[CERT-daily] Tageszusammenfassung - 15.07.2020
Daily end-of-shift report
team at cert.at
Wed Jul 15 18:30:52 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 14-07-2020 18:00 − Mittwoch 15-07-2020 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Windows Server: Sigred ist eine wurmartige kritische Lücke in Windows DNS ∗∗∗
---------------------------------------------
Der Bug betrifft alle Maschinen mit Windows Server 2003 bis 2019. Microsoft rät zum Patch, da sich Malware darüber selbst ausbreiten kann.
---------------------------------------------
https://www.golem.de/news/windows-server-sigred-ist-eine-wurmartige-kritische-luecke-in-windows-dns-2007-149655-rss.html
∗∗∗ Spamdexing (SEO spam malware) ∗∗∗
---------------------------------------------
Introduction: About SEO spam - is my website a target? You’ve spent time and energy in positioning your website high in search engine rankings through good SEO practices. You realize, however, that someone has hijacked your site by inserting their own spam. You are a victim of SEO spam, otherwise known as spamdexing, web spam, [...]
---------------------------------------------
https://resources.infosecinstitute.com/spamdexing-seo-spam-malware/
∗∗∗ Word docs with macros for IcedID (Bokbot), (Wed, Jul 15th) ∗∗∗
---------------------------------------------
Today's diary reviews Microsoft Word documents with macros to infect vulnerable Windows hosts with IcedID malware (also known as Bokbot) on Tuesday 2020-07-14. This campaign has previously pushed Valak or Ursnif, often with IcedID as the follow-up malware to these previous infections.
---------------------------------------------
https://isc.sans.edu/diary/rss/26352
∗∗∗ Simple DGA Spotted in a Malicious PowerShell ∗∗∗
---------------------------------------------
DGA (“Domain Generation Algorithm“) is a technique implemented in some malware families to defeat defenders and to make the generation of IOC’s (and their usage – example to implement black lists) more difficult. When a piece of malware has to contact a C2 server, it uses domain names or IP [...]
---------------------------------------------
https://blog.rootshell.be/2020/07/14/simple-dga-spotted-in-a-malicious-powershell/
∗∗∗ Website misconfigurations and other errors to avoid ∗∗∗
---------------------------------------------
Website misconfigurations can lead to hacking, malfunction, and worse. We take a look at recent mishaps and advise site owners on how to lock down their platforms.
---------------------------------------------
https://blog.malwarebytes.com/how-tos-2/2020/07/website-misconfigurations-and-other-errors-to-avoid/
∗∗∗ Diese Betrugsmaschen sollten GamerInnen kennen (Teil 1) ∗∗∗
---------------------------------------------
Ob Phishing-Versuche oder Fake-Shops: Die Betrugsmaschen im Gaming-Bereich unterscheiden sich teilweise kaum von anderen Betrügereien im Internet. Wir sammeln die häufigsten Betrugsmaschen und erklären, wie Sie diese erkennen und dagegen vorgehen können. Im ersten Teil zeigen wir Ihnen die betrügerischen Tricks rund um Phishing und Accountdiebstahl.
---------------------------------------------
https://www.watchlist-internet.at/news/diese-betrugsmaschen-sollten-gamerinnen-kennen-teil-1/
=====================
= Vulnerabilities =
=====================
∗∗∗ Microsoft July 2020 Patch Tuesday - Patch Now!, (Tue, Jul 14th) ∗∗∗
---------------------------------------------
This month we got patches for 123 vulnerabilities. Of these, 17 are critical and 2 were previously disclosed.
---------------------------------------------
https://isc.sans.edu/diary/rss/26350
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (dbus), Debian (python3.5), Fedora (podofo and roundcubemail), Oracle (dbus, dovecot, jbig2dec, kernel, nodejs:10, nodejs:12, sane-backends, and thunderbird), Red Hat (.NET Core and kernel), SUSE (ansible, ansible1, ardana-ansible, ardana-cluster, ardana-freezer, ardana-input-model, ardana-logging, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, [...]
---------------------------------------------
https://lwn.net/Articles/826181/
∗∗∗ Security Advisory - Two Vulnerabilities in SaltStack Salt ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200715-01-salt-en
∗∗∗ Security Advisory - Apache Tomcat File Inclusion Vulnerability ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200715-01-tomact-en
∗∗∗ Security Bulletin: IBM has released a Unified Extensible Firmware Interface (UEFI) fix in response to an Intel escalation of information disclosure vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-released-a-unified-extensible-firmware-interface-uefi-fix-in-response-to-an-intel-escalation-of-information-disclosure-vulnerability/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Apr 2020 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-apr-2020-cpu/
∗∗∗ Security Bulletin: Vulnerabilities in Java affect the IBM FlashSystem 900 (CVE-2019-2989 and CVE-2019-2964) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-affect-the-ibm-flashsystem-900-cve-2019-2989-and-cve-2019-2964-2/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Apr 2020 CPU (CVE-2020-2805, CVE-2020-2803, CVE-2020-2757, CVE-2020-2756) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-application-manager-apr-2020-cpu-cve-2020-2805-cve-2020-2803-cve-2020-2757-cve-2020-2756/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM eDiscovery Analyzer ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-ediscovery-analyzer-3/
∗∗∗ Apache Tomcat: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0717
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list