easily disable it? --------------------------------------------- https://blog.sucuri.net/2020/09/wordpress-malware-disables-security-to-avoi… ∗∗∗ Bluetooth anfällig für Angriffe auf Schlüssel – irgendwie ∗∗∗ --------------------------------------------- Das CERT/CC und die Bluetooth-Standardisierer warnen vor Blurtooth – knausern aber mit Informationen zur entdeckten Schwachstelle. --------------------------------------------- https://heise.de/-4891764 ∗∗∗ Sichere Passwörter schützen vor Verlust und Missbrauch ∗∗∗ --------------------------------------------- Sichere Passwörter schützen nicht nur private Informationen vor Fremden. Sie schützen vor allem vor finanziellem Schaden und Identitätsmissbrauch. Daher ist auf die Passwort-Sicherheit besonderen Wert zu legen. --------------------------------------------- https://www.watchlist-internet.at/news/sichere-passwoerter-schuetzen-vor-ve… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (python-pip), Fedora (kernel, libX11, and xen), openSUSE (go1.14), Oracle (libcroco, php:7.3, and postgresql:10), Red Hat (chromium-browser and httpd:2.4), and SUSE (gimp, golang-github-prometheus-prometheus, kernel, libxml2, pdsh, slurm_20_02, slurm, slurm_18_08, and tomcat). --------------------------------------------- https://lwn.net/Articles/831283/ ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: A vulnerability may affect IBM® SDK, Java™ Technology Edition used in Liberty for Java for IBM Cloud (CVE-2020-2590) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-may-affec… ∗∗∗ Security Bulletin: IBM® Db2® on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2020-4411) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-on-aix-and-linux-… ∗∗∗ Security Bulletin: IBM® SDK, Java™ Technology Edition Quarterly CPU – Jul 2020 – Includes Oracle Jul 2020 CPU plus one additional vulnerability affects Liberty for Java for IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: IBM® Db2® on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2020-4412) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-on-aix-and-linux-… ∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime related to the Kerberos component affect IBM® Db2®. (CVE-2019-2949) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: A vulnerability may affect IBM® SDK, Java™ Technology Edition used in Liberty for Java for IBM Cloud (CVE-2020-2601) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-may-affec… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.09.2020
by Daily end-of-shift report 10 Sep '20

10 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 09-09-2020 18:00 − Donnerstag 10-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ ProLock ransomware increases payment demand and victim count ∗∗∗ --------------------------------------------- Using standard tactics, the operators of ProLock ransomware were able to deploy a large number of attacks over the past six months, averaging close to one target every day. --------------------------------------------- https://www.bleepingcomputer.com/news/security/prolock-ransomware-increases… ∗∗∗ An overview of targeted attacks and APTs on Linux ∗∗∗ --------------------------------------------- Perhaps unsurprisingly, a lot has been written about targeted attacks on Windows systems. Windows is, due to its popularity, the platform for which we discover most APT attack tools. At the same time, there’s a widely held opinion that Linux [...] --------------------------------------------- https://securelist.com/an-overview-of-targeted-attacks-and-apts-on-linux/98… ∗∗∗ Zeppelin Ransomware Returns with New Trojan on Board ∗∗∗ --------------------------------------------- The malware has popped up in a targeted campaign and a new infection routine. --------------------------------------------- https://threatpost.com/zeppelin-ransomware-returns-trojan/159092/ ∗∗∗ O365 Phishing Attack Used Real-Time Validation against Active Directory ∗∗∗ --------------------------------------------- A phishing attack used real-time validation against an organization’s Active Directory in order to steal users’ Office 365 credentials. According to Armorblox, the phishing attack targeted an executive working at an American brand that was named one of the world’s Top 50 most innovative companies for 2019 on a Friday evening. The email used spoofing [...] --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/o365-ph… ∗∗∗ BLURtooth Vulnerability Can Allow Bluetooth MITM Attacks ∗∗∗ --------------------------------------------- A security vulnerability in the Cross-Transport Key Derivation (CTKD) of devices supporting both Bluetooth BR/EDR and LE could allow an attacker to overwrite encryption keys, researchers have discovered. --------------------------------------------- https://www.securityweek.com/blurtooth-vulnerability-can-allow-bluetooth-mi… ∗∗∗ Fake Gewinnspiel mit Cineplexx-Gutschein lockt in Abo-Falle ∗∗∗ --------------------------------------------- Auf Facebook wird über Anzeigen und den Facebook-Messenger ein Gewinnspiel beworben. Sie wurden angeblich, ausgewählt Gutscheine für Cineplexx-Kinos zu erhalten. Dafür sollen Sie 2 Euro für die Versandkosten mit Ihrer Kreditkarte bezahlen. Achtung: Das Gewinnspiel ist fake, die Gutscheine gibt es nicht und Sie landen in einer Abo-Falle! Cineplexx selbst hat nichts mit diesen Gewinnspielen zu tun. --------------------------------------------- https://www.watchlist-internet.at/news/fake-gewinnspiel-mit-cineplexx-gutsc… ∗∗∗ New CDRThief malware targets VoIP softswitches to steal call detail records ∗∗∗ --------------------------------------------- Malware targets only two very specific softswitches (software switches): Linknat VOS2009 and VOS3000. --------------------------------------------- https://www.zdnet.com/article/new-cdrthief-malware-targets-voip-softswitche… ∗∗∗ Ransomware-Attacken vervielfacht ∗∗∗ --------------------------------------------- Die Zahl der Ransomware-Angriffe ist im ersten Halbjahr im Vergleich zum Vorjahr um 715% gestiegen. Die