===================== = End-of-Day report = =====================
Timeframe: Dienstag 06-10-2020 18:00 − Mittwoch 07-10-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ Backdoor Shell Dropper Deploys CMS-Specific Malware ∗∗∗ --------------------------------------------- A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and execute whatever commands they want. --------------------------------------------- https://blog.sucuri.net/2020/10/backdoor-shell-dropper-deploys-cms-specific-...
∗∗∗ Alert (AA20-280A): Emotet Malware ∗∗∗ --------------------------------------------- Emotet—a sophisticated Trojan commonly functioning as a downloader or dropper of other malware—resurged in July 2020, after a dormant period that began in February. --------------------------------------------- https://us-cert.cisa.gov/ncas/alerts/aa20-280a
∗∗∗ New HEH botnet can wipe routers and IoT devices ∗∗∗ --------------------------------------------- The disk-wiping feature is present in the code but has not been used yet. --------------------------------------------- https://www.zdnet.com/article/new-heh-botnet-can-wipe-routers-and-iot-device...
∗∗∗ Betrügerische Post-Mail verbreitet Schadsoftware ∗∗∗ --------------------------------------------- Derzeit werden betrügerische E-Mails im Namen der Post willkürlich an zahlreiche EmpfängerInnen versendet. Die Kriminellen drohen den Opfern mit einer Geldstrafe, da bestimmte Kosten noch nicht bezahlt wurden. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-post-mail-verbreitet-s...
===================== = Vulnerabilities = =====================
∗∗∗ Enter the Vault: Authentication Issues in HashiCorp Vault ∗∗∗ --------------------------------------------- Posted by Felix Wilhelm, Project Zero: In this blog post I'll discuss two vulnerabilities in HashiCorp Vault and its integration with Amazon Web Services (AWS) and Google Cloud Platform (GCP). --------------------------------------------- https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-h...
∗∗∗ 90 days, 16 bugs, and an Azure Sphere Challenge ∗∗∗ --------------------------------------------- Cisco Talos reports 16 vulnerabilities in Microsoft Azure Spheres sponsored research challenge. --------------------------------------------- https://blog.talosintelligence.com/2020/10/Azure-Sphere-Challenge.html
∗∗∗ Security Bulletin: Security vulnerabilities in OpenSSH and OpenSSL shipped with IBM Security Access Manager Appliance (CVE-2018-15473, CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-i...
∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data – Node.js (CVE-2019-15606, CVE-2019-15604, CVE-2019-15605) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-a...
∗∗∗ Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-a...
∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Apache commons beanutils 1.9.2 library vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-a...
∗∗∗ Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in MySQL. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-developer...
∗∗∗ Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to a denial of service (CVE-2020-4590) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-liberty-for-java-for-ibm-c...
∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OpenSSL vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-a...
∗∗∗ Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-a...
∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Apache Commons vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-a...
∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-a...