[CERT-daily] Tageszusammenfassung - 14.08.2020
Daily end-of-shift report
team at cert.at
Fri Aug 14 18:08:01 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 13-08-2020 18:00 − Freitag 14-08-2020 18:00
Handler: Dimitri Robl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Definition of overkill - using 130 MB executable to hide 24 kB malware, (Fri, Aug 14th) ∗∗∗
---------------------------------------------
One of our readers, Lukas, shared an unusual malicious executable with us earlier this week - one that was 130 MB in size. Making executables extremely large is not an uncommon technique among malware authors[1], as it allows them to easily avoid detection by most AV solutions, since the size of files which AVs will check is usually fairly low (tens of megabytes at most).
---------------------------------------------
https://isc.sans.edu/diary/rss/26464
∗∗∗ XCSSET: Mac-Malware infiziert Xcode-Projekte ∗∗∗
---------------------------------------------
Der Schädling setzt auf 0-day-Exploits, um Nutzerdaten zu klauen. Manipulierte Xcode-Projekte finden über Github Verbreitung, warnt eine Sicherheitsfirma.
---------------------------------------------
https://heise.de/-4870987
∗∗∗ Chrome extensions that lie about their permissions ∗∗∗
---------------------------------------------
Users have learned to review the list of permissions Chrome extensions require before installing them from the webstore. But whats the use if they lie to you?
---------------------------------------------
https://blog.malwarebytes.com/puppum/2020/08/chrome-extensions-that-lie-about-their-permissions/
∗∗∗ Vorsicht vor Handwerks-Notdiensten mit der Telefonnummer 06608643901! ∗∗∗
---------------------------------------------
Bei einem Wasserrohrbruch, einem Gasgebrechen oder bei einem Stromausfall, muss meist schnell eine Expertin oder ein Experte her. Für die Überprüfung eines Installations- oder Elektrik-Notdienstes bleibt da oft keine Zeit mehr. Das nützen unseriöse Unternehmen aus: Sie bieten online einen Notdienst an, kommen auch tatsächlich, aber stellen im Nachhinein viel zu überhöhte Kosten in Rechnung.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-handwerks-notdiensten-mit-der-telefonnummer-06608643901/
∗∗∗ Mekotio: These aren’t the security updates you’re looking for… ∗∗∗
---------------------------------------------
Another in our occasional series demystifying Latin American banking trojans The post Mekotio: These aren’t the security updates you’re looking for… appeared first on WeLiveSecurity
---------------------------------------------
https://www.welivesecurity.com/2020/08/13/mekotio-these-arent-the-security-updates-youre-looking-for/
=====================
= Vulnerabilities =
=====================
∗∗∗ Sicherheitslücke: Microsofts Multi-Faktor-Authentifizierung umgangen ∗∗∗
---------------------------------------------
Eigentlich sollten Microsofts Onlinedienste mit Fido-Stick und PIN geschützt sein - doch zwei Entwickler konnten die PIN-Abfrage umgehen.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-microsofts-multi-faktor-authentifizierung-umgangen-2008-150275.html
∗∗∗ Critical Vulnerabilities Patched in Quiz and Survey Master Plugin ∗∗∗
---------------------------------------------
On July 17, 2020, our Threat Intelligence team discovered two vulnerabilities in Quiz and Survey Master (QSM), a WordPress plugin installed on over 30,000 sites. These flaws made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution, as well as delete arbitrary files like a site’s wp-config.php file [...]
---------------------------------------------
https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime may affect Tivoli Netcool Performance Manager for Wireless,Oracle January 2020 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-may-affect-tivoli-netcool-performance-manager-for-wirelessoracle-january-2020-cpu/
∗∗∗ Security Bulletin: jackson-databind (Publicly disclosed vulnerability) found in Network Performance Insight (CVE-2020-8840) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-publicly-disclosed-vulnerability-found-in-network-performance-insight-cve-2020-8840/
∗∗∗ Security Bulletin: Netcool Operations Insight – Cloud Native Event Analytics is affected by a International Components for Unicode (ICU) for C/C++ vulnerability (CVE-2020-10531) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insight-cloud-native-event-analytics-is-affected-by-a-international-components-for-unicode-icu-for-c-c-vulnerability-cve-2020-10531/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio July 2020 CPU plus deferred CVE-2019-2590 and CVE-2020-2601 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-service-registry-and-repository-and-websphere-service-registry-and-repository-studio-july-2020-cpu-plus-deferred-cve/
∗∗∗ Security Bulletin: A vulnerability exists in the Event Streams 10.0.0 schema registry that allows unauthorised access to create, edit and delete schemas (CVE-2020-4662) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in-the-event-streams-10-0-0-schema-registry-that-allows-unauthorised-access-to-create-edit-and-delete-schemas-cve-2020-4662/
∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4589) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4589-2/
∗∗∗ Apache Struts: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0824
∗∗∗ PostgreSQL: Mehrere Schwachstellen ermöglichen Privilegieneskalation ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0825
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list