[CERT-daily] Tageszusammenfassung - 10.07.2020

Daily end-of-shift report team at cert.at
Fri Jul 10 18:27:41 CEST 2020 

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 09-07-2020 18:00 − Freitag 10-07-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ tag2domain - a system for labeling DNS domains ∗∗∗
---------------------------------------------
Tag2domain - doing proper statistics on domain names In the course of nic.at’s Connecting Europe Facilities (CEF) project CEF-TC-2018-3 we were able to focus on some long overdue but relevant research: a tagging / labeling database of domain names.
---------------------------------------------
https://cert.at/en/blog/2020/7/tag2domain


∗∗∗ Conti ransomware shows signs of being a Ryuk successor ∗∗∗
---------------------------------------------
The Conti Ransomware is an upcoming threat targeting corporate networks with new features that allow it to perform quicker and more targeted attacks. There are also indications that this ransomware shares the same malware code as Ryuk, who has slowly been fading away, while Contis distribution is increasing.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/conti-ransomware-shows-signs-of-being-a-ryuk-successor/


∗∗∗ How to unc0ver a 0-day in 4 hours or less ∗∗∗
---------------------------------------------
By Brandon Azad, Project Zero. At 3 PM PDT on May 23, 2020, the unc0ver jailbreak was released for iOS 13.5 (the latest signed version at the time of release) using a zero-day vulnerability and heavy obfuscation. By 7 PM, I had identified the vulnerability and informed Apple. By 1 AM, I had sent Apple a POC and my analysis. This post takes you along that journey.
---------------------------------------------
https://googleprojectzero.blogspot.com/2020/07/how-to-unc0ver-0-day-in-4-hours-or-less.html


∗∗∗ Report: Most Popular Home Routers Have ‘Critical’ Flaws ∗∗∗
---------------------------------------------
Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates don’t fix.
---------------------------------------------
https://threatpost.com/report-most-popular-home-routers-have-critical-flaws/157346/


∗∗∗ Excel spreasheet macro kicks off Formbook infection, (Fri, Jul 10th) ∗∗∗
---------------------------------------------
Today's diary covers a Formbook infection from Thursday, June 9th 2020.
---------------------------------------------
https://isc.sans.edu/diary/rss/26332


∗∗∗ Fintechs im Visier – Analyse der Evilnum‑Malware ∗∗∗
---------------------------------------------
Bei der Analyse der Angriffe auf Fintech-Unternehmen fanden ESET Forscher selbstentwickelte Tools und interessante Parallelen zu anderen APT-Gruppen.
---------------------------------------------
https://www.welivesecurity.com/deutsch/2020/07/08/fintechs-im-visier-analyse-der-evilnum-malware/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data ∗∗∗
---------------------------------------------
The backdoor accounts grant access to a secret Telnet admin account running on the devices external WAN interface.
---------------------------------------------
https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/


∗∗∗ VMSA-2020-0017 ∗∗∗
---------------------------------------------
A privilege escalation vulnerability in VMware Fusion, VMRC for Mac and Horizon Client for Mac was privately reported to VMware. Updates are available to address this vulnerability.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2020-0017.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (curl, LibRaw, python-pillow, and python36), Mageia (coturn, samba, and vino), openSUSE (opera), and Ubuntu (openssl).
---------------------------------------------
https://lwn.net/Articles/825850/


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2020 – Includes Oracle Jan 2020 CPU affect IBM Content Classification ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2020-includes-oracle-jan-2020-cpu-affect-ibm-content-classification/


∗∗∗ Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java™ Technology Edition for IBM Content Classification ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-2949-may-affect-ibm-sdk-java-technology-edition-for-ibm-content-classification/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list