[CERT-daily] Tageszusammenfassung - 26.05.2020

Tue May 26 18:22:08 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 25-05-2020 18:00 − Dienstag 26-05-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Dumping COVID-19.jar with Java Instrumentation ∗∗∗
---------------------------------------------
There is a generic and easy way to unpack Java malware that is not well-known yet. For demonstration I use a recent JAR malware sample that jumps on the COVID-19 bandwagon.
---------------------------------------------
https://www.gdatasoftware.com/blog/2020/05/36083-dumping-covid-19jar-with-java-instrumentation


∗∗∗ These Aren’t the Phish You’re Looking For ∗∗∗
---------------------------------------------
An Effective Technique for Avoiding Blacklists
---------------------------------------------
https://medium.com/@curtbraz/these-arent-the-phish-you-re-looking-for-7374c3986af5


∗∗∗ Fünf Zero-Day-Lücken veröffentlicht – Microsoft will erst später patchen ∗∗∗
---------------------------------------------
Das Team der Zero Day Initiative hat Informationen zu fünf Sicherheitslücken veröffentlicht, nachdem Microsoft die gesetzte Frist nicht einhielt.
---------------------------------------------
https://heise.de/-4765191


∗∗∗ Projekt SiSyPHuS Win10: Ergebnisse der Analyse zu PowerShell ∗∗∗
---------------------------------------------
Im Rahmen der Sicherheitsanalyse von Windows 10 (Projekt SiSyPHuS Win10) hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) die Ergebnisse der Analyse zu PowerShell veröffentlicht.
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/SiSyPHuS_Powershell_180520.html


∗∗∗ ludwig-therese.net ist Fake ∗∗∗
---------------------------------------------
Auf der Suche nach einem Dirndl oder einer Lederhose? Viele KonsumentInnen gelangen momentan über betrügerische Werbeschaltungen auf Facebook und Instagram zum Fake-Shop ludwig-therese.net. ludwig-therese.net ist eine Kopie des seriösen Shops ludwig-therese.de. Wer bei ludwig-therese.net bestellt, erhält trotz Bezahlung keine Ware.
---------------------------------------------
https://www.watchlist-internet.at/news/ludwig-theresenet-ist-fake/


∗∗∗ RangeAmp attacks can take down websites and CDN servers ∗∗∗
---------------------------------------------
Twelve of thirteen CDN providers said they fixed or planned to fix the problem.
---------------------------------------------
https://www.zdnet.com/article/rangeamp-attacks-can-take-down-websites-and-cdn-servers/


∗∗∗ Do Androids dream of equal security? ∗∗∗
---------------------------------------------
Several pieces of research published by F-Secure Labs demonstrate that region-specific default configurations and settings in some flagship Android devices are creating security problems that affect people in some countries but not others.
---------------------------------------------
https://blog.f-secure.com/android-security/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps ∗∗∗
---------------------------------------------
Remember Strandhogg? A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information. Late last year, at the time of its public disclosure, researchers also confirmed that some attackers were already exploiting the flaw in the [...]
---------------------------------------------
https://thehackernews.com/2020/05/stranhogg-android-vulnerability.html


∗∗∗ Apple Mail: iOS-Updates beseitigen offenbar schwere Lücke ∗∗∗
---------------------------------------------
Mit iOS 13.5 und 12.4.7 hat Apple Sicherheitsforschern zufolge Schwachstellen behoben, die eine Manipulation der E-Mail-Inbox ermöglichten.
---------------------------------------------
https://heise.de/-4764378


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (sqlite3), Fedora (libarchive and netdata), openSUSE (dom4j, dovecot23, gcc9, and memcached), Red Hat (devtoolset-9-gcc, httpd24-httpd and httpd24-mod_md, ipmitool, kernel, kpatch-patch, openvswitch, openvswitch2.11, openvswitch2.13, rh-haproxy18-haproxy, and ruby), and SUSE (freetds, jasper, libxslt, and sysstat).
---------------------------------------------
https://lwn.net/Articles/821441/


∗∗∗ FortiClient for Windows Insecure Temporary File vulnerability ∗∗∗
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-20-040

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily