[CERT-daily] Tageszusammenfassung - 03.11.2020
Daily end-of-shift report
team at cert.at
Tue Nov 3 18:20:07 CET 2020
=====================
= End-of-Day report =
=====================
Timeframe: Montag 02-11-2020 18:00 − Dienstag 03-11-2020 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Emotet -> Qakbot -> more Emotet, (Tue, Nov 3rd) ∗∗∗
---------------------------------------------
On Friday 2020-10-30, I generated an Emotet infection in my lab and saw Qakbot as the follow-up malware. I let the activity run for a while, then another Emotet infection appeared on the same host after Qakbot started.
---------------------------------------------
https://isc.sans.edu/diary/rss/26750
∗∗∗ Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945 ∗∗∗
---------------------------------------------
Through Mandiant investigation of intrusions between February 2018 and September 2020, the FLARE Advanced Practices team observed a group we track as UNC1945 compromise telecommunications companies and operate against a tailored set of targets within the financial and professional consulting industries by leveraging access to third-party networks (see this blog post for an in-depth description of “UNC” groups). UNC1945 targeted Oracle Solaris operating systems, utilized several [...]
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2020/11/live-off-the-land-an-overview-of-unc1945.html
∗∗∗ JavaScript-Paketmanager: Twilio-Brandjacking-Paket öffnet Hintertür ∗∗∗
---------------------------------------------
Vergangenes Wochenende haben Angreifer ein Paket namens twilio-npm veröffentlicht, das eine Reverse Shell auf dem Entwicklersystem startet.
---------------------------------------------
https://heise.de/-4945861
∗∗∗ Schubladen für Schwachstellen: Das CVE-System im Überblick ∗∗∗
---------------------------------------------
MITREs Common Vulnerabilities and Exposures System (CVE) ist der gängige Standard zur Verwaltung von Schwachstellen. Wir erklären, was es damit auf sich hat.
---------------------------------------------
https://heise.de/-4940478
∗∗∗ Hundewelpen im Internet kaufen? - Lieber nicht! ∗∗∗
---------------------------------------------
Bei der Recherche nach Züchtern im Internet, stoßen Sie möglicherweise auf Websites, die wunderschöne Rasse-Hundewelpen verkaufen - meist zu einem sehr günstigen Preis. TierliebhaberInnen werden vor allem mit liebevollen Fotos und Beschreibung verlockt, sich mit dem vermeintlichen Züchter in Verbindung zu setzen. Doch Vorsicht: Der Handel von Hunden und Katzen über das Internet ist in Österreich verboten.
---------------------------------------------
https://www.watchlist-internet.at/news/hundewelpen-im-internet-kaufen-lieber-nicht/
∗∗∗ These software bugs are years old. But businesses still arent patching them ∗∗∗
---------------------------------------------
Many organisations still havent applied security patches issued years ago, putting them at risk from common cyber attacks.
---------------------------------------------
https://www.zdnet.com/article/these-software-bugs-are-years-old-but-businesses-still-arent-patching-them/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security Alert CVE-2020-14750 Released ∗∗∗
---------------------------------------------
Oracle has just released Security Alert CVE-2020-14750. This vulnerability affects a number of versions of Oracle WebLogic Server and has a CVSS Base Score of 9.8. WebLogic Server customers should refer to the Security Alert Advisory for information on affected versions and how to obtain the required patches. This vulnerability is related to CVE-2020-14882, which was addressed in the October 2020 Critical Patch Update. Vulnerability CVE-2020-14750 is remotely exploitable without authentication, [...]
---------------------------------------------
https://blogs.oracle.com/security/security-alert-cve-2020-14750-released
∗∗∗ Security Updates Available for Adobe Acrobat and Reader (APSB20-67) ∗∗∗
---------------------------------------------
Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB20-67). The updates referenced in the bulletin address critical, important and moderate vulnerabilities and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1939
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (blueman and wordpress), Fedora (fastd, kernel, and samba), Gentoo (bluez, fossil, kpmcore, libssh, and opendmarc), openSUSE (claws-mail and icinga2), and Ubuntu (blueman).
---------------------------------------------
https://lwn.net/Articles/835952/
∗∗∗ Googles Project Zero deckt Sicherheitslücke bei GitHub auf ∗∗∗
---------------------------------------------
Das Sicherheitsteam hat das Risiko der gefundenen Schwachstelle für Entwickler als hoch eingestuft. Eine schnelle Lösung des Problems gibt es bisher nicht.
---------------------------------------------
https://heise.de/-4946535
∗∗∗ Android Security Bulletin - November 2020 ∗∗∗
---------------------------------------------
[...] The most severe of these issues is a critical security vulnerability in the System component that could enable a proximal attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.
---------------------------------------------
https://source.android.com/security/bulletin/2020-11-01
∗∗∗ Google Patches Actively Exploited Chrome Vulnerabilities ∗∗∗
---------------------------------------------
Google has released updates to address multiple vulnerabilities in the Chrome browser, including two that are actively exploited in attacks. Chrome 86.0.4240.183 for Windows, macOS, and Linux was pushed to the stable channel with patches for a total of seven vulnerabilities, all of which feature a severity rating of high.
---------------------------------------------
https://www.securityweek.com/google-patches-actively-exploited-chrome-vulnerabilities
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list