[CERT-daily] Tageszusammenfassung - 24.11.2020

Daily end-of-shift report team at cert.at
Tue Nov 24 18:19:12 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 23-11-2020 18:00 − Dienstag 24-11-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Warten auf Patches: Kritische VMware-Lücke gefährdet Linux- und Windows-Systeme ∗∗∗
---------------------------------------------
Software von VMware ist über eine Zero-Day-Lücke attackierbar. Bislang gibt es nur Workarounds zur Absicherung.
---------------------------------------------
https://heise.de/-4969353


∗∗∗ Betrügerische Trading-Plattformen: Kriminelle werben mit Kommentaren bei YouTube-Videos ∗∗∗
---------------------------------------------
In den Kommentaren zahlreicher beliebter YouTube-Videos – darunter Last Christmas von Wham! – finden sich Tipps, wie man mit Bitcoin-Handel im Internet reich werden kann. Verpackt in einer hochemotionalen Geschichte berichtet ein Nutzer, wie ihm eine Lyra Holt Dean beim Handel unterstützte. Im Kommentar gibt er auch ihre E-Mail-Adresse an. Schreiben Sie keinesfalls an diese Adresse, es handelt sich um Betrug!
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-trading-plattformen-kriminelle-werben-mit-kommentaren-bei-youtube-videos/


∗∗∗ Lookalike domains and how to outfox them ∗∗∗
---------------------------------------------
Our approach is more complex than simply registering lookalike domains to the company and enables real-time blocking of attacks that use such domains as soon as they appear.
---------------------------------------------
https://securelist.com/lookalike-domains-and-how-to-outfox-them/99539/


∗∗∗ Blackrota, a heavily obfuscated backdoor written in Go ∗∗∗
---------------------------------------------
Recently, a malicious backdoor program written in the Go language that exploits an unauthorized access vulnerability in the Docker Remote API was caught by the our Anglerfish honeypot. We named it Blackrota, giventhat its C2 domain name is [...]
---------------------------------------------
https://blog.netlab.360.com/blackrota-an-obfuscated-backdoor-written-in-go-en/


∗∗∗ Hidden SEO Spam Link Injections on WordPress Sites ∗∗∗
---------------------------------------------
Often when a website is injected with SEO spam, the owner is completely unaware of the issue until they begin to receive warnings from search engines or blacklists. This is by design - attackers intentionally try to prevent detection by arranging injected links so they are not visible to average human traffic. One of the techniques attackers use is to “push” the injected SEO spam links off the visible portion of the website.
---------------------------------------------
https://blog.sucuri.net/2020/11/hidden-seo-spam-link-injections-on-wordpress-sites.html


∗∗∗ MedusaLocker Ransomware Analysis ∗∗∗
---------------------------------------------
The Cybereason Nocturnus Team has published an analysis of the MedusaLocker ransomware. MedusaLocker targets Windows systems and first appeared in 2019. Since then, it has reportedly been involved in many attacks targeting a number of industry sectors, but especially the healthcare sector.
---------------------------------------------
https://exchange.xforce.ibmcloud.com/collection/9b5a2bd4954b29920abc8f39f0a0077a



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Citrix Hypervisor Security Update ∗∗∗
---------------------------------------------
A security issue has been identified that may allow privileged code running in a guest VM to compromise the host. This issue is limited to only those guest VMs where the host administrator has explicitly assigned a PCI passthrough device to the guest VM.
---------------------------------------------
https://support.citrix.com/article/CTX286511


∗∗∗ Xen Security Advisory XSA-355 - stack corruption from XSA-346 change ∗∗∗
---------------------------------------------
A malicious or buggy HVM or PVH guest can cause Xen to crash, resulting in a Denial of Service (DoS) to the entire host. Privilege escalation as well as information leaks cannot be excluded.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-355.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (chromium, microcode_ctl, and seamonkey), Mageia (f2fs-tools, italc, python-cryptography, python-pillow, tcpreplay, and vino), Oracle (thunderbird), Red Hat (bind, kernel, microcode_ctl, net-snmp, and Red Hat Virtualization), Scientific Linux (net-snmp and thunderbird), SUSE (kernel and mariadb), and Ubuntu (atftp, libextractor, pdfresurrect, and pulseaudio).
---------------------------------------------
https://lwn.net/Articles/838255/


∗∗∗ Synology-SA-20:25 Safe Access ∗∗∗
---------------------------------------------
Multiple vulnerabilities allow remote attackers to execute arbitrary code via a susceptible version of Safe Access.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_25


∗∗∗ Red Hat JBoss Enterprise Application Platform: Schwachstelle ermöglicht SQL-Injection ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1161


∗∗∗ OTRS: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1159


∗∗∗ Security Bulletin: IBM TNPM Wireline is vulnerable to Apache Commons Codec. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tnpm-wireline-is-vulnerable-to-apache-commons-codec/


∗∗∗ Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities – IBM SDK, Java Technology Edition v8.0.6.11 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-ibm-sdk-java-technology-edition-v8-0-6-11/


∗∗∗ Security Bulletin: IBM API Connect is vulnerable to arbitrary code execution and security bypass in Drupal (CVE-2020-13664, CVE-2020-13665) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulnerable-to-arbitrary-code-execution-and-security-bypass-in-drupal-cve-2020-13664-cve-2020-13665-3/


∗∗∗ [20201107] - Core - Write ACL violation in multiple core views ∗∗∗
---------------------------------------------
https://developer.joomla.org:443/security-centre/834-20201107-core-write-acl-violation-in-multiple-core-views.html


∗∗∗ [20201106] - Core - CSRF in com_privacy emailexport feature ∗∗∗
---------------------------------------------
https://developer.joomla.org:443/security-centre/833-20201106-core-csrf-in-com-privacy-emailexport-feature.html


∗∗∗ [20201105] - Core - User Enumeration in backend login ∗∗∗
---------------------------------------------
https://developer.joomla.org:443/security-centre/832-20201105-core-user-enumeration-in-backend-login.html


∗∗∗ [20201104] - Core - SQL injection in com_users list view ∗∗∗
---------------------------------------------
https://developer.joomla.org:443/security-centre/831-20201104-core-sql-injection-in-com-users-list-view.html


∗∗∗ [20201103] - Core - Path traversal in mod_random_image ∗∗∗
---------------------------------------------
https://developer.joomla.org:443/security-centre/830-20201103-core-path-traversal-in-mod-random-image.html


∗∗∗ [20201102] - Core - Disclosure of secrets in Global Configuration page ∗∗∗
---------------------------------------------
https://developer.joomla.org:443/security-centre/829-20201102-core-disclosure-of-secrets-in-global-configuration-page.html


∗∗∗ [20201101] - Core - com_finder ignores access levels on autosuggest ∗∗∗
---------------------------------------------
https://developer.joomla.org:443/security-centre/828-20201101-core-com-finder-ignores-access-levels-on-autosuggest.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list