[CERT-daily] Tageszusammenfassung - 27.11.2020

Fri Nov 27 18:12:51 CET 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 26-11-2020 18:00 − Freitag 27-11-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Achtung Identitätsdiebstahl: Kriminelle versenden betrügerische E-Mails im Namen der Post! ∗∗∗
---------------------------------------------
Zahlreiche LeserInnen melden uns derzeit eine betrügerische E-Mail, die im Namen der Österreichischen Post verschickt wird. In diesem E-Mail werden Sie dazu aufgefordert, eine Ausweiskopie zu senden, damit eine Lieferung verarbeitet werden kann. Ignorieren Sie diese E-Mail. Es handelt sich um Betrug!
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-identitaetsdiebstahl-kriminelle-versenden-betruegerische-e-mails-im-namen-der-post/


∗∗∗ Sicherheitsupdates: Archive mit Schadcode könnten Drupal-Websites gefährden ∗∗∗
---------------------------------------------
Die Drupal-Enwickler haben zwei gefährliche Sicherheitslücken im Content Management System Drupal geschlossen.
---------------------------------------------
https://heise.de/-4972845


∗∗∗ Mit dem Bloodhound auf Active-Directory-Jagd ∗∗∗
---------------------------------------------
Auf seiner SO-CON zeigte SpecterOps viele Aktualisierungen für Security-Werkzeuge, darunter BloodHound 4.0 für Active-Directory-Angriffe.
---------------------------------------------
https://heise.de/-4973049


∗∗∗ Hackers Love Expired Domains ∗∗∗
---------------------------------------------
Sometimes, website owners no longer want to own a domain name and they allow it to expire without attempting to renew it. This happens all the time and is totally normal, but it’s important to remember that attackers regularly monitor domain expirations and may target certain domains that meet specific criteria. Vendor domains can be an easy backdoor A vendor (supplier) domain is defined as a website that is used to host and load third party Javascript resources [...]
---------------------------------------------
https://blog.sucuri.net/2020/11/hackers-love-expired-domains.html


∗∗∗ Digitally Signed Bandook Malware Once Again Targets Multiple Sectors ∗∗∗
---------------------------------------------
A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan. Check Point Research called out hackers affiliated with a group named Dark Caracal in a new report published yesterday for their efforts to deploy "dozens of digitally signed variants" of [...]
---------------------------------------------
https://thehackernews.com/2020/11/digitally-signed-bandook-malware-once.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Citrix Virtual Apps and Desktops Security Update ∗∗∗
---------------------------------------------
2020-11-25: Improved clarification on when a version is impacted and added that 1912 LTSR CU2 is now available
---------------------------------------------
https://support.citrix.com/article/CTX285059


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (go, libxml2, postgresql, and wireshark-cli), Debian (drupal7 and lxml), Fedora (drupal7, java-1.8.0-openjdk-aarch32, libxml2, pacemaker, slurm, and swtpm), openSUSE (c-ares, ceph, chromium, dash, firefox, go1.14, java-1_8_0-openjdk, kernel, krb5, perl-DBI, podman, postgresql10, postgresql12, rclone, slurm, ucode-intel, wireshark, wpa_supplicant, and xen), SUSE (ceph, firefox, kernel, LibVNCServer, and python), and Ubuntu (freerdp, poppler, and [...]
---------------------------------------------
https://lwn.net/Articles/838469/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily