===================== = End-of-Day report = =====================
Timeframe: Montag 19-10-2020 18:00 − Dienstag 20-10-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack ∗∗∗ --------------------------------------------- Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours. --------------------------------------------- https://threatpost.com/ryuk-ransomware-gang-zerologon-lightning-attack/16028...
∗∗∗ Mirai-alike Python Scanner, (Tue, Oct 20th) ∗∗∗ --------------------------------------------- Last week, I found an interesting Python script that behaves like a Mirai bot. It scans for vulnerable devices exposing their telnet (TCP/23) interface in the wild, then tries to connect using a dictionary of credentials. --------------------------------------------- https://isc.sans.edu/diary/rss/26698
∗∗∗ Advanced Ransomware Attacks ∗∗∗ --------------------------------------------- SI-CERT, the national CSIRT of Slovenia has been handling reports of ransomware attacks on a regular basis since April 2012. Until 2019, attack victims were selected randomly as part of a mass-volume campaign aiming to spread the virus. However, since 2019 the attacks have been more targeted. --------------------------------------------- https://connect.geant.org/2020/10/19/advanced-ransomware-attacks
∗∗∗ Beim Kauf auf Kleinanzeigen-Plattformen: Zahlung nicht via PayPal-Funktion „Geld an Freunde oder Familie senden“ durchführen ∗∗∗ --------------------------------------------- Auf den beliebten Kleinanzeigen-Plattformen wie willhaben, shpock oder ebay Kleinanzeigen treiben auch Kriminelle ihr Unwesen. Neben Vorkasse- und Treuhand-Betrug ist auch der PayPal-Trick eine beliebte Masche, um KäuferInnen abzuzocken. --------------------------------------------- https://www.watchlist-internet.at/news/beim-kauf-auf-kleinanzeigen-plattform...
===================== = Vulnerabilities = =====================
∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Illustrator (APSB20-53), Adobe Dreamweaver (APSB20-55), Marketo(APSB20-60), Adobe Animate (APSB20-61), Adobe After Effects (APSB20-62), Adobe Photoshop (APSB20-63), Adobe Premiere Pro (APSB20-64), Adobe Media Encoder (APSB20-65), Adobe InDesign (APSB20-66) and Adobe Creative Cloud Desktop Application (APSB20-68). --------------------------------------------- https://blogs.adobe.com/psirt/?p=1930
∗∗∗ QNAP: Sicherheitsupdates für QTS wehren "Zerologon"-Angriffe auf NAS ab ∗∗∗ --------------------------------------------- Je nach Konfiguration können Netzwerkspeicher von QNAP über die Sicherheitslücke "Zerologon" aus der Ferne angreifbar sein. Updates für QTS stehen bereit. --------------------------------------------- https://heise.de/-4932748
∗∗∗ Seven mobile browsers vulnerable to address bar spoofing attacks ∗∗∗ --------------------------------------------- Vulnerabilities allow attackers to trick users into accessing malicious sites while showing the incorrect URL in the address bar. --------------------------------------------- https://www.zdnet.com/article/seven-mobile-browsers-vulnerable-to-address-ba...
∗∗∗ Security Bulletin: Cross-Site Scripting Security Vulnerability Affects IBM Sterling B2B Integrator Standard Edition ( CVE-2020-4564) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-secur...
∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged local user may cause a denial of service ( CVE-2020-4411) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-i...
∗∗∗ Security Bulletin: IBM Elastic Storage System 3000 is affected by weak cryptographic algorithm (CVE-2020-4350) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-system...
∗∗∗ Security Bulletin: SQL Injection Vulnerability Affects the Graphic Process Modeler in IBM Sterling B2B Integrator (CVE-2019-4680) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerabilit...
∗∗∗ Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnera...
∗∗∗ Security Bulletin: A vulnerability in IBM Spectrum Scale packaged in IBM Elastic Storage System could cause a denial of service (CVE-2020-4756) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-spe...
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageGateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ Security Bulletin: Cross-Site Scripting Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4564) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulne...
∗∗∗ Security Bulletin: Multiple vulnerabilities affect the IBM Spectrum Scale GUI. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-a...
∗∗∗ Security Bulletin: Multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ XSA-347 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-347.html
∗∗∗ XSA-346 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-346.html
∗∗∗ XSA-345 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-345.html
∗∗∗ XSA-332 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-332.html
∗∗∗ XSA-331 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-331.html
∗∗∗ XSA-286 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-286.html
∗∗∗ Security Vulnerabilities fixed in Firefox 82 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/
∗∗∗ Synology-SA-20:24 Media Server ∗∗∗ --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_24
∗∗∗ Synology-SA-20:23 Download Station ∗∗∗ --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_23
∗∗∗ VMware ESXi: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-1003
∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-1005