[CERT-daily] Tageszusammenfassung - 20.08.2020
Daily end-of-shift report
team at cert.at
Thu Aug 20 18:24:53 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 19-08-2020 18:00 − Donnerstag 20-08-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Lucifer cryptomining DDoS malware now targets Linux systems ∗∗∗
---------------------------------------------
A hybrid DDoS botnet known for turning vulnerable Windows devices into Monero cryptomining bots is now also scanning for and infecting Linux systems.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/lucifer-cryptomining-ddos-malware-now-targets-linux-systems/
∗∗∗ Transparent Tribe: Evolution analysis,part 1 ∗∗∗
---------------------------------------------
Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Proofpoint published a very good article about them in 2016, and since that day, we have kept an eye on the group. [...] The USBWorm component is real, and it has been detected on hundreds of systems. This is malware whose existence was already speculated about years ago, but as far as we know, it has never been publicly described.
---------------------------------------------
https://securelist.com/transparent-tribe-part-1/98127/
∗∗∗ Office 365 Mail Forwarding Rules (and other Mail Rules too), (Thu, Aug 20th) ∗∗∗
---------------------------------------------
If you haven't heard, SANS suffered a "Data Incident" this summer, the disclosure was released on August 11. Details can be found in several locations: [...]
So that being said, how can we look for these things if you have hundreds, thousands or tens-of-thousands of mailboxes to consider? In an Office 365 shop, and especially if I wrote the code, the answer is most likely going to be PowerShell!
---------------------------------------------
https://isc.sans.edu/diary/rss/26484
∗∗∗ IBM Db2 Shared Memory Vulnerability (CVE-2020-4414) ∗∗∗
---------------------------------------------
I’ve recently blogged about a shared memory vulnerability in Cisco WebEx Meetings Client on Windows where any user can read memory dedicated to trace data. It turns out that this is a common problem. IBM Db2 is affected by the exact same type of problem. Developers forgot to put explicit memory protections around the shared memory used by the Db2 trace facility. This allows any local users read and write access to that memory area.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/ibm-db2-shared-memory-vulnerability-cve-2020-4414/
∗∗∗ Kriminelle versuchen Zugangsdaten zum Online-Banking zu klauen! ∗∗∗
---------------------------------------------
Haben Sie in den letzten Tagen auch eine E-Mail der „BawagPSK“ erhalten? Wenn ja, seien Sie vorsichtig! Es sind derzeit wieder vermehrt betrügerische Nachrichten unterwegs, in denen die Kriminellen Ihnen vorgaukeln, dass Sie die neue Sicherheits-App installieren müssen, damit Ihr Online-Banking funktioniert. Tatsächlich geht es aber nur darum, an Ihre Zugangsdaten zu kommen!
---------------------------------------------
https://www.watchlist-internet.at/news/kriminelle-versuchen-zugangsdaten-zum-online-banking-zu-klauen/
∗∗∗ Google fixes major Gmail bug seven hours after exploit details go public ∗∗∗
---------------------------------------------
Attackers could have sent spoofed emails mimicking any Gmail or G Suite customer.
---------------------------------------------
https://www.zdnet.com/article/google-fixes-major-gmail-bug-seven-hours-after-exploit-details-go-public/
=====================
= Vulnerabilities =
=====================
∗∗∗ Cisco Security Advisories 2020-08-19 ∗∗∗
---------------------------------------------
Cisco hat 24 Security-Advisories veröffentlicht, davon wurden 1 als Kritisch und 2 als Hoch eingestuft.
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2020%2F08%2F19&firstPublishedEndDate=2020%2F08%2F20&limit=50
∗∗∗ Wichtige Sicherheitsupdates für Windows 8.1/Server 2012 R2 veröffentlicht ∗∗∗
---------------------------------------------
Microsoft sichert Windows 8.1 und Windows Server 2012 R2 außer der Reihe ab.
---------------------------------------------
https://heise.de/-4874571
∗∗∗ High-Severity Vulnerability Patched in Advanced Access Manager ∗∗∗
---------------------------------------------
On August 13, 2020, the Wordfence Threat Intelligence team finished investigating two vulnerabilities in Advanced Access Manager, a WordPress plugin with over 100,000 installations, including a high-severity Authorization Bypass vulnerability that could lead to privilege escalation and site takeover.
---------------------------------------------
https://www.wordfence.com/blog/2020/08/high-severity-vulnerability-patched-in-advanced-access-manager/
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (ansible, libmetalink, roundcubemail, rubygem-kramdown, sqlite, and swtpm), Slackware (curl), SUSE (python and python3), and Ubuntu (qemu).
---------------------------------------------
https://lwn.net/Articles/829181/
∗∗∗ Security Advisory - Integer Overflow Vulnerability in Huawei Smartphone ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200819-03-smartphone-en
∗∗∗ Security Advisory - Out Of Bound Read Vulnerability in Huawei Smartphone ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200819-02-smartphone-en
∗∗∗ Security Advisory - Information Leak Vulnerability in Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200819-01-fc-en
∗∗∗ Security Bulletin: IBM Content Navigator is susceptible to a sensitive data exposure. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-susceptible-to-a-sensitive-data-exposure/
∗∗∗ Security Bulletin: Vulnerability in Bash affects IBM Spectrum Protect Plus (CVE-2019-9924) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bash-affects-ibm-spectrum-protect-plus-cve-2019-9924-2/
∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-buffer-overflow-leading-to-a-privileged-escalation-cve-2020-4363-3/
∗∗∗ Security Bulletin: IBM Content Manager is affected by a potential information disclosure vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-manager-is-affected-by-a-potential-information-disclosure-vulnerability/
∗∗∗ Security Bulletin: IBM Content Navigator is vulnerable to an Elliptic Curve Key Disclosure. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-vulnerable-to-an-elliptic-curve-key-disclosure/
∗∗∗ Security Bulletin: Autocomplete not disabled for password field in IBM Content Navigator. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-autocomplete-not-disabled-for-password-field-in-ibm-content-navigator/
∗∗∗ Security Bulletin: IBM Content Navigator is vulnerable to improper input validation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-vulnerable-to-improper-input-validation/
∗∗∗ Security Bulletin: vulnerability in snakeyaml might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2017-18640 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-snakeyaml-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2017-18640/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list