[CERT-daily] Tageszusammenfassung - 16.11.2020
Daily end-of-shift report
team at cert.at
Mon Nov 16 18:32:38 CET 2020
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 13-11-2020 18:00 − Montag 16-11-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Stories from the SOC – Multi-layered defense detects Windows Trojan ∗∗∗
---------------------------------------------
Malware infections are common and are often missed by antivirus software. Their impact to critical infrastructure and applications can be devastating to an organizations network, brand and customers if not remediated. With the everchanging nature of [...]
---------------------------------------------
https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-multi-layered-defense-detects-windows-trojan
∗∗∗ New TroubleGrabber Discord malware steals passwords, system info ∗∗∗
---------------------------------------------
TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-troublegrabber-discord-malware-steals-passwords-system-info/
∗∗∗ Windows Kerberos authentication breaks due to security updates ∗∗∗
---------------------------------------------
Microsoft is investigating a new known issue causing enterprise domain controllers to experience Kerberos authentication problems after installing security updates released during this months Patch Tuesday, on November 10.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentication-breaks-due-to-security-updates/
∗∗∗ Schneider Electric Warns Customers of Drovorub Linux Malware ∗∗∗
---------------------------------------------
One of the security bulletins released this week by Schneider Electric warns customers about Drovorub, a piece of Linux malware that was recently detailed by the NSA and the FBI.
---------------------------------------------
https://www.securityweek.com/schneider-electric-warns-customers-drovorub-linux-malware
∗∗∗ Ok Google: please publish your DKIM secret keys ∗∗∗
---------------------------------------------
The Internet is a dangerous place in the best of times. Sometimes Internet engineers find ways to mitigate the worst of these threats, and sometimes they fail. Every now and then, however, a major Internet company finds a solution that actually makes the situation worse for just about everyone. Today I want to talk about [...]
---------------------------------------------
https://blog.cryptographyengineering.com/2020/11/16/ok-google-please-publish-your-dkim-secret-keys/
∗∗∗ The ransomware landscape is more crowded than you think ∗∗∗
---------------------------------------------
More than 25 Ransomware-as-a-Service (RaaS) portals are currently renting ransomware to other criminal groups.
---------------------------------------------
https://www.zdnet.com/article/the-ransomware-landscape-is-more-crowded-than-you-think/
∗∗∗ Ngioweb Botnet Targeting IoT Devices ∗∗∗
---------------------------------------------
A new version of the Ngioweb botnet malware was discovered and analyzed by Netlab 360 researchers. Their blog post details the changes observed in these newer samples.
---------------------------------------------
https://exchange.xforce.ibmcloud.com/collection/e4becb0bc47fb9b7ad74c9fb579f027b
=====================
= Vulnerabilities =
=====================
∗∗∗ Heartbleed, BlueKeep and other vulnerabilities that didnt disappear just because we dont talk about them anymore, (Mon, Nov 16th) ∗∗∗
---------------------------------------------
Since new critical vulnerabilities are discovered and published nearly every day, it is no wonder that we (i.e. security professionals and security-oriented media) tend to focus on these and dont return to the ones that came before too often. Unless there is a massive exploitation campaign, that is. This doesnt present any problems for organizations, which manage to patch vulnerabilities on time, but for many others [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/26798
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libdatetime-timezone-perl and libvncserver), Fedora (chromium, kernel, kernel-headers, kernel-tools, krb5, libexif, libxml2, and thunderbird), Gentoo (chromium, libmaxminddb, and mit-krb5), Mageia (arpwatch, bluez, chromium-browser-stable, firefox and thunderbird, golang, java-1.8.0-op, kdeconnect-kde, kleopatra, libexif, lilypond, microcode, packagekit, ruby, and tpm2-tss), openSUSE (chromium, firefox, ImageMagick, kernel, openldap2, python-waitress, SDL, u-boot, ucode-intel, and zeromq), Oracle (fence-agents, firefox, freetype, kernel, python, python3, and thunderbird), Red Hat (rh-postgresql10-postgresql, rh-postgresql12-postgresql, and virt:8.2 and virt-devel:8.2), Slackware (seamonkey), and SUSE (firefox, gdm, kernel, and kernel-firmware).
---------------------------------------------
https://lwn.net/Articles/837431/
∗∗∗ SIGE (Joomla) 3.4.1 & 3.5.3 Pro - Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2020110113
∗∗∗ Opera Touch for iOS: Schwachstelle ermöglicht Darstellen falscher Informationen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1123
∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1122
∗∗∗ Security Bulletin: Information Disclosure Vulnerability Affects EBICS Client of IBM Sterling B2B Integrator (CVE-2020-4475) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-affects-ebics-client-of-ibm-sterling-b2b-integrator-cve-2020-4475/
∗∗∗ Security Bulletin: Information Disclosure Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4476) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-affects-ibm-sterling-file-gateway-cve-2020-4476/
∗∗∗ Security Bulletin: CKEditor XSS Vulnerability Affects IBM Sterling B2B Integrator (CVE-2018-17960) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ckeditor-xss-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2018-17960/
∗∗∗ Security Bulletin: XSS Vulnerability Affects IBM Sterling B2B Integrator (CVE-2020-4705) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-xss-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2020-4705/
∗∗∗ Security Bulletin: SQL Injection Vulnerability Affects EBICS in IBM Sterling B2B Integrator (CVE-2020-4655) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerability-affects-ebics-in-ibm-sterling-b2b-integrator-cve-2020-4655/
∗∗∗ Security Bulletin: B2B API Information Disclosure Vulnerability Affects IBM Sterling B2B Integrator (CVE-2020-4566) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-b2b-api-information-disclosure-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2020-4566/
∗∗∗ Security Bulletin: Cross-site scripting vulnerability affects IBM Business Automation Workflow – CVE-2020-4672 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-ibm-business-automation-workflow-cve-2020-4672/
∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Apache Struts Affect IBM Sterling File Gateway (CVE-2019-0233, CVE-2019-0230) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-apache-struts-affect-ibm-sterling-file-gateway-cve-2019-0233-cve-2019-0230-2/
∗∗∗ Security Bulletin: Cookie Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4763) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cookie-vulnerability-affects-ibm-sterling-file-gateway-cve-2020-4763/
∗∗∗ Security Bulletin: Cookie Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4665) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cookie-vulnerability-affects-ibm-sterling-file-gateway-cve-2020-4665/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list