[CERT-daily] Tageszusammenfassung - 02.11.2020

Mon Nov 2 18:20:05 CET 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 30-10-2020 18:00 − Montag 02-11-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Sicherheitslücke: Zero Day im Windows-Kernel veröffentlicht ∗∗∗
---------------------------------------------
Google hat die Sicherheitslücke nach nur 7 Tagen veröffentlicht, weil sie bereits aktiv ausgenutzt wurde. Patches gibt es nicht.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-zero-day-im-windows-kernel-veroeffentlicht-2011-151854-rss.html


∗∗∗ More File Selection Gaffes, (Sat, Oct 31st) ∗∗∗
---------------------------------------------
A reader submitted a file, that turned out to be a mass mailer project file used by malicious actors.
---------------------------------------------
https://isc.sans.edu/diary/rss/26722


∗∗∗ CSS-JS Steganography in Fake Flash Player Update Malware ∗∗∗
---------------------------------------------
This summer, MalwareBytes researcher Jérôme Segura wrote an article about how criminals use image files (.ico) to hide JavaScript credit card stealers on compromised e-commerce sites. In a tweet, Affable Kraut also reported another similar obfuscation technique using .ico files to conceal JavaScript skimmers. Just something I’ve noticed more recently with digital skimmers/#magecart.
---------------------------------------------
https://blog.sucuri.net/2020/11/css-js-steganography-in-fake-flash-player-update-malware.html


∗∗∗ How to Protect Yourself From Pwned and Password Reuse Attacks ∗∗∗
---------------------------------------------
Many businesses are currently looking at how to bolster security across their organization as the pandemic and remote work situation continues to progress towards the end of the year. As organizations continue to implement security measures to protect business-critical data, there is an extremely important area of security that often gets overlooked - passwords. 
---------------------------------------------
https://thehackernews.com/2020/11/how-to-protect-yourself-from-pwned-and.html


∗∗∗ NAT Slipstreaming ∗∗∗
---------------------------------------------
NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victims NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website.
---------------------------------------------
https://samy.pl/slipstream/


∗∗∗ Ransomware Protection and Containment Strategies: Practical Guidance forEndpoint Protection, Hardening, and Containment ∗∗∗
---------------------------------------------
UPDATE (Oct. 30, 2020): We have updated the report to include additional protection and containment strategies based on front-line visibility and response efforts in combating ransomware. While the full scope of recommendations included within the initial report remain unchanged, the following strategies have been added into the report: [...]
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2019/09/ransomware-protection-and-containment-strategies.html


∗∗∗ Cisco Talos Advisory on Adversaries Targeting the Healthcare and Public Health Sector ∗∗∗
---------------------------------------------
Cisco Talos has become aware that an adversary is leveraging Trickbot banking trojan and Ryuk ransomware to target U.S. hospitals and healthcare providers at an increasing rate. Security journalists reported on October 28, 2020 that the adversary was preparing to encrypt systems at “potentially hundreds” of medical centers and hospitals, based on a tip from a researcher who had been monitoring communications for the threat actor.
---------------------------------------------
https://blog.talosintelligence.com/2020/10/healthcare-advisory.html


∗∗∗ RiskIQ Has Released Its Corpus of Infrastructure and IOCs Related to Ryuk Ransomware ∗∗∗
---------------------------------------------
Ryuk Ransomware has flooded US hospitals, threatening to shut down their operations when theyre needed most. Ryuk now accounts for a third of all ransomware attacks in 2020, with its operators finding success while many healthcare organizations are most vulnerable.  However, the cybersecurity community is coming together to combat this rash of attacks, combining resources to provide network defenders with alerts and intelligence to protect our healthcare institutions.
---------------------------------------------
https://www.riskiq.com/blog/external-threat-management/ryuk-ransoware-indicators/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (cimg, junit4, kernel, openldap, qtsvg-opensource-src, spice, spice-gtk, tzdata, and wireshark), Fedora (firefox, java-1.8.0-openjdk, java-11-openjdk, and thunderbird), openSUSE (apache2, binutils, libvirt, lout, pacemaker, pagure, phpMyAdmin, samba, sane-backends, singularity, spice, spice-gtk, thunderbird, nspr, tomcat, virt-bootstrap, and xen), SUSE (graphviz, liblouis, and samba), and Ubuntu (samba).
---------------------------------------------
https://lwn.net/Articles/835838/


∗∗∗ Oracle Security Alert for CVE-2020-14750 - 01 November 2020 ∗∗∗
---------------------------------------------
https://www.oracle.com/security-alerts/alert-cve-2020-14750.html


∗∗∗ Hormann BiSecur Gateway and Home Server multiple vulnerabilities ∗∗∗
---------------------------------------------
https://sec-consult.com/./en/blog/advisories/hormann-bisecur-gateway-and-home-server-multiple-vulnerabilities/


∗∗∗ WordPress: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-1058

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily