[CERT-daily] Tageszusammenfassung - 06.11.2020

Daily end-of-shift report team at cert.at
Fri Nov 6 18:08:01 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 05-11-2020 18:00 − Freitag 06-11-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Reverse shell botnet Gitpaste-12 spreads via GitHub and Pastebin ∗∗∗
---------------------------------------------
A newly discovered worm and botnet named Gitpaste-12 lives on GitHub and also uses Pastebin to host malicious code. The advanced malware comes equipped with reverse shell and crypto mining capabilities.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/reverse-shell-botnet-gitpaste-12-spreads-via-github-and-pastebin/


∗∗∗ Sicherheitslücke: Admin-Passwort für Rettungsdienst-System ungeschützt im Netz ∗∗∗
---------------------------------------------
Über die Software Ivena werden Notfallpatienten in Krankenhäusern angemeldet. Ein Admin-Passwort ist nun öffentlich auf der Herstellerwebseite einsehbar gewesen.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-admin-passwort-fuer-rettungsdienst-system-ungeschuetzt-im-netz-2011-151946-rss.html


∗∗∗ RansomEXX Trojan attacks Linux systems ∗∗∗
---------------------------------------------
We recently discovered a new file-encrypting Trojan built as an ELF executable and intended to encrypt data on machines controlled by Linux-based operating systems.
---------------------------------------------
https://securelist.com/ransomexx-trojan-attacks-linux-systems/99279/


∗∗∗ ALFA TEaM Shell ~ v4.1-Tesla: A Feature Update Analysis ∗∗∗
---------------------------------------------
We’ve seen a wider variety of PHP web shells being used by attackers this year — including a number of shells that have been significantly updated in an attempt to “improve” them. Depending on the scope of changes and feature enhancements that are added to an existing web shell’s source code, these updates can be tedious and time consuming for bad actors. For this reason, it’s common to see code for web shells reused among different, unaffiliated attackers.
---------------------------------------------
https://blog.sucuri.net/2020/11/alfa-team-shell-v4-1-tesla-a-feature-update-analysis.html


∗∗∗ Rediscovering Limitations of Stateful Firewalls: "NAT Slipstreaming" ? Implications, Detections and Mitigations ∗∗∗
---------------------------------------------
A recent {rediscovered} technique (NAT Slipstreaming) to allow an attacker remotely access any TCP/UDP service bound to a victim’s machine, thus bypassing the victim’s Network Address Translation (NAT)/firewall implementation was detailed by Samy Kamkar [1]. Samy had also shared a similar technique termed “NAT Pinning” back in 2010 [2]. The similarities in both techniques were convincing victims to access a specially crafted site implementing said techniques, resulting in [...]
---------------------------------------------
https://isc.sans.edu/forums/diary/Rediscovering+Limitations+of+Stateful+Firewalls+NAT+Slipstreaming+Implications+Detections+and+Mitigations/26766/


∗∗∗ Business VOIP phone systems are being hacked for profit worldwide. Is yours secure? ∗∗∗
---------------------------------------------
Security researchers have uncovered an organised gang of cybercriminals who are compromising the VOIP phone systems of over 1000 organisations worldwide. Check Point has identified a malicious campaign that has targeted a critical vulnerability in the Sangoma PBX open-source GUI, used to manage installations of Asterisk - the worlds most popular VOIP phone system for businesses.
---------------------------------------------
https://businessinsights.bitdefender.com/business-voip-phone-systems-are-being-hacked-for-profit-worldwide.-is-yours-secure


∗∗∗ IntelMQ offers tutorial lessons and a new documentation page ∗∗∗
---------------------------------------------
The IntelMQ tutorial guiding through various features and tools of IntelMQ is available in the IntelMQ Tutorial GitHub repository. Lesson one introduces the architecture, concepts and terminology of the project. Lessons two and three delve hands-on into working with IntelMQ. Starting with installation and basic usage & configuration they go on to tackle progressively more advanced topics like using advanced features or changing the message queue software to be used.
---------------------------------------------
https://cert.at/en/blog/2020/11/intelmq-tutorial-and-new-documentation-page


∗∗∗ Ryuk Speed Run, 2 Hours to Ransom ∗∗∗
---------------------------------------------
Since the end of September Ryuk has been screaming back into the news. We’ve already covered 2 cases in that timeframe. We’ve seen major healthcare providers, managed service providers, [...]
---------------------------------------------
https://thedfirreport.com/2020/11/05/ryuk-speed-run-2-hours-to-ransom/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Schwachstellen in iOS werden aktiv ausgenutzt – kein Update für iOS 13 ∗∗∗
---------------------------------------------
Apple-Nutzer sollten ihr Betriebssystem zügig aktualisieren, kritische Lücken werden wohl für Angriffe verwendet. Nicht alle Systemversionen erhalten Updates.
---------------------------------------------
https://heise.de/-4950496


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (sddm and wordpress), Fedora (blueman, chromium, pngcheck, and salt), openSUSE (chromium, salt, tiff, tigervnc, tmux, tomcat, transfig, and xen), Oracle (freetype, kernel, libX11, thunderbird, and xorg-x11-server), SUSE (bluez, ImageMagick, java-1_8_0-openjdk, rmt-server, salt, and u-boot), and Ubuntu (dom4j, firefox, netqmail, phpldapadmin, and tmux).
---------------------------------------------
https://lwn.net/Articles/836467/


∗∗∗ Security Advisory - Netlogon Elevation of Privilege Vulnerability ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201105-01-netlogon-en


∗∗∗ Digium Certified Asterisk: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1084

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list