[CERT-daily] Tageszusammenfassung - 29.12.2020
Daily end-of-shift report
team at cert.at
Tue Dec 29 18:05:02 CET 2020
=====================
= End-of-Day report =
=====================
Timeframe: Montag 28-12-2020 18:00 − Dienstag 29-12-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Video: Betrugsmaschen auf Facebook, WhatsApp, Instagram und Co. ∗∗∗
---------------------------------------------
Abo-Fallen, Phishing-Nachrichten oder unseriöse Werbungen. Auf Facebook, WhatsApp, Instagram & Co. stößt man auf verschiedene Betrugsmaschen. Im Video zeigen wir Ihnen, auf was Sie achten müssen, um sicher in den sozialen Medien surfen zu können!
---------------------------------------------
https://www.watchlist-internet.at/news/video-betrugsmaschen-auf-facebook-whatsapp-instagram-und-co/
∗∗∗ Useful Sources of Domain and DNS Logging ∗∗∗
---------------------------------------------
The final part of this blog series on log collection covers Managed DNS Providers, Packet Capture, IDS/IPS Tools, Mail Exchange, IIS Servers, and more. Learn about these log sources and explore the next steps for ideas beyond logging.
---------------------------------------------
https://www.domaintools.com/resources/blog/useful-sources-of-domain-and-dns-logging
∗∗∗ Using Microsoft 365 Defender to protect against Solorigate ∗∗∗
---------------------------------------------
This blog is a comprehensive guide for security operations and incident response teams using Microsoft 365 Defender to identify, investigate, and respond to the Solorigate attack if it’s found in your environment.
---------------------------------------------
https://www.microsoft.com/security/blog/2020/12/28/using-microsoft-365-defender-to-coordinate-protection-against-solorigate/
∗∗∗ Want to know whats in a folder you dont have a permission to access? Try asking your AV solution..., (Tue, Dec 29th) ∗∗∗
---------------------------------------------
Back in February, I wrote a diary about a small vulnerability in Windows, which allows users to brute-force names of files in folders, which they dont have permission to open/list[1]. While thinking on the topic, it occurred to me that a somewhat-complete list of files placed in a folder one cant access due to lack of permissions might potentially be obtained by scanning the folder with an anti-malware solution, which displays files which are currently being scanned.
---------------------------------------------
https://isc.sans.edu/diary/rss/26932
∗∗∗ A Google Docs Bug Could Have Allowed Hackers See Your Private Documents ∗∗∗
---------------------------------------------
Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 as part of Googles Vulnerability Reward Program.
---------------------------------------------
https://thehackernews.com/2020/12/a-google-docs-bug-could-have-allowed.html
∗∗∗ SearchDimension search hijackers: An overview of developments ∗∗∗
---------------------------------------------
The SearchDimension family of search hijackers has made some headway over the past year. Heres an overview of their latest tricks.
---------------------------------------------
https://blog.malwarebytes.com/adware/2020/12/searchdimension-search-hijackers/
=====================
= Vulnerabilities =
=====================
∗∗∗ ZDI-20-1453: Qognify Ocularis EventCoordinator ConnectedChannel_GotMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-20-1453/
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Mageia (flac, graphicsmagick, jackit, kdeconnect-kde, libmaxminddb, libvirt, openjpeg2, pngcheck, python3, roundcubemail, and spice-vdagent), openSUSE (gimp), and SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, cyrus-sasl, and gimp).
---------------------------------------------
https://lwn.net/Articles/841436/
∗∗∗ Synology-SA-20:29 SRM ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to obtain sensitive information via a susceptible version of Synology Router Manager (SRM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_29
∗∗∗ procps-ng vulnerability CVE-2018-1126 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K83271321
∗∗∗ procps-ng vulnerability CVE-2018-1124 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K16124204
∗∗∗ procps-ng vulnerability CVE-2018-1122 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K00409335
∗∗∗ Webmin: Schwachstelle ermöglicht nicht spezifizierten Angriff ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1269
∗∗∗ HCL Domino: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1271
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list