[CERT-daily] Tageszusammenfassung - 22.12.2020

Tue Dec 22 18:33:30 CET 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 21-12-2020 18:00 − Dienstag 22-12-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Ransomware Task Force gegründet ∗∗∗
---------------------------------------------
Verschiedene Sicherheitsspezialisten haben die Ransomware Taks Force aus der Taufe gehoben. Zu den Gründungsmitgliedern gehören bekannte Namen wie Microsoft, McAfee und Citrix, aber auch kleinere Hersteller und gemeinnützige Organisationen.
---------------------------------------------
https://www.zdnet.de/88390942/ransomware-task-force-gegruendet/


∗∗∗ Least Privilege Application Management - A Lesson Learned from SolarWinds Orion ∗∗∗
---------------------------------------------
The sophisticated, nation-state assault used to infiltrate SolarWinds Orion and then leveraged to compromise potentially thousands of its customers is astonishing in scope and potential fallout.
---------------------------------------------
https://www.beyondtrust.com/blog/entry/least-privilege-application-management-a-lesson-learned-from-solarwinds-orion


∗∗∗ Smart Doorbell Disaster: Many Brands Vulnerable to Attack ∗∗∗
---------------------------------------------
Investigation reveals device sector is problem plagued when it comes to security bugs.
---------------------------------------------
https://threatpost.com/smart-doorbell-vulnerable-to-attack/162527/


∗∗∗ Patrick Wardle on Hackers Leveraging 'Powerful' iOS Bugs in High-Level Attacks ∗∗∗
---------------------------------------------
Noted Apple security expert Patrick Wardle discusses how cybercriminals are stepping up their game in targeting Apple users with new techniques and cyberattacks.
---------------------------------------------
https://threatpost.com/patrick-wardle-on-hackers-leveraging-powerful-ios-bugs-in-high-level-attacks/162521/


∗∗∗ Threat Actors Increasingly Using VBA Purging in Attacks ∗∗∗
---------------------------------------------
Cyberattacks relying on malicious Office documents have increasingly leveraged a relatively new technique called VBA Purging, FireEye said over the weekend, when it also announced the availability of a related open source tool.
---------------------------------------------
https://www.securityweek.com/threat-actors-increasingly-using-vba-purging-attacks


∗∗∗ Increase in Drive-by Attacks Using SocGholish ∗∗∗
---------------------------------------------
The SocGholish framework is commonly used to distribute fake updates for applications such as Chrome, Firefox, Flash Player, and Microsoft Teams through drive-by downloads. Menlo Labs has reported an uptick in attacks using SocGholish.
---------------------------------------------
https://exchange.xforce.ibmcloud.com/collection/ef2a09a8bb57d90f200a51af74506051


∗∗∗ Meyhod - Yet Another Magecart Skimmer ∗∗∗
---------------------------------------------
Discovered by RiskIQ in October, Meyhod is a Magecart skimmer that researchers observed on several sites, in some cases it has been present on a site for months. The IP address that is hosting the malicious JavaScript code has several other domains associated with it that are suspected to be malicious.
---------------------------------------------
https://exchange.xforce.ibmcloud.com/collection/5a493a06b3a2fa9585d3f239007dc663


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitslücke mit maximaler Gefahreneinstufung in Wyse-Thin-Clients von Dell ∗∗∗
---------------------------------------------
Zwei kritische Sicherheitslücken gefährden Dell-PCs der Wyse-Thin-Serie. Updates sind verfügbar.
---------------------------------------------
https://heise.de/-4997456


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (kernel and thunderbird), Debian (openjdk-8 and webkit2gtk), Fedora (gdm, mingw-openjpeg2, and openjpeg2), Mageia (compat-openssl10, golang-googlecode-net, mbedtls, openssl, and virtualbox), openSUSE (ovmf and xen), Red Hat (kernel, mariadb-connector-c, mariadb:10.3, postgresql:10, and postgresql:9.6), and SUSE (ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, [...]
---------------------------------------------
https://lwn.net/Articles/841099/


∗∗∗ Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554) ∗∗∗
---------------------------------------------
A currently unpatched, medium-severity issue affecting all Kubernetes versions, CVE-2020-8554 can be mitigated in several ways.
---------------------------------------------
https://unit42.paloaltonetworks.com/cve-2020-8554/


∗∗∗ BlackBerry Powered by Android Security Bulletin - December 2020 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000072551


∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect IBM Spectrum Conductor and IBM Spectrum Conductor with Spark ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark-3/


∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Bind affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-bind-affects-ibm-netezza-host-management/


∗∗∗ Security Bulletin: Apache Poi as used by IBMQRadar SIEM is vulnerable to information disclosure (CVE-2019-12415, CVE-2017-12626) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-poi-as-used-by-ibmqradar-siem-is-vulnerable-to-information-disclosure-cve-2019-12415-cve-2017-12626/


∗∗∗ Apache Struts vulnerability CVE-2020-17530 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K24608264

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily