[CERT-daily] Tageszusammenfassung - 31.07.2020
Daily end-of-shift report
team at cert.at
Fri Jul 31 18:20:30 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 30-07-2020 18:00 − Freitag 31-07-2020 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Office 365 phishing abuses Google Ads to bypass email filters ∗∗∗
---------------------------------------------
An Office 365 phishing campaign abused Google Ads to bypass secure email gateways (SEGs), redirecting employees of targeted organizations to phishing landing pages and stealing their Microsoft credentials.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/office-365-phishing-abuses-google-ads-to-bypass-email-filters/
∗∗∗ One Byte to rule them all ∗∗∗
---------------------------------------------
Posted by Brandon Azad, Project Zero. For the last several years, nearly all iOS kernel exploits have followed the same high-level flow: memory corruption and fake Mach ports are used to gain access to the kernel task port, which provides an ideal kernel read/write primitive to userspace.
---------------------------------------------
https://googleprojectzero.blogspot.com/2020/07/one-byte-to-rule-them-all.html
∗∗∗ WastedLocker: technical analysis ∗∗∗
---------------------------------------------
According to currently available information, in the attack on Garmin a targeted build of the Trojan WastedLocker was used. We have performed technical analysis of the Trojan sample.
---------------------------------------------
https://securelist.com/wastedlocker-technical-analysis/97944/
∗∗∗ Obscured by Clouds: Insights into Office 365 Attacks and How MandiantManaged Defense Investigates ∗∗∗
---------------------------------------------
With Business Email Compromises (BECs) showing no signs of slowing down, it is becoming increasingly important for security analysts to understand Office 365 (O365) breaches and how to properly investigate them.
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2020/07/insights-into-office-365-attacks-and-how-managed-defense-investigates.html
∗∗∗ Malspam campaign caught using GuLoader after service relaunch ∗∗∗
---------------------------------------------
We discovered a spam campaign distributing GuLoader in the aftermath of the services relaunch.
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2020/07/malspam-campaign-caught-using-guloader-after-service-relaunch/
∗∗∗ New infection chain of njRAT variant ∗∗∗
---------------------------------------------
Recently, 360 Security Center has detected that a variant of the remote access tool njRAT is active.
---------------------------------------------
https://blog.360totalsecurity.com/en/new-infection-chain-of-njrat-variant/
∗∗∗ Umfragen von appdoctor.me führen zu Geldwäsche in Ihrem Namen! ∗∗∗
---------------------------------------------
Es klingt so verlockend: Einfach kurz eine App testen und schon hat man 35 Euro verdient. Doch leider steckt hinter solchen Umfrageplattformen und Jobangeboten oftmals Betrug. So auch auf der Webseite appdoctor.me, auf der App-TesterInnen gesucht werden. Geld wird Ihnen hier jedoch nicht ausbezahlt. Stattdessen eröffnen die Kriminellen ein Konto in Ihrem Namen, um dort Geldwäsche zu betreiben.
---------------------------------------------
https://www.watchlist-internet.at/news/umfragen-von-appdoctorme-fuehren-zu-geldwaesche-in-ihrem-namen/
=====================
= Vulnerabilities =
=====================
∗∗∗ KDE archive tool flaw let hackers take over Linux accounts ∗∗∗
---------------------------------------------
A vulnerability exists in the default KDE extraction utility called ARK that allows attackers to overwrite files or execute code on victims computers simply by tricking them into downloading an archive and extracting it.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/kde-archive-tool-flaw-let-hackers-take-over-linux-accounts/
∗∗∗ If you own one of these 45 Netgear devices, replace it: Gear maker wont patch vulnerable gear despite live proof-of-concept code ∗∗∗
---------------------------------------------
Thats one way of speeding up the tech refresh cycle. Netgear has quietly decided not to patch more than 40 home routers to plug a remote code execution vulnerability – despite security researchers having published proof-of-concept exploit code.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2020/07/30/netgear_abandons_45_routers_vuln_patching/
∗∗∗ Ripple20 impact onDistribution Automation products ∗∗∗
---------------------------------------------
On the 16th of June 2020, a series of vulnerabilities affecting a TCP/IP library from Treck Inc. were made public by JSOF Tech in Jerusalem, Israel. The products listed in this document have integrated this library and thus are affected by the vulnerabilities listed in this document.
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=2NGA000473&LanguageCode=en&DocumentPartId=&Action=Launch
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (webkit2gtk), CentOS (GNOME, grub2, and kernel), Debian (firefox-esr, grub2, json-c, kdepim-runtime, libapache2-mod-auth-openidc, net-snmp, and xrdp), Gentoo (chromium and firefox), Mageia (podofo), openSUSE (knot and tomcat), Oracle (grub2, kernel, postgresql-jdbc, and python-pillow), Red Hat (firefox, grub2, kernel, and kernel-rt), SUSE (grub2), and Ubuntu (firefox, grub2, grub2-signed, and librsvg).
---------------------------------------------
https://lwn.net/Articles/827572/
∗∗∗ Forscher legt zwei Zero-Day-Lücken im Tor-Netzwerk und -Browser offen ∗∗∗
---------------------------------------------
Internet Service Provider können unter Umständen alle Verbindungen zum Tor-Netzwerk blockieren. Der Forscher wirft dem Tor Project vor, die von ihm gemeldeten Schwachstellen nicht zu beseitigen. Er kündigt zudem die Offenlegung weiterer Bugs an.
---------------------------------------------
https://www.zdnet.de/88381926/forscher-legt-zwei-zero-day-luecken-im-tor-netzwerk-und-browser-offen/
∗∗∗ iTunes 12.10.8 for Windows ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT211293
∗∗∗ Security Bulletin: IBM i2 Analysts' Notebook Memory vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analysts-notebook-memory-vulnerabilities/
∗∗∗ Security Bulletin: A security vulnerability has been identified in Apache CXF, which is shipped with IBM Tivoli Network Manager (CVE-2020-1954). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-apache-cxf-which-is-shipped-with-ibm-tivoli-network-manager-cve-2020-1954/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-for-ibm-cloud-private-vm-quickstarter/
∗∗∗ Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list