[CERT-daily] Tageszusammenfassung - 12.05.2020
Daily end-of-shift report
team at cert.at
Tue May 12 18:19:38 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Montag 11-05-2020 18:00 − Dienstag 12-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Astaroth’s New Evasion Tactics Make It ‘Painful to Analyze’ ∗∗∗
---------------------------------------------
The infostealer has gone above and beyond in its new anti-analysis and obfuscation tactics.
---------------------------------------------
https://threatpost.com/astaroths-evasion-tactics-painful-analyze/155633/
∗∗∗ Anubis Malware Upgrade Logs When Victims Look at Their Screens ∗∗∗
---------------------------------------------
Threat actors are cooking up new features for the sophisticated banking trojan that targets Google Android apps and devices.
---------------------------------------------
https://threatpost.com/anubis-malware-upgrade-victims-screens/155644/
∗∗∗ Analyzing Dark Crystal RAT, a C# backdoor ∗∗∗
---------------------------------------------
[...] The FLARE Team helps augment our threat intelligence by reverse engineering malware samples. Recently, FLARE worked on a new C# variant of Dark Crystal RAT (DCRat) that the threat intel team passed to us. We reviewed open source intelligence and prior work, performed sandbox testing, and reverse engineered the Dark Crystal RAT to review its capabilities [...]
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2020/05/analyzing-dark-crystal-rat-backdoor.html
∗∗∗ Profilbesuche auf Facebook erkennen – Geht das? ∗∗∗
---------------------------------------------
Auf Facebook kursiert momentan ein Link, der es angeblich ermöglicht, Profilzugriffe anzuzeigen. Das macht natürlich neugierig. Doch Vorsicht: Sie landen auf einer Phishing-Seite! Kriminelle greifen Ihre Facebook-Login-Daten ab und posten betrügerische Beiträge in Ihrem Namen. Und: Facebook bietet kein Tool an, dass Ihnen anzeigt, wer auf Ihrem Profil war.
---------------------------------------------
https://www.watchlist-internet.at/news/profilbesuche-auf-facebook-erkennen-geht-das/
∗∗∗ Rückblick auf das erste Drittel 2020 ∗∗∗
---------------------------------------------
Jänner: BMEIA, Shitrix, BlueGate – ein besinnlicher Jahresbeginn
Februar: Die (fast) letzten Augenblicke von TLS
März und April: COVID-19 oder "Im Cyber nix neues"
---------------------------------------------
https://cert.at/de/blog/2020/5/ruckblick-auf-das-erste-drittel-2020
=====================
= Vulnerabilities =
=====================
∗∗∗ Adobe fixes critical vulnerabilities in Acrobat, Reader, and DNG SDK ∗∗∗
---------------------------------------------
Adobe has released security updates for Adobe Acrobat, Reader, and Adobe DNG Software Development Kit that resolve a combined total of thirty-six security vulnerabilities in the three products.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-vulnerabilities-in-acrobat-reader-and-dng-sdk/
∗∗∗ Siemens SSA-352504: Urgent/11 TCP/IP Stack Vulnerabilities in Siemens Power Meters ∗∗∗
---------------------------------------------
Siemens low & high voltage power meters are affected by multiple security vulnerabilities due to the underlying Wind River VxWorks network stack. This stack is affected by eleven vulnerabilities known as the "URGENT/11".
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-352504.txt
∗∗∗ TYPO3 Core version 10.4.2 fixes multiple vulnerabilities ∗∗∗
---------------------------------------------
TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset
TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine
TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling
TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized
TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings
TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface
---------------------------------------------
https://typo3.org/help/security-advisories/typo3-cms
∗∗∗ TYPO3 - vulnerabilities in multiple extensions - 2020-05-12 ∗∗∗
---------------------------------------------
TYPO3-EXT-SA-2020-004: SQL Injection in extension "phpMyAdmin" (phpmyadmin)
TYPO3-EXT-SA-2020-005: Multiple vulnerabilities in extension "Direct Mail" (direct_mail)
TYPO3-EXT-SA-2020-006: Broken Access Control in extension "gForum" (g_forum)
TYPO3-EXT-SA-2020-007: Sensitive Data Exposure in extension "Job Fair" (jobfair)
TYPO3-EXT-SA-2020-008: Cross-Site Scripting in "SVG Sanitizer" (svg_sanitizer)
---------------------------------------------
https://typo3.org/help/security-advisories/typo3-extensions
∗∗∗ Sicherheitspatches: Online-Foren über vBulletin-Lücke attackierbar ∗∗∗
---------------------------------------------
Es sind mehrere abgesicherte Version der Foren-Software vBulletin erschienen.
---------------------------------------------
https://heise.de/-4719217
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (a2ps and qutebrowser), openSUSE (cacti, cacti-spine, ghostscript, and python-markdown2), Oracle (kernel), Red Hat (chromium-browser, libreswan, and qemu-kvm-ma), Scientific Linux (thunderbird), and SUSE (kernel and libvirt).
---------------------------------------------
https://lwn.net/Articles/820307/
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/2020/05/
∗∗∗ Bitdefender Antivirus: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0441
∗∗∗ Exim: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0444
∗∗∗ Symantec Endpoint Protection: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0443
∗∗∗ SAP Patchday Mai 2020 ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0442
∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0449
∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Manipulation von Dateien ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0448
∗∗∗ F5 BIG-IP: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0445
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list