Lösegelderpresser werden immer gefährlicher und sorgen für hohe Schäden. --------------------------------------------- https://www.zdnet.de/88382645/ransomware-attacken-vervielfacht/ ∗∗∗ Recent Dridex activity, (Thu, Sep 10th) ∗∗∗ --------------------------------------------- For the past month or so, I hadn't had any luck finding active malspam campaigns pushing Dridex malware. That changed starting this week, and I've since found several examples. Today's diary reviews an infection from Wednesday September 9th, 2020. --------------------------------------------- https://isc.sans.edu/diary/rss/26550 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (ark, gnupg, go, opendmarc, and python-django), Debian (libxml2), Gentoo (chromium), Oracle (librepo and thunderbird), Red Hat (dovecot and httpd:2.4), SUSE (avahi, kernel, and openldap2), and Ubuntu (xorg-server). --------------------------------------------- https://lwn.net/Articles/831178/ ∗∗∗ Palo Alto Networks Patches Serious DoS, Code Execution Flaws in PAN-OS ∗∗∗ --------------------------------------------- Palo Alto Networks this week announced that it has patched critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall software. read more --------------------------------------------- https://www.securityweek.com/palo-alto-networks-patches-serious-dos-code-ex… ∗∗∗ PEPPERL+FUCHS/VMT Bildverarbeitungssysteme GmbH: VMT MSS and VMT IS - Several vulnerabilities in products utilizing WIBU SYSTEMS CodeMeter components ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-034 ∗∗∗ PILZ: Multiple products prone to WIBU CodeMeter vulnerabilities ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-033 ∗∗∗ avahi: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0892 ∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0891 ∗∗∗ Security Advisory - Information Leak Vulnerability in Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200909-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in jackson-databind shipped with IBM Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jackson-… ∗∗∗ Security Bulletin: WebSphere Application Server Admin Console is vulnerable to cross-site scripting (CVE-2020-4578) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Vulnerabilities in IBM HTTP Server affects IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ht… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affect IBM Cloud Orchestrator (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.09.2020
by Daily end-of-shift report 09 Sep '20

09 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 08-09-2020 18:00 − Mittwoch 09-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers use legit tool to take over Docker, Kubernetes platforms ∗∗∗ --------------------------------------------- In a recent attack, cybercrime group TeamTNT relied on a legitimate tool to avoid deploying malicious code on compromised cloud infrastructure and still have a good grip on it. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-use-legit-tool-to-ta… ∗∗∗ Diffie-Hellman-Seitenkanal: Raccoon-Angriff auf TLS betrifft nur Wenige ∗∗∗ --------------------------------------------- Forscher zeigen eine bislang unbekannte Schwäche im TLS-Protokoll, die praktischen Risiken sind aber sehr gering. --------------------------------------------- https://www.golem.de/news/diffie-hellman-seitenkanal-raccoon-angriff-auf-tl… ∗∗∗ Attacking the Qualcomm Adreno GPU ∗∗∗ --------------------------------------------- When writing an Android exploit, breaking out of the application sandbox is often a key step. There are a wide range of remote attacks that give you code execution with the privileges of an application (like the browser or a messaging application), but a sandbox escape is still required to gain full system access. This blog post focuses on an interesting attack surface that is accessible from the Android application sandbox: the graphics processing unit (GPU) --------------------------------------------- https://googleprojectzero.blogspot.com/2020/09/attacking-qualcomm-adreno-gp… ∗∗∗ Adobe behebt Schwachstellen ∗∗∗ --------------------------------------------- Adobes neueste Runde von Sicherheitsupdates behebt schwerwiegende Fehler in Experience Manager, InDesign und Framemaker. Der Grafikspezialist verabschiedet sich zudem von Flash. --------------------------------------------- https://www.zdnet.de/88382613/adobe-behebt-schwachstellen/ ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: Von Angreifern präparierte Websites könnten Windows gefährlich werden ∗∗∗ --------------------------------------------- Microsoft hat Sicherheitsupdates für mehrere Produkte veröffentlicht und über 120 Sicherheitslücken geschlossen. --------------------------------------------- https://heise.de/-4888876 ∗∗∗ IPAS: Security Advisories for September 2020 ∗∗∗ --------------------------------------------- Hi everyone, Today we are releasing four security advisories addressing 9 vulnerabilities that were all internally found by Intel except for INTEL-SA-00405 which was reported through our bug bounty program. --------------------------------------------- https://blogs.intel.com/technology/2020/09/intel-september-2020-security-ad… ∗∗∗ Google Android: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um Schadcode auszuführen, um seine Privilegien zu erhöhen, um Informationen auszuspähen und um Sicherheitsmechanismen zu umgehen. Letztlich kann der Angreifer so die Kontrolle über das Gerät übernehmen. Zur Ausnutzung genügt es, eine bösartige App zu installieren bzw. zu nutzen. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/09/warn… ∗∗∗ Reflected XSS in WordPress Plugin Admin Pages ∗∗∗ --------------------------------------------- The administrative dashboard in WordPress is a pretty safe place: Only elevated users can access it. Exploiting a plugin’s admin panel would serve very little purpose here — an administrator already has the required permissions to do all of the actions a vulnerability could cause. While this is usually true, there are a number of techniques bad actors are using to trick an administrator into performing actions they would not expect, such as Cross Site Request Forgery (CSRF) or [...] --------------------------------------------- https://blog.sucuri.net/2020/09/reflected-xss-in-wordpress-plugin-admin-pag… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (grunt), Fedora (ansible and geary), openSUSE (firefox, gettext-runtime, python-Flask-Cors, and thunderbird), Oracle (firefox and thunderbird), Red Hat (.NET Core 3.1), SUSE (kernel and libjpeg-turbo), and Ubuntu (gnutls28 and libx11). --------------------------------------------- https://lwn.net/Articles/831069/ ∗∗∗ PHOENIX CONTACT: Products utilizing WIBU SYSTEMS CodeMeter components ∗∗∗ --------------------------------------------- Several vulnerabilities have been discovered in WIBU SYSTEMS CodeMeter Runtime. --------------------------------------------- https://cert.vde.com/de-de/advisories/copy_of_vde-2020-030 ∗∗∗ WAGO: Vulnerable WIBU-SYSTEMS Codemeter installed through e!COCKPIT ∗∗∗ --------------------------------------------- Multiple vulnerabilties were reported in WIBU-SYSTEMS Codemeter. --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-032 ∗∗∗ Security Advisory - Privilege Elevation Vulnerability in Microsoft Windows Kerberos Key Distribution Center ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20200909-… ∗∗∗ Security Advisory - Buffer Overflow Vulnerability on Several Mobile Broadband Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200909-… ∗∗∗ Security Advisory - MITM Vulnerability on Huawei Share ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200909-… ∗∗∗ Security Bulletin: IBM InfoSphere Metadata Asset Manager is vulnerable to stored cross-site scripting and server-side request forgery. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-metadata-a… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Improper DLL loading vulnerability affecting Aspera Connect 3.9.9 and earlier ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-improper-dll-loading-vuln… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.09.2020
by Daily end-of-shift report 08 Sep '20

08 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Montag 07-09-2020 18:00 − Dienstag 08-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Windows 10 themes can be abused to steal Windows accounts ∗∗∗ --------------------------------------------- Specially crafted Windows 10 themes and theme packs can be used in Pass-the-Hash attacks to steal Windows account credentials from unsuspecting users. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/windows-10-themes-can-be-ab… ∗∗∗ Office: About OLE and ZIP Files, (Mon, Sep 7th) ∗∗∗ --------------------------------------------- A reader asked if a particular Emotet sample was a malformed ZIP file. It is not, and I will explain why you might think it is in this diary entry. --------------------------------------------- https://isc.sans.edu/diary/rss/26540 ∗∗∗ Japan, France, New Zealand Warn of Sudden Uptick in Emotet Trojan Attacks ∗∗∗ --------------------------------------------- Cybersecurity agencies across Asia and Europe have issued multiple security alerts regarding the resurgence of email-based Emotet malware attacks targeting businesses in France, Japan, and New Zealand. --------------------------------------------- https://thehackernews.com/2020/09/emotet-malware-attack.html ∗∗∗ Was sind Tech-Support Scams? Und: Wie Sie sich davor schützen! ∗∗∗ --------------------------------------------- Ein Tech-Support Scam ist eine Betrugsmasche, wo sich Kriminelle als Service-MitarbeiterInnen von Microsoft oder Apple ausgeben und ein Computerproblem vortäuschen. Die Kontaktaufnahme erfolgt entweder durch die Kriminellen per Telefon oder die Opfer rufen aufgrund eines Pop-Ups selbst bei einer vermeintlichen Service-Stelle an. In beiden Fällen wird eine Fernwartungssoftware installiert, um Zugangsdaten zu erspähen, Schadsoftware zu installieren oder Daten zu löschen oder [...] --------------------------------------------- https://www.watchlist-internet.at/news/was-sind-tech-support-scams-und-wie-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe InDesign (APSB20-52), Adobe Framemaker (APSB20-54) and Adobe Experience Manager (APSB20-56). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1916 ∗∗∗ Windows 10 Sandbox activation enables zero-day vulnerability ∗∗∗ --------------------------------------------- A reverse engineer discovered a new zero-day vulnerability in most Windows 10 editions that allows creating files in restricted areas of the operating system. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-10-sandbox-activatio… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (imagemagick, lemonldap-ng, and zeromq3), Fedora (ark, cryptsetup, gnutls, kernel, kernel-headers, and kernel-tools), openSUSE (firefox, kernel, and thunderbird), Red Hat (cloud-init, go-toolset:rhel8, libcroco, librepo, php:7.3, postgresql:10, and thunderbird), SUSE (firefox and go1.14), and Ubuntu (linux, linux-aws, linux-aws-5.3, linux-aws-5.4, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-azure-5.4, linux-gcp, linux-gcp-4.15, linux-gcp-5.4, [...] --------------------------------------------- https://lwn.net/Articles/830941/ ∗∗∗ SAP Patchday September 2020 ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in SAP Produkten und Anwendungskomponenten ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität der Anwendungen zu gefährden. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0870 ∗∗∗ Citrix StoreFront Security Update ∗∗∗ --------------------------------------------- An issue has been discovered in Citrix StoreFront that, if exploited, would allow an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. --------------------------------------------- https://support.citrix.com/article/CTX277455 ∗∗∗ SSA-770698: User Information Disclosure Vulnerability in Siveillance Video Client ∗∗∗ --------------------------------------------- The Siveillance Video Client contains an information disclosure vulnerability that could allow an attacker to obtain valid adminstrator login names and use this information to launch further attacks. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-770698.txt ∗∗∗ SSA-709003: Privilege Escalation Vulnerability in License Management Utility (LMU) ∗∗∗ --------------------------------------------- The latest update for the License Management Utility (LMU), which is used by multiple Siemens building technology products, fixes a vulnerability that could allow local users to escalate privileges and execute code as local SYSTEM user. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-709003.txt ∗∗∗ SSA-568969: Insecure Storage of Sensitive Information in Spectrum Power™ 4 ∗∗∗ --------------------------------------------- Vulnerabilities in Spectrum Power™ 4 could allow an unauthorized attacker to retrieve a list of software users, or in certain cases to list the contents of a directory. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-568969.txt ∗∗∗ SSA-542525: Authentication Vulnerabilities in SIMATIC HMI Products ∗∗∗ --------------------------------------------- SIMATIC HMI Products are affected by two vulnerabilities that could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-542525.txt ∗∗∗ SSA-534763: Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products ∗∗∗ --------------------------------------------- Security researchers published information on a vulnerability known as Crosstalk (INTEL-SA-00320). This vulnerability affects modern Intel processors to a varying degree. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-534763.txt ∗∗∗ SSA-455843: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products ∗∗∗ --------------------------------------------- CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens and Siemens Energy products for license management. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-455843.txt ∗∗∗ SSA-436520: XSS and CSRF Vulnerabilities in Polarion Subversion Webclient ∗∗∗ --------------------------------------------- Multiple cross-site scripting (XSS) vulnerabilities were found in the subversion webclient of Polarion. In addition, the webclient doesnt have any cross-site request forgery (CSRF) protection. An attacker could inject client side script to induce the victim to issue an HTTP request that would lead to a state changing operation. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-436520.txt ∗∗∗ SSA-381684: Improper Password Protection during Authentication in SIMATIC S7-300 and S7-400 CPUs ∗∗∗ --------------------------------------------- A vulnerability has been identified in SIMATIC S7-300 and S7-400 CPU families, which could result in credential disclosure. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-381684.txt ∗∗∗ SSA-251935: Multiple Privilege Escalation Vulnerabilities in SIMATIC RTLS Locating Manager ∗∗∗ --------------------------------------------- The latest update for SIMATIC RTLS Locating Manager fixes various vulnerabilities that could allow a low-privileged local user to escalate privileges. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-251935.txt ∗∗∗ Red Hat Enterprise Linux: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0871 ∗∗∗ Security Bulletin: Novalink is impacted by denial of service high vulnerability in WebSphere Application Server Liberty CVE-2019-4720 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-d… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – July 2020 – Includes Oracle July 2020 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Security Bulletin: Novalink is impacted by Publicly disclosed vulnerability in IBM Java SDK/JRE (CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-novalin… ∗∗∗ Security Bulletin: Novalink is impacted Apache CXF affects middle vulnerability in WebSphere Application Server Liberty (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-apac… ∗∗∗ Security Bulletin: Novalink is impacted by Apache CXF affects WebSphere Liberty JAX-WS middle vulnerability in WebSphere Application Server Liberty (CVE-2019-17573) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-a… ∗∗∗ Security Bulletin: Vulnerability in Apache Ant affects IBM Platform Symphony and IBM Spectrum Symphony ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.09.2020
by Daily end-of-shift report 07 Sep '20

07 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 04-09-2020 18:00 − Montag 07-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Visa warns of new Baka credit card JavaScript skimmer ∗∗∗ --------------------------------------------- Visa issued a warning regarding a new JavaScript e-commerce skimmer known as Baka that will remove itself from memory after exfiltrating stolen data and analysis. --------------------------------------------- https://www.bleepingcomputer.com/news/security/visa-warns-of-new-baka-credi… ∗∗∗ Threema E2EE chat app to go fully open source within months ∗∗∗ --------------------------------------------- Threema follows in the footsteps of Signal and Wickr and opens its apps codebase. --------------------------------------------- https://www.zdnet.com/article/threema-e2ee-chat-app-to-go-fully-open-source… ∗∗∗ Manipulierte Excel-Dateien in Phishing-Mails ∗∗∗ --------------------------------------------- Eine neu entdeckte Malware-Bande benutzt einen cleveren Trick, um bösartige Excel-Dateien zu erstellen, die eine höhere Chance haben, Sicherheitssysteme zu umgehen. --------------------------------------------- https://www.zdnet.de/88382491/manipulierte-excel-dateien-in-phishing-mails/ ∗∗∗ Angriffe auf WordPress-Plugin ∗∗∗ --------------------------------------------- Millionen von WordPress-Sites wurden diese Woche angegriffen, weil Hacker eine Zero-Day-Schwachstelle in "File Manager", einem beliebten WordPress-Plugin, ausnutzen. --------------------------------------------- https://www.zdnet.de/88382493/angriffe-auf-wordpress-plug-in/ ===================== = Vulnerabilities = ===================== ∗∗∗ Linux: Keine Eile beim Schließen einer Kernel-Sicherheitslücke ∗∗∗ --------------------------------------------- Mit einem Buffer Overflow im Linux-Kernel lässt sich ein System durch lokale Nutzer zum Absturz bringen, eine Rechteausweitung ist wohl möglich. --------------------------------------------- https://www.golem.de/news/linux-keine-eile-beim-schliessen-einer-kernel-sic… ∗∗∗ Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster ∗∗∗ --------------------------------------------- During a routine research audit for our Sucuri Firewall, we discovered a post deletion, arbitrary posting in social networks, and arbitrary plugin settings update affecting over 100,000 users of the WordPress plugin. --------------------------------------------- https://blog.sucuri.net/2020/09/insufficient-privilege-validation-in-nextsc… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ark, netty, netty-3.9, qemu, squid3, and xorg-server), Fedora (chromium), Gentoo (dovecot and gnutls), Mageia (ansible, postgresql, and python-rsa), openSUSE (curl, freerdp, libX11, php7, squid, and xorg-x11-server), Oracle (kernel), Red Hat (thunderbird), Slackware (gnutls), and SUSE (firefox, kernel, and thunderbird). --------------------------------------------- https://lwn.net/Articles/830856/ ∗∗∗ Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4698 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affects IMS™ Enterprise Suite: Explorer for Development (CVE-2020-14577) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ Security Bulletin: Cross Site Scripting vulnerabilities in jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-7656, CVE-2020-11022, CVE-2020-11023 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-enterprise-content-manage… ∗∗∗ Security Bulletin: Cross-site scripting vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4516 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: IBM Aspera Shares 1.9.14 Patch Level 1 and earlier are vulnerable to DOM XSS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-shares-1-9-14-… ∗∗∗ Security Bulletin: Java Quarterly CPU affecting Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-java-quarterly-cpu-affect… ∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0868 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.09.2020
by Daily end-of-shift report 04 Sep '20

04 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 03-09-2020 18:00 − Freitag 04-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ FBI: Thousands of orgs targeted by RDoS extortion campaign ∗∗∗ --------------------------------------------- The FBI warns US companies that thousands of organizations around the world, from various industry sectors, have been threatened with DDoS attacks within six days unless they pay a Bitcoin ransom. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fbi-thousands-of-orgs-target… ∗∗∗ Phishing adds overlay on official company page to steal logins ∗∗∗ --------------------------------------------- A phishing campaign deployed recently at various businesses uses the companys home page to disguise the attack and trick potential victims into providing login credentials. --------------------------------------------- https://www.bleepingcomputer.com/news/security/phishing-adds-overlay-on-off… ∗∗∗ A blast from the past - XXEncoded VB6.0 Trojan, (Fri, Sep 4th) ∗∗∗ --------------------------------------------- While going over what my e-mail malware quarantine caught during this week, I found a message which made me feel rather nostalgic. Among the usual maldocs, ZIPs and ACEs, there was also an e mail carrying an XXE file in its attachment. --------------------------------------------- https://isc.sans.edu/diary/rss/26538 ∗∗∗ Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2020-17496 ∗∗∗ --------------------------------------------- We provide an analysis of CVE-2020-17496, proof of concept code to demonstrate the vulnerability and information on attacks we have observed. --------------------------------------------- https://unit42.paloaltonetworks.com/cve-2020-17496/ ∗∗∗ Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa ∗∗∗ --------------------------------------------- We observed a variant of the Thanos ransomware that attempted to overwrite the master boot record, a more destructive approach than previous versions. --------------------------------------------- https://unit42.paloaltonetworks.com/thanos-ransomware/ ∗∗∗ Firefox will add a new drive-by-download protection ∗∗∗ --------------------------------------------- Firefox will block automatic downloads initiated from sandboxed iframes -- the technology usually used for web embeds. --------------------------------------------- https://www.zdnet.com/article/firefox-will-add-a-new-drive-by-download-prot… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (curl, dovecot, geary, httpd, lua, mysql-connector-java, and squid), Mageia (lua and lua5.3, sane, and squid), Oracle (dovecot), Scientific Linux (dovecot), SUSE (java-1_7_1-ibm, kernel, php5, and xorg-x11-server), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/830632/ ∗∗∗ Security Bulletin: IBM InfoSphere Metadata Asset Manager is vulnerable to stored cross-site scripting and server-side request forgery. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-metadata-a… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Apr 2020 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Oct 2019 CPU (CVE-2019-2964, CVE-2019-2989 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Netcool Agile Service Manager (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Improper DLL loading vulnerability affecting Aspera Connect 3.9.9 and earlier ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-improper-dll-loading-vuln… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.09.2020
by Daily end-of-shift report 03 Sep '20

