===================== = End-of-Day report = =====================
Timeframe: Montag 07-12-2020 18:00 − Mittwoch 09-12-2020 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ Credit card stealing malware bundles backdoor for easy reinstall ∗∗∗ --------------------------------------------- An almost impossible to remove malware set to automatically activate on Black Friday was deployed on multiple Magento-powered online stores by threat actors according to researchers at Dutch cyber-security company Sansec. --------------------------------------------- https://www.bleepingcomputer.com/news/security/credit-card-stealing-malware-...
∗∗∗ Microsoft fixes new Windows Kerberos security bug in staged rollout ∗∗∗ --------------------------------------------- Microsoft has issued security updates to address a Kerberos security feature bypass vulnerability impacting multiple Windows Server versions in a two-phase staged rollout. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-fixes-new-windows-k...
∗∗∗ IT-Security: Hacker klauen Hacking-Werkzeuge von Fireeye ∗∗∗ --------------------------------------------- Das Security-Unternehmen versucht nun, das Schlimmste zu verhindern und gibt Tipps gegen die eigenen Angriffswerkzeuge. --------------------------------------------- https://www.golem.de/news/it-security-hacker-klauen-hacking-werkzeuge-von-fi...
∗∗∗ OpenSSL behebt Speicherfehler ∗∗∗ --------------------------------------------- Ein Update beseitigt einen Null-Pointer-Zugriff, der laut Advisory zum Absturz führen kann. --------------------------------------------- https://heise.de/-4985050
∗∗∗ Threat Assessment: Egregor Ransomware ∗∗∗ --------------------------------------------- Unit 42 shares courses of action that can help mitigate tactics, techniques and procedures used with Egregor ransomware. --------------------------------------------- https://unit42.paloaltonetworks.com/egregor-ransomware-courses-of-action/
∗∗∗ njRAT Spreading Through Active Pastebin Command and Control Tunnel ∗∗∗ --------------------------------------------- Malware authors have been leveraging njRAT (AKA Bladabindi), a Remote Access trojan), to download and deliver second-stage payloads from Pastebin. --------------------------------------------- https://unit42.paloaltonetworks.com/njrat-pastebin-command-and-control/
∗∗∗ Achtung: Kriminelle versenden betrügerische Mails im Namen von FinanzOnline ∗∗∗ --------------------------------------------- Derzeit versenden BetrügerInnen zahlreiche E-Mails im Namen des Finanzamtes. Angeblich würden Sie eine Steuerrückerstattung von 1.850 Euro bekommen. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-kriminelle-versenden-betruege...
===================== = Vulnerabilities = =====================
∗∗∗ Command Injection: NSA warnt vor VMware-Lücke ∗∗∗ --------------------------------------------- Der US-Geheimdienst NSA sieht russische Akteure hinter Angriffen auf eine Sicherheitslücke in VMware-Produkten. --------------------------------------------- https://www.golem.de/news/command-injection-nsa-warnt-vor-vmware-luecke-2012...
∗∗∗ D-Link Routers at Risk for Remote Takeover from Zero-Day Flaws ∗∗∗ --------------------------------------------- Critical vulnerabilities discovered by Digital Defense can allow attackers to gain root access and take over devices running same firmware. --------------------------------------------- https://threatpost.com/d-link-routers-zero-day-flaws/162064/
∗∗∗ Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams ∗∗∗ --------------------------------------------- A zero-click remote code execution (RCE) bug in Microsoft Teams desktop apps could have allowed an adversary to execute arbitrary code by merely sending a specially-crafted chat message and compromise a targets system. --------------------------------------------- https://thehackernews.com/2020/12/zero-click-wormable-rce-vulnerability.html
∗∗∗ ZDI-20-1400: (0Day) Realtek RTL8811AU Wi-Fi Driver rtwlane Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of the Realtek RTL8811AU Wi-Fi driver. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1400/
∗∗∗ ZDI-20-1399: (0Day) Realtek RTL8811AU Wi-Fi Driver rtwlanu Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of the Realtek RTL8811AU Wi-Fi driver. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1399/
∗∗∗ Jetzt updaten: Cisco schiebt Update für Security-Manager-Lücke von November nach ∗∗∗ --------------------------------------------- Für eine Sicherheitslücke mit "High"-Einstufung im Security Manager stand noch ein Fix aus. Da Proof-of-Concept-Code online ist, sollten Nutzer jetzt handeln. --------------------------------------------- https://heise.de/-4983238
