[CERT-daily] Tageszusammenfassung - 06.08.2020
Daily end-of-shift report
team at cert.at
Thu Aug 6 18:08:42 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 05-08-2020 18:00 − Donnerstag 06-08-2020 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB20-48) ∗∗∗
---------------------------------------------
A prenotification security advisory (APSB20-48) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, August 11, 2020.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1906
∗∗∗ Incident Response Analyst Report 2019 ∗∗∗
---------------------------------------------
As an incident response service provider, Kaspersky delivers a global service that results in a global visibility of adversaries’ cyber-incident tactics and techniques on the wild. In this report, we share our teams’ conclusions and analysis based on incident responses and statistics from 2019.
---------------------------------------------
https://securelist.com/incident-response-analyst-report-2019/97974/
∗∗∗ A Fork of the FTCode Powershell Ransomware, (Thu, Aug 6th) ∗∗∗
---------------------------------------------
Yesterday, I found a new malicious Powershell script that deserved to be analyzed due to the way it was dropped on the victims computer. As usual, the malware was delivered through a malicious Word document with a VBA macro. A first observation reveals that its a file less macro. The malicious Base64 code is stored in multiples environment variables that are concatenated then executed through an IEX command...
---------------------------------------------
https://isc.sans.edu/diary/rss/26434
∗∗∗ Ad Hoc Log-Management im Ernstfall (SEC Defence) ∗∗∗
---------------------------------------------
Viele Organisationen, welche kein eigenes Incident Response Team haben, verfügen über keine oder nur sehr mangelhafte Visibility im eigenen Unternehmensnetzwerk. Doch vor Allem für die Aufarbeitung und Behebung des Vorfalls ist es unerlässlich auf allen Systemen angemessene Sichtbarkeit sicherzustellen.
---------------------------------------------
https://www.sec-consult.com/./blog/2020/07/ad-hoc-log-management-im-ernstfall-sec-defence/
∗∗∗ PHP Backdoor Obfuscated One Liner ∗∗∗
---------------------------------------------
In the past, I have explained how small one line PHP backdoors use obfuscation and strings of code in HTTP requests to pass attacker’s commands to backdoors. Today, I’ll highlight another similar injection example and describe some of the malicious behavior we’ve seen recently on compromised websites.
---------------------------------------------
https://blog.sucuri.net/2020/08/php-backdoor-obfuscated-one-liner.html
∗∗∗ Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack ∗∗∗
---------------------------------------------
A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers. Amit Klein, VP of Security Research at SafeBreach who presented the findings today at the Black Hat security conference, said that the attacks highlight how web servers and HTTP proxy servers are still susceptible to HTTP request smuggling even after 15 years since they were first documented.
---------------------------------------------
https://thehackernews.com/2020/08/http-request-smuggling.html
∗∗∗ Makro-Malware für macOS: Forscher warnt vor unterschätzter Gefahr ∗∗∗
---------------------------------------------
Ein "Office Drama" naht für macOS-User, fürchtet Patrick Wardle. Makro-Malware könnte Schutzmaßnahmen aushebeln, erläuterte der Forscher auf der Black Hat 2020.
---------------------------------------------
https://heise.de/-4864148
=====================
= Vulnerabilities =
=====================
∗∗∗ Cisco Security Advisories ∗∗∗
---------------------------------------------
Cisco hat 19 Security Advisories veröffentlicht. Keine der Schwachstellen wird als kritisch eingestuft, vier als "High".
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2020%2F08%2F05&firstPublishedEndDate=2020%2F08%2F06
∗∗∗ Security Bulletin: IBM MQ could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. (CVE-2020-4375) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-an-attacker-to-cause-a-denial-of-service-due-to-a-memory-leak-caused-by-an-error-creating-a-dynamic-queue-cve-2020-4375/
∗∗∗ Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i is affected by CVE-2020-2654 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java-runtime-for-ibm-i-is-affected-by-cve-2020-2654/
∗∗∗ Security Bulletin: IBM MQ is affected by a vulnerability within IBM WebSphere Liberty (CVE-2020-4329) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-vulnerability-within-ibm-websphere-liberty-cve-2020-4329/
∗∗∗ Security Bulletin: CVE-2020-2601 may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2601-may-affect-ibm-sdk-java-technology-edition/
∗∗∗ Security Bulletin: IBM MQ is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code (CVE-2020-4465) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-buffer-overflow-vulnerability-due-to-an-error-within-the-channel-processing-code-cve-2020-4465/
∗∗∗ Security Bulletin: Vulnerability CVE-2019-2949 in IBM Java SDK and IBM Java Runtime affects IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2019-2949-in-ibm-java-sdk-and-ibm-java-runtime-affects-ibm-i/
∗∗∗ Security Bulletin: IBM MQ could allow an attacker to cause a denial of service caused by an error within the pubsub logic. (CVE-2020-4376) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-an-attacker-to-cause-a-denial-of-service-caused-by-an-error-within-the-pubsub-logic-cve-2020-4376/
∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-spss-statistics-5/
∗∗∗ Security Bulletin: CVE-2020-2590 may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2590-may-affect-ibm-sdk-java-technology-edition/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list