03 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 02-09-2020 18:00 − Donnerstag 03-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Microsoft Defender can ironically be used to download malware ∗∗∗ --------------------------------------------- A recent update to Windows 10s Microsoft Defender antivirus solution ironically allows it to download malware and other files to a Windows computer. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-can-iron… ∗∗∗ Sandbox Evasion Using NTP, (Thu, Sep 3rd) ∗∗∗ --------------------------------------------- I'm still hunting for interesting (read: "malicious") Python samples. By reading my previous diaries, you know that I like to find how attackers implement obfuscation and evasion techniques. Like yesterday, I found a Python sample that creates a thread to run a malicious shellcode[1]. But before processing the shellcode, it performs suspicious network traffic: [...] --------------------------------------------- https://isc.sans.edu/diary/rss/26534 ∗∗∗ Salfram: Robbing the place without removing your name tag ∗∗∗ --------------------------------------------- By Holger Unterbrink and Edmund Brumaghin. Threat summary Cisco Talos recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware.The campaigns distributed various malware payloads including Gozi ISFB, ZLoader, SmokeLoader and AveMaria, among others. Ongoing campaigns are distributing various malware families using the same crypter. --------------------------------------------- https://blog.talosintelligence.com/2020/09/salfram-robbing-place-without-re… ∗∗∗ Inter: The Magecart Skimming Tool Now on More than 1,500 Sites ∗∗∗ --------------------------------------------- Digital web skimming attacks continue to increase. By now, anyone running an e-commerce shop is aware of the dangers of groups like Magecart, which infect a website every 16 minutes. However, to truly understand these skimmer groups, you have to understand the tools of the trade. The Inter Skimmer kit is one of todays most common and widely used digital skimming solutions globally. --------------------------------------------- https://www.riskiq.com/blog/external-threat-management/inter-skimmer/ ∗∗∗ New Python-scripted trojan malware targets fintech companies ∗∗∗ --------------------------------------------- PyVil RAT is capable of keylogging, taking screenshots and more - and the those behind it have gone to great lengths to keep it as under the radar as possible. --------------------------------------------- https://www.zdnet.com/article/new-python-scripted-trojan-malware-targets-fi… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Sicherheitsupdates: Jabber + präparierte Nachricht = Schadcode ∗∗∗ --------------------------------------------- Cisco hat Sicherheitsupdates für unter anderem Jabber, IOS XR und Webex Meetings veröffentlicht. --------------------------------------------- https://heise.de/-4884609 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (asyncpg and uwsgi), Mageia (cairo), openSUSE (chromium, kernel, and postgresql10), Red Hat (dovecot and squid:4), SUSE (curl, java-1_7_0-ibm, java-1_7_1-ibm, java-1_8_0-ibm, kernel, libX11, php7, squid, and xorg-x11-server), and Ubuntu (apport, libx11, and xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04). --------------------------------------------- https://lwn.net/Articles/830496/ ∗∗∗ Backdoors left unpatched in MoFi routers ∗∗∗ --------------------------------------------- MoFi Network patched only six of ten reported vulnerabilities, leaving three hard-coded undocumented backdoor systems in place. --------------------------------------------- https://www.zdnet.com/article/backdoors-left-unpatched-in-mofi-routers/ ∗∗∗ Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in MySQL. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-develope… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Information exposure in HTML comments vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM API Connect's Developer Portal is vulnerable to social engineering attacks (CVE-2020-4337) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-develope… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Hard-coded passwords vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Use of Broken or Risky Cryptographic Algorithm vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Use of Insufficiently Random Value vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.09.2020
by Daily end-of-shift report 02 Sep '20

02 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 01-09-2020 18:00 − Mittwoch 02-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Attackers abuse Google DNS over HTTPS to download malware ∗∗∗ --------------------------------------------- More details have emerged on a malware sample that uses Google DNS over HTTPS to retrieve the stage 2 malicious payload. --------------------------------------------- https://www.bleepingcomputer.com/news/security/attackers-abuse-google-dns-o… ∗∗∗ Exposed Windows Domain Controllers Used in CLDAP DDoS Attacks, (Tue, Sep 1st) ∗∗∗ --------------------------------------------- LDAP, like many UDP based protocols, has the ability to send responses that are larger than the request. With UDP not requiring any handshake before data is sent, these protocols make ideal amplifiers for reflective distributed denial of service attacks. Most commonly, these attacks abuse DNS and we have talked about this in the past. But LDAP is another protocol that is often abused. --------------------------------------------- https://isc.sans.edu/diary/rss/26526 ∗∗∗ Using assert() to Execute Malware in PHP 7 Environments ∗∗∗ --------------------------------------------- Initially released December 2015, PHP 7 introduced a multitude of performance and security improvements. Approximately 43.7% of websites across the web currently use PHP 7.x, making it an incredibly popular scripting language — which is likely why attackers are creating malware to target environments which leverage it. During a recent investigation, our team stumbled across some malicious code which is used to inject a .user.ini file into a PHP 7 environment and add zend.assertions = 