∗∗∗ Patchday: Microsoft stopft kritische Lücken in Exchange Server ∗∗∗ --------------------------------------------- Für unter anderem Hyper-V, Office und Windows stehen wichtige Sicherheitsupdates zum Download bereit. Einige Lücken gelten als kritisch. --------------------------------------------- https://heise.de/-4984254
∗∗∗ Kritische Lücke im Python-Framework PyYAML bedroht IBM Spectrum Protect ∗∗∗ --------------------------------------------- IBM hat unter anderem für IBM Db2 und Spectrum Protect wichtige Sicherheitsupdates veröffentlicht. --------------------------------------------- https://heise.de/-4983755
∗∗∗ Patchday: Adobe schließt kritische Lücken - aber nicht in Flash ∗∗∗ --------------------------------------------- Sicherheitspatches schließen Schadcode-Lücken in Adobe Experience Manager, Lightroom und Prelude. --------------------------------------------- https://heise.de/-4984303
∗∗∗ Patchday: SAP-Updates versperren Angriffswege über teils kritische Lücken ∗∗∗ --------------------------------------------- Neben einer NetWeaver-Schwachstelle mit dem CVSS-"Highscore" 10 hat SAP zum Patchday noch zahlreiche weitere Sicherheitsprobleme aus seinen Produkten entfernt. --------------------------------------------- https://heise.de/-4984262
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (minidlna, openssl, and trafficserver), Mageia (oniguruma, php-pear, python, python3, and x11vnc), openSUSE (minidlna), Oracle (kernel and net-snmp), Red Hat (kernel, mariadb-galera, microcode_ctl, and net-snmp), Slackware (seamonkey), SUSE (thunderbird and xen), and Ubuntu (xorg-server). --------------------------------------------- https://lwn.net/Articles/839311/
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (golang-golang-x-net-dev, python-certbot, and xorg-server), Fedora (resteasy, scap-security-guide, and vips), openSUSE (chromium, python, and rpmlint), SUSE (kernel), and Ubuntu (aptdaemon, curl, gdk-pixbuf, lxml, and openssl, openssl1.0). --------------------------------------------- https://lwn.net/Articles/839481/
∗∗∗ December 2020 Android Updates Patch 46 Vulnerabilities ∗∗∗ --------------------------------------------- A total of 46 vulnerabilities were addressed this week with the release of the December 2020 security updates for Android. --------------------------------------------- https://www.securityweek.com/december-2020-android-updates-patch-46-vulnerab...
∗∗∗ Amnesia:33: TCP/IP-Schwachstellen gefährden Millionen internetfähige Geräte ∗∗∗ --------------------------------------------- Die 33 Anfälligkeiten verteilen sich auf vier Open-Source-Bibliotheken. Hersteller integrieren die Bibliotheken wiederum in die Firmware von Routern, Switches, Druckern und vielen anderen Geräten. Oftmals bieten diese keine Option zur Aktualisierung der Gerätesoftware. --------------------------------------------- https://www.zdnet.de/88390349/amnesia33-tcp-ip-schwachstellen-gefaehrden-mil...
∗∗∗ GE Healthcare Imaging and Ultrasound Products ∗∗∗ --------------------------------------------- This advisory contains mitigations for Unprotected Transport of Credentials, and Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in select GE Healthcare Imaging and Ultrasound products. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01
∗∗∗ ICS-CERT Security Advisories - December 8th, 2020 ∗∗∗ --------------------------------------------- SummaryICS-CERT has released nine security advisories addressing vulnerabilities in ICS-related devices and software. --------------------------------------------- https://exchange.xforce.ibmcloud.com/collection/7b486a6b0dbeee0d5e268e11454c...
∗∗∗ Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-...
∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/
∗∗∗ Security Advisory - Information Disclosure Vulnerability in TE Mobile Software ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201209-0...
∗∗∗ Security Advisory - CSV Injection Vulnerability in iManager NetEco Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201209-0...
∗∗∗ LibTIFF vulnerability CVE-2018-18557 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K70117303
∗∗∗ Linux kernel vulnerability CVE-2017-10661 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04337834
∗∗∗ Linux kernel vulnerability CVE-2017-18344 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K07020416
∗∗∗ NGINX Controller Agent vulnerability CVE-2020-27730 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43530108
∗∗∗ Linux kernel vulnerability CVE-2018-18397 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K83102920
∗∗∗ Linux kernel vulnerability CVE-2018-1120 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42202505
∗∗∗ Citrix Secure Mail for Android Security Update ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX286763