[CERT-daily] Tageszusammenfassung - 02.10.2020

Fri Oct 2 18:15:22 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 01-10-2020 18:00 − Freitag 02-10-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Sichere Software entwickeln mit OWASP SAMM ∗∗∗
---------------------------------------------
Sicherheit ist im gesamten Entwicklungsprozess wichtig, und OWASP SAMM bietet ein flexibles Rahmenwerk zur Umsetzung.
---------------------------------------------
https://heise.de/-4918292


∗∗∗ Common Ways Attackers Are Stealing Credentials ∗∗∗
---------------------------------------------
A few weeks ago, we reviewed some of the worst website hacks we’ve ever seen. Every one of them started with poor password choices and escalated into a disastrous event for the site owner. Strong passwords and good password hygiene are often the first line of defense.
---------------------------------------------
https://www.wordfence.com/blog/2020/10/common-ways-attackers-are-stealing-credentials/


∗∗∗ Massenhaft gefälschte Post-Mails: So entlarven Sie den Betrug! ∗∗∗
---------------------------------------------
Derzeit versenden BetrügerInnen zahlreiche E-Mails im Namen der Post. Die Kriminellen täuschen darin vor, dass Versandkosten fehlen und ein Paket daher nicht zugestellt werden könne. Tatsächlich handelt es sich um einen sogenannten „Phishing-Versuch“. Die Kriminellen versuchen so an Ihre Zugangsdaten zu kommen. Wir erklären Ihnen, wie Sie den Betrug entlarven!
---------------------------------------------
https://www.watchlist-internet.at/news/massenhaft-gefaelschte-post-mails-so-entlarven-sie-den-betrug/


∗∗∗ New service checks if your email was used in Emotet attacks ∗∗∗
---------------------------------------------
A new service has been launched that allows you to check if an email domain or address was in an Emotet spam campaign.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-service-checks-if-your-email-was-used-in-emotet-attacks/


∗∗∗ QR Codes: A Sneaky Security Threat ∗∗∗
---------------------------------------------
What to watch out for, and how to protect yourself from malicious versions of these mobile shortcuts.
---------------------------------------------
https://threatpost.com/qr-codes-sneaky-security-threat/159757/


∗∗∗ Serious Security: Phishing without links - when phishers bring along their own web pages ∗∗∗
---------------------------------------------
How do you "check the URL before you click" if the web page youre visiting is already on your own computer?
---------------------------------------------
https://nakedsecurity.sophos.com/2020/10/02/serious-security-phishing-without-links-when-phishers-bring-along-their-own-web-pages/


∗∗∗ GFX Xsender Hack Tool: A Spam Mailer ∗∗∗
---------------------------------------------
PHP hack tools are created and used by attackers to help automate frequent or tedious tasks. During a recent investigation, we came across a hack tool used to simplify the process of sending predefined HTML emails to a list of email addresses. The tool runs on top of PHPMailer’s library, which handles the connection and sending of the malicious emails. The hack tool also grants the ability to authenticate to an email address on a remote server.
---------------------------------------------
https://blog.sucuri.net/2020/10/gfx-xsender-hack-tool-a-spam-mailer.html


∗∗∗ [SANS ISC] Analysis of a Phishing Kit ∗∗∗
---------------------------------------------
I published the following diary on isc.sans.edu: “Analysis of a Phishing Kit“: Sometimes, attackers make mistakes and allow security researchers to access interesting resources. This time, it’s another phishing kit that was left in the wild on the compromised server.
---------------------------------------------
https://blog.rootshell.be/2020/10/02/sans-isc-analysis-of-a-phishing-kit/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ macOS 10.14.6 Supplemental Update ∗∗∗
---------------------------------------------
macOS 10.14.6 Supplemental Update for macOS Mojave includes the security content of Safari 14.0.
---------------------------------------------
https://support.apple.com/kb/HT211872


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (jruby and ruby2.3), Fedora (crun, pdns, and podman), openSUSE (go1.14 and kernel), Oracle (qemu-kvm and virt:ol), Red Hat (qemu-kvm-ma and thunderbird), SUSE (nodejs10, nodejs12, perl-DBI, permissions