1. --------------------------------------------- https://blog.sucuri.net/2020/09/using-assert-to-execute-malware-php-7.html ∗∗∗ Cloud firewall management API SNAFU put 500k SonicWall customers at risk ∗∗∗ --------------------------------------------- TL;DR I found an IDOR in SonicWall’s cloud management platform API Any user could add themselves to any account at any organisation using it Anyone could create a user account [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/cloud-firewall-management-api… ∗∗∗ Erpressungs-Mail mit Bombendrohung massenhaft versendet ∗∗∗ --------------------------------------------- Vorsicht vor einer betrügerischen Erpressungs-E-Mail: Kriminelle versenden Nachrichten, in denen sie behaupten, dass eine Bombe im Geschäftsgebäude der EmpfängerInnen platziert wurde. Sollten die Unternehmen, die die Nachrichten erhalten haben, nicht binnen 80 Stunden 20.000 Dollar in Bitcoin bezahlen, soll diese explodieren. Die E-Mail ist frei erfunden und es muss nichts bezahlt werden! --------------------------------------------- https://www.watchlist-internet.at/news/erpressungs-mail-mit-bombendrohung-m… ===================== = Vulnerabilities = ===================== ∗∗∗ New Intel microcode updates for Windows 10 fix CPU hardware bugs ∗∗∗ --------------------------------------------- Microsoft has released a new batch of Intel microcode updates for Windows 10 2004, 1909, 1903, and older versions to fix hardware bugs in Intel CPUs. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/new-intel-microcode-updates… ∗∗∗ Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws ∗∗∗ --------------------------------------------- Two flaws - one of them yet to be fixed - are afflicting a third-party plugin used by Magento e-commerce websites. --------------------------------------------- https://threatpost.com/magento-sites-vulnerable-to-rce-stemming-from-magmi-… ∗∗∗ Verschlüsselung: TLS-1.3-Fauxpas gefährdet Embedded-Systeme mit wolfSSL ∗∗∗ --------------------------------------------- Aus Sicherheitsgründen sollten Admins die TLS-Programmbibliothek wolfSSL auf den aktuellen Stand bringen. --------------------------------------------- https://heise.de/-4883741 ∗∗∗ TYPO3-EXT-SA-2020-017: Multiple vulnerabilities in extension "Event management and registration" (sf_event_mgt) ∗∗∗ --------------------------------------------- It has been discovered that the extension "Event management and registration" (sf_event_mgt) is susceptible to Information Disclosure and Broken Access Control. --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2020-017 ∗∗∗ TYPO3-EXT-SA-2020-016: Information Disclosure in extension "Localization Manager" (l10nmgr) ∗∗∗ --------------------------------------------- It has been discovered that the extension "Localization Manager" (l10nmgr) is susceptible to Information Disclosure. --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2020-016 ∗∗∗ 700,000 WordPress Users Affected by Zero-Day Vulnerability in File Manager Plugin ∗∗∗ --------------------------------------------- This morning, on September 1, 2020, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being actively exploited in File Manager, a WordPress plugin with over 700,000 active installations. This vulnerability allowed unauthenticated users to execute commands and upload malicious files on a target site. A patch was released this morning [...] --------------------------------------------- https://www.wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-z… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Mageia (mutt and putty), openSUSE (ldb, samba, libqt5-qtbase, opera, and postgresql10), Red Hat (bash, kernel, and libvncserver), SUSE (apache2, curl, and squid), and Ubuntu (ark, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, [...] --------------------------------------------- https://lwn.net/Articles/830392/ ∗∗∗ Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W ∗∗∗ --------------------------------------------- https://sec-consult.com/./en/blog/advisories/multiple-vulnerabilities-in-re… ∗∗∗ Security Advisory - Command Injection Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200902-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200902-… ∗∗∗ Security Advisory - Information Disclosure Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200902-… ∗∗∗ Security Advisory - Remote Code Execution vulnerability in Apache Struts 2 ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200902-… ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.9.0 ESR) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.2.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Vulnerability in Apache Commons Codec affects IBM Spectrum Scale Transparent Cloud Tiering (177835) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-c… ∗∗∗ Security Bulletin: Code injection vulnerability in IBM Spectrum Protect Operations Center (CVE-2020-4693) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-code-injection-vulnerabil… ∗∗∗ Security Bulletin: Information Disclosure vulnerability in IBM Spectrum Protect Server (CVE-2020-4591) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by Use of Hard-Coded Credentials vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a Java vulnerability (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-transp… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OS Command Injection vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OS Command Injection vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.09.2020
by Daily end-of-shift report 01 Sep '20

