===================== = End-of-Day report = =====================
Timeframe: Donnerstag 03-09-2020 18:00 − Freitag 04-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ FBI: Thousands of orgs targeted by RDoS extortion campaign ∗∗∗ --------------------------------------------- The FBI warns US companies that thousands of organizations around the world, from various industry sectors, have been threatened with DDoS attacks within six days unless they pay a Bitcoin ransom. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fbi-thousands-of-orgs-targete...
∗∗∗ Phishing adds overlay on official company page to steal logins ∗∗∗ --------------------------------------------- A phishing campaign deployed recently at various businesses uses the companys home page to disguise the attack and trick potential victims into providing login credentials. --------------------------------------------- https://www.bleepingcomputer.com/news/security/phishing-adds-overlay-on-offi...
∗∗∗ A blast from the past - XXEncoded VB6.0 Trojan, (Fri, Sep 4th) ∗∗∗ --------------------------------------------- While going over what my e-mail malware quarantine caught during this week, I found a message which made me feel rather nostalgic. Among the usual maldocs, ZIPs and ACEs, there was also an e mail carrying an XXE file in its attachment. --------------------------------------------- https://isc.sans.edu/diary/rss/26538
∗∗∗ Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2020-17496 ∗∗∗ --------------------------------------------- We provide an analysis of CVE-2020-17496, proof of concept code to demonstrate the vulnerability and information on attacks we have observed. --------------------------------------------- https://unit42.paloaltonetworks.com/cve-2020-17496/
∗∗∗ Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa ∗∗∗ --------------------------------------------- We observed a variant of the Thanos ransomware that attempted to overwrite the master boot record, a more destructive approach than previous versions. --------------------------------------------- https://unit42.paloaltonetworks.com/thanos-ransomware/
∗∗∗ Firefox will add a new drive-by-download protection ∗∗∗ --------------------------------------------- Firefox will block automatic downloads initiated from sandboxed iframes -- the technology usually used for web embeds. --------------------------------------------- https://www.zdnet.com/article/firefox-will-add-a-new-drive-by-download-prote...
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (curl, dovecot, geary, httpd, lua, mysql-connector-java, and squid), Mageia (lua and lua5.3, sane, and squid), Oracle (dovecot), Scientific Linux (dovecot), SUSE (java-1_7_1-ibm, kernel, php5, and xorg-x11-server), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/830632/
∗∗∗ Security Bulletin: IBM InfoSphere Metadata Asset Manager is vulnerable to stored cross-site scripting and server-side request forgery. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-metadata-as...
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Apr 2020 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Oct 2019 CPU (CVE-2019-2964, CVE-2019-2989 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Netcool Agile Service Manager (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-jav...
∗∗∗ Security Bulletin: Improper DLL loading vulnerability affecting Aspera Connect 3.9.9 and earlier ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-improper-dll-loading-vulne...