===================== = End-of-Day report = =====================
Timeframe: Mittwoch 23-12-2020 18:00 − Montag 28-12-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ Jahresrückblick 2020: Diese Themen beschäftigten uns heuer! ∗∗∗ --------------------------------------------- Die Corona-Krise hat 2020 die ganze Welt in Atem gehalten. Auch bei der Watchlist Internet blieb die Corona-Krise nicht unbemerkt. Kriminelle nutzten die globale Gesundheitskrise für verschiedene Betrugsmaschen – von Fake-Shops, die Atemschutzmasken in ihr Angebot aufnahmen, über betrügerische Jobangebote bis hin zu Phishing-Nachrichten. Ebenfalls mit verschiedenen Betrugsmaschen in Verbindung steht der wachsende Trend von unseriöser Werbung. Fake-Shops werden dabei [...] --------------------------------------------- https://www.watchlist-internet.at/news/jahresrueckblick-2020-diese-themen-be...
∗∗∗ Amazon-Geschenkkarte mit Banking-Trojaner Dridex ∗∗∗ --------------------------------------------- Ein unwillkommenes Mitbringsel präsentiert eine angebliche Amazon-Geschenkkarte. Unaufmerksame Verbraucher werden mit dem Banking-Trojaner Dridex bestohlen. --------------------------------------------- https://www.zdnet.de/88391026/amazon-geschenkkarte-mit-banking-trojaner-drid...
∗∗∗ Hacker missbrauchen Citrix-Geräte für DDoS-Attacken ∗∗∗ --------------------------------------------- Bedrohungsakteure haben eine Möglichkeit entdeckt, Junk-Web-Traffic gegen Citrix ADC-Netzwerkgeräte zu verstärken, um Distributed Denial of Service (DDoS)-Angriffe zu starten. --------------------------------------------- https://www.zdnet.de/88391041/hacker-missbrauchen-citrix-geraete-fuer-ddos-a...
∗∗∗ DevOps und Security im Einklang ∗∗∗ --------------------------------------------- DevOps-Teams sehen Sicherheit oft als Innovationsbremse. Wir geben einige Tipps, wie Sie effektive Entwicklerarbeit und Security unter einen Hut bringen. --------------------------------------------- https://www.zdnet.de/88391052/devops-und-security-im-einklang/
∗∗∗ CrowdStrike releases free Azure security tool after failed hack ∗∗∗ --------------------------------------------- Leading cybersecurity firm CrowdStrike was notified by Microsoft that threat actors had attempted to read the companys emails through compromised by Microsoft Azure credentials. --------------------------------------------- https://www.bleepingcomputer.com/news/security/crowdstrike-releases-free-azu...
∗∗∗ GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic ∗∗∗ --------------------------------------------- A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script. --------------------------------------------- https://www.bleepingcomputer.com/news/security/github-hosted-malware-calcula...
∗∗∗ Multi-platform card skimmer found on Shopify, BigCommerce stores ∗∗∗ --------------------------------------------- A recently discovered multi-platform credit card skimmer can harvest payment info on compromised stores powered by Shopify, BigCommerce, Zencart, and Woocommerce. --------------------------------------------- https://www.bleepingcomputer.com/news/security/multi-platform-card-skimmer-f...
∗∗∗ Third-Party APIs: How to Prevent Enumeration Attacks ∗∗∗ --------------------------------------------- Jason Kent, hacker-in-residence at Cequence, walks through online-retail card fraud and what to do about it. --------------------------------------------- https://threatpost.com/third-party-apis-enumeration-attacks/162589/
∗∗∗ Analysis Dridex Dropper, IoC extraction (guest diary), (Wed, Dec 23rd) ∗∗∗ --------------------------------------------- A couple of weeks ago, I assisted Xavier when he taught FOR610 in (virtual) Frankfurt. Last week, one of our students (Nicklas Keijser) sent us this analysis that we decided to share as a guest diary. --------------------------------------------- https://isc.sans.edu/diary/rss/26920
∗∗∗ CISA Releases Free Detection Tool for Azure/M365 Environment ∗∗∗ --------------------------------------------- CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and authentication-based attacks seen in multiple sectors. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2020/12/24/cisa-releases-free...
∗∗∗ The History of DNS Vulnerabilities and the Cloud ∗∗∗ --------------------------------------------- We review the history of DNS vulnerabilities, particularly DNS cache poisoning, examining both past vulnerabilities and more advanced attacks. --------------------------------------------- https://unit42.paloaltonetworks.com/dns-vulnerabilities/
===================== = Vulnerabilities = =====================
∗∗∗ Project Zero: Schlecht gepatchte Windows-Lücke weiter ausnutzbar ∗∗∗ --------------------------------------------- Eine aktiv ausgenutzte Sicherheitslücke in Windows ist trotz Hinweisen von Google und einem unzureichenden Patch immer noch nicht behoben. --------------------------------------------- https://www.golem.de/news/project-zero-schlecht-gepatchte-windows-luecke-wei...
∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (spip and sympa), Gentoo (c-ares, cherokee, curl, dbus, firefox, gdk-pixbuf, haproxy, libass, nss, openssl, pdns, pdns-recursor, php, samba, tomcat, and webkit-gtk), and SUSE (java-1_8_0-ibm, openexr, and python3). --------------------------------------------- https://lwn.net/Articles/841225/
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (xen) and SUSE (flac and openexr). --------------------------------------------- https://lwn.net/Articles/841243/
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (horizon, kitty, python-apt, and roundcube), Fedora (libmaxminddb, mediawiki, mingw-binutils, and thunderbird), Mageia (erlang-rebar3), openSUSE (blosc, ceph, firefox, flac, kdeconnect-kde, openexr, ovmf, PackageKit, python3, thunderbird, and xen), and SUSE (thunderbird). --------------------------------------------- https://lwn.net/Articles/841378/
∗∗∗ VU#429301: Veritas Backup Exec is vulnerable to privilege escalation due to OPENSSLDIR location ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/429301
∗∗∗ VU#843464: SolarWinds Orion API authentication bypass allows remote command execution ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/843464
∗∗∗ Security Bulletin: IBM MQ is affected by a vulnerability in Eclipse Jetty (CVE-2019-17638) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-vu...
∗∗∗ Security Bulletin: tzdata has been updated to tzdata-2020d to address Fiji and Palestine time zone changes ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-tzdata-has-been-updated-to...
∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Samba affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnera...
∗∗∗ Linux kernel and TMM vulnerability CVE-2020-25705 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K09604370
∗∗∗ Linux kernel vulnerability CVE-2018-10675 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K40540405