01 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Montag 31-08-2020 18:00 − Dienstag 01-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers are backdooring QNAP NAS devices with 3-year old RCE bug ∗∗∗ --------------------------------------------- Hackers are scanning for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions, trying to exploit a remote code execution (RCE) vulnerability addressed by QNAP in a previous release. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-are-backdooring-qnap… ∗∗∗ DLL Fixer leads to Cyrat Ransomware ∗∗∗ --------------------------------------------- A new ransomware uses an unusual symmetric encryption method named "Fernet". It is Python based and appends .CYRAT to encrypted files. --------------------------------------------- https://feeds.feedblitz.com/~/634890360/0/gdatasecurityblog-en~DLL-Fixer-le… ∗∗∗ Notarisierte Mac-Malware: Apple beglaubigte offenbar mehrfach Trojaner ∗∗∗ --------------------------------------------- Apples Notarisierungsdienst soll Mac-Nutzer vor Malware schützen. Nun beglaubigte der Hersteller auch den notorischen Schädling "Shlayer". --------------------------------------------- https://heise.de/-4882770 ∗∗∗ New web skimmer steals credit card data, sends to crooks via Telegram ∗∗∗ --------------------------------------------- Criminals steal payment data from online shoppers by abusing the Telegram instant messaging API, inserting credit card skimming code. --------------------------------------------- https://blog.malwarebytes.com/web-threats/2020/09/web-skimmer-steals-credit… ∗∗∗ Quarterly Report: Incident Response trends in Summer 2020 ∗∗∗ --------------------------------------------- By David Liebenberg and Caitlin Huey. For the fifth quarter in a row, Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape. Infections involved a wide variety of malware families including Ryuk, Maze, LockBit, and Netwalker, among others. In a continuation of trends observed in last quarter’s report, these ransomware attacks have relied much less on commodity trojans such as Emotet and Trickbot. --------------------------------------------- https://blog.talosintelligence.com/2020/09/CTIR-quarterly-trends-Q4-2020.ht… ∗∗∗ Gratis iPhone 11 oder Samsung Galaxy S20 durch Hofer-Umfrage? ∗∗∗ --------------------------------------------- Kriminelle geben sich als Hofer aus und versenden wahllos E-Mails, in denen behauptet wird, Ihre E-Mail- bzw. IP-Adresse sei ausgewählt worden. Sie sollen daher an einer kurzen Umfrage teilnehmen und dadurch ein kostenloses iPhone 11 oder Samsung Galaxy S20 erhalten. Vorsicht: Die E-Mail stammt nicht von Hofer, Sie erhalten kein Smartphone geschenkt und Sie landen in einer teuren Abo-Falle! --------------------------------------------- https://www.watchlist-internet.at/news/gratis-iphone-11-oder-samsung-galaxy… ∗∗∗ Cybersquatting: Attackers Mimicking Domains of Major Brands Including Facebook, Apple, Amazon and Netflix to Scam Consumers ∗∗∗ --------------------------------------------- Our researchers analyzed data on cybersquatting to learn which domains attackers most often mimic and other key details of the practice. --------------------------------------------- https://unit42.paloaltonetworks.com/cybersquatting/ ∗∗∗ "Accessible Ubiquiti Service Discovery": Erster Datenfeed in der Taxonomie "Intrusions" ∗∗∗ --------------------------------------------- Ubiquiti Geräte benutzen ein Discovery Protokoll, um sich gegenseitig automatisch zu erkennen. Während das innerhalb des eigenen Netzwerks nützlich sein kann, machen fehlerhaft konfigurierte Geräte eine Vielzahl an Daten über sich öffentlich abrufbar. Als wäre dieses Problem nicht genug, gab es in älteren Firmware-Versionen eine Schwachstelle, die eine automatisierte Übernahme der betroffenen Systeme ermöglicht(e). --------------------------------------------- https://cert.at/de/blog/2020/9/accessible-ubiquiti-service-discovery-erster… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates: Schutzsoftware von Trend Micro kann PCs gefährden ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitspatches für Trend Micro Apex One und OfficeScan XG. --------------------------------------------- https://heise.de/-4883268 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apache2 and libx11), Fedora (batik, ecj, eclipse, eclipse-cdt, eclipse-ecf, eclipse-emf, eclipse-gef, eclipse-m2e-core, eclipse-mpc, eclipse-mylyn, eclipse-remote, eclipse-webtools, firefox, httpd, jetty, lucene, selinux-policy, and univocity-parsers), Mageia (hylafax+), openSUSE (ark and chromium), Red Hat (virt:8.2 and virt-devel:8.2), SUSE (freeradius-server, freerdp, php7, php72, php74, and xorg-x11-server), and Ubuntu (freerdp2, keystone, [...] --------------------------------------------- https://lwn.net/Articles/830278/ ∗∗∗ QNAP NAS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0857 ∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affect IBM Cloud Manager with OpenStack (CVE-2019-2949) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Vulnerabilities in Faster-XML jackson-databind affects IBM Operations Analytics Predictive Insights ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster… ∗∗∗ Security Bulletin: Vulnerabilities in Faster-XML jackson-databind affect IBM Operations Analytics Predictive Insights ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster… ∗∗∗ Security Bulletin: IBM® Java™ SDK Technology Edition, Oct 2019, affects IBM Security Identity Manager Virtual Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-technology-e… ∗∗∗ Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-… ∗∗∗ Security Bulletin: Vulnerabilities in Faster-XML jackson affect IBM Operations Analytics Predictive Insights (CVE-2019-14060, CVE-2019-14661, CVE-2019-14662) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Apache Struts Affect IBM Sterling File Gateway (CVE-2019-0233, CVE-2019-0230) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Vulnerability in Bash affects IBM Spectrum Protect Plus (CVE-2019-9924) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bash-aff… ∗∗∗ Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities – Apache Thrift (CVE-2019-0205) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-usi… ∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server(Liberty profile) affects IBM Operations Analytics Predictive Insights (CVE-2020-4329) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-we… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily