[CERT-daily] Tageszusammenfassung - 27.08.2020
Daily end-of-shift report
team at cert.at
Thu Aug 27 18:32:00 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 26-08-2020 18:00 − Donnerstag 27-08-2020 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Revamped Qbot Trojan Packs New Punch: Hijacks Email Threads ∗∗∗
---------------------------------------------
New version of trojan is spreading fast and already has claimed 100,000 victims globally, Check Point has discovered.
---------------------------------------------
https://threatpost.com/revamped-qbot-trojan-packs-new-punch-hijacks-email-threads/
∗∗∗ Security.txt - one small file for an admin, one giant help to a security researcher, (Thu, Aug 27th) ∗∗∗
---------------------------------------------
The draft standard "A File Format to Aid in Security Vulnerability Disclosure" covers the creation of a file called "security.txt" in the /.well-known/ path on a web server, or in its root, which contains information relevant to the security of the server.
---------------------------------------------
https://isc.sans.edu/diary/rss/26510
∗∗∗ Cybercrime: Trickbot droht nun ebenfalls mit Veröffentlichung ∗∗∗
---------------------------------------------
Die mit Emotet verbundene Trickbot-Bande setzt eine neue Ransomware ein und betreibt jetzt auch eine eigene Leak-Plattform.
---------------------------------------------
https://heise.de/-4879948
∗∗∗ Mysteriöse Popup-Meldungen verunsichern Android-Nutzer ∗∗∗
---------------------------------------------
"Test" – das ist der lapidare Inhalt von Push-Nachrichten, die derzeit offenbar in großem Umfang auf Android-Handys auf-poppen.
---------------------------------------------
https://heise.de/-4880604
∗∗∗ Microsoft Warns of New Anubis Info-Stealer Distributed in the Wild ∗∗∗
---------------------------------------------
Microsoft warned on Thursday that a recently uncovered piece of malware designed to help cybercriminals steal information from infected systems is now actively distributed in the wild.
---------------------------------------------
https://www.securityweek.com/microsoft-warns-new-anubis-info-stealer-distributed-wild
∗∗∗ Cetus: Cryptojacking Worm Targeting Docker Daemons ∗∗∗
---------------------------------------------
Cetus is a new and improved Docker cryptojacking worm mining for Monero, discovered in a Docker daemon honeypot.
---------------------------------------------
https://unit42.paloaltonetworks.com/cetus-cryptojacking-worm/
=====================
= Vulnerabilities =
=====================
∗∗∗ Foxit Studio Photo für Windows: Neue Version gegen Schwachstellen abgesichert ∗∗∗
---------------------------------------------
Version 3.6.6.928 der Bildbearbeitungssoftware Foxit Studio Photo schließt zwei Schwachstellen, deren Ausnutzung eine Nutzerinteraktion erfordert hätte.
---------------------------------------------
https://heise.de/-4879609
∗∗∗ Angreifer könnten F5 BIG-IP Application Security Manager lahmlegen ∗∗∗
---------------------------------------------
F5 hat wichtige Sicherheitsupdates für verschiedene BIG-IP Appliances veröffentlicht.
---------------------------------------------
https://heise.de/-4880348
∗∗∗ Sicherheitsupdates: Cisco sichert Netzwerksoftware NX-OS gegen DoS-Attacken ab ∗∗∗
---------------------------------------------
Aufgrund von mehreren Sicherheitslücken könnten Angreifer verschiedene Switch-Modelle von Cisco attackieren.
---------------------------------------------
https://heise.de/-4880654
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr and nginx), Fedora (firefox, firejail, and lua), Gentoo (chromium, docker, firefox and thunderbird, net-snmp, postgresql, and wireshark), openSUSE (chromium, claws-mail, dovecot23, libreoffice, and python3), Oracle (kernel), Scientific Linux (firefox), SUSE (apache2, graphviz, and libxslt), and Ubuntu (firefox, libmysofa, and squid3).
---------------------------------------------
https://lwn.net/Articles/829690/
∗∗∗ Vulnerabilities Expose Popular DVB-T2 Set-Top Boxes to Botnets: Researchers ∗∗∗
---------------------------------------------
Avast security researchers have identified vulnerabilities in DVB-T2 devices that could allow attackers to ensnare them in botnets.
---------------------------------------------
https://www.securityweek.com/vulnerabilities-expose-popular-dvb-t2-set-top-boxes-botnets-researchers
∗∗∗ Mozilla Thunderbird: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/08/warnmeldung_tw-t20-0157.html
∗∗∗ Security Bulletin: Vulnerability in Netty 4.1.x before 4.1.46 affects IBM Operations Analytics Predictive Insights (CVE-2020-11612) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-netty-4-1-x-before-4-1-46-affects-ibm-operations-analytics-predictive-insights-cve-2020-11612/
∗∗∗ Security Bulletin: CVE-2020-2654 in IBM® Runtime Environment Java™ affects TXSeries for Multiplatforms ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-in-ibm-runtime-environment-java-affects-txseries-for-multiplatforms/
∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by IBM SDK, Java Technology Edition Quarterly CPU – Apr 2020 vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-ibm-sdk-java-technology-edition-quarterly-cpu-apr-2020-vulnerabilities/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-itcam-for-soa-3/
∗∗∗ Security Bulletin: WebSphere Application Server ND is vulnerable to cross-site scripting (CVE-2020-4575) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-nd-is-vulnerable-to-cross-site-scripting-cve-2020-4575/
∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-multiple-vulnerabilities/
∗∗∗ Security Bulletin: Openstack Keystone vulnerabilities affects IBM Spectrum Scale (CVE-2020-12689) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openstack-keystone-vulnerabilities-affects-ibm-spectrum-scale-cve-2020-12689/
∗∗∗ Security Bulletin: A vulnerability in IBM® Java™ Runtime Environment affects IBM CICS TX on Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-environment-affects-ibm-cics-tx-on-cloud/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list