[CERT-daily] Tageszusammenfassung - 31.08.2020
Daily end-of-shift report
team at cert.at
Mon Aug 31 19:03:51 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 28-08-2020 18:00 − Montag 31-08-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Emotet malwares new Red Dawn attachment is just as dangerous ∗∗∗
---------------------------------------------
The Emotet botnet has begun to use a new template for their malicious attachments, and it is just as dangerous as ever.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/emotet-malwares-new-red-dawn-attachment-is-just-as-dangerous/
∗∗∗ Finding The Original Maldoc, (Sun, Aug 30th) ∗∗∗
---------------------------------------------
Xavier wrote about a "Malicious Excel Sheet with a NULL VT Score" and I showed how to extract the VBA code from the maldoc cleaned by AV.
---------------------------------------------
https://isc.sans.edu/diary/rss/26520
∗∗∗ Persistent WordPress User Injection ∗∗∗
---------------------------------------------
Our team recently stumbled across an interesting example of malicious code used to add an arbitrary user inside WordPress. The following code was detected at the bottom of the theme’s functions.php. It uses internal WordPress functions like wp_create_user() and add_role() to create a new user and elevate its role to “administrator:”
---------------------------------------------
https://blog.sucuri.net/2020/08/persistent-wordpress-user-injection.html
∗∗∗ Its Not Just an Unusual Login: Why Pay Attention to Threats Facing SaaS and Cloud? ∗∗∗
---------------------------------------------
There is a whole category of cyber-attacks largely untouched by the media. With breaking threat discoveries usually focused on targeted spear-phishing campaigns or widespread ransomware, cyber-attacks targeting cloud and SaaS are often overlooked.
---------------------------------------------
https://www.securityweek.com/its-not-just-unusual-login-why-pay-attention-threats-facing-saas-and-cloud
∗∗∗ Cisco warns of actively exploited IOS XR zero-day ∗∗∗
---------------------------------------------
Cisco said it discovered the attacks last week during a support case the companys support team was called in to investigate.
---------------------------------------------
https://www.zdnet.com/article/cisco-warns-of-actively-exploited-ios-xr-zero-day/
∗∗∗ Malware in Spiele-API ∗∗∗
---------------------------------------------
Eine Javascript-Malware auf dem npm-Portal, einem Teil von Github, täuschte vor, eine Schnittstelle zum Partyspiel "Fallguys: Ultimate Knockout" zu sein.
---------------------------------------------
https://www.zdnet.de/88382359/malware-in-spiele-api/
=====================
= Vulnerabilities =
=====================
∗∗∗ Critical Slack Bug Allows Access to Private Channels, Conversations ∗∗∗
---------------------------------------------
The RCE bug affects versions below 4.4 of the Slack desktop app.
---------------------------------------------
https://threatpost.com/critical-slack-bug-access-private-channels-conversations/158795/
∗∗∗ Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, [...]
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
released on 2020-08-28 and 2020-08-29
---------------------------------------------
https://www.ibm.com/blogs/psirt/2020/08/
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (bind9 and squid), Fedora (libX11 and wireshark), Gentoo (libX11 and redis), Mageia (firefox, libx11, qt4 and qt5base, and x11-server), openSUSE (gettext-runtime, inn, and webkit2gtk3), Oracle (firefox), SUSE (libqt5-qtbase, openvpn, openvpn-openssl1, postgresql10, and targetcli-fb), and Ubuntu (chrony, nss, and squid).
---------------------------------------------
https://lwn.net/Articles/829847/
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (bacula, bind9, freerdp, libvncserver, lilypond, mupdf, ndpi, openexr, php-horde, php-horde-core, php-horde-gollem, php-horde-kronolith, ros-actionlib, thunderbird, and xorg-server), Fedora (golang-github-ulikunitz-xz and qt), Gentoo (bind, chrony, ghostscript-gpl, kleopatra, openjdk, and targetcli-fb), Mageia (ark, evolution-data-server, fossil, kernel, kernel-linus, and thunderbird), openSUSE (apache2, graphviz, grub2, inn, librepo, and [...]
---------------------------------------------
https://lwn.net/Articles/830137/
∗∗∗ Trend Micro Apex One: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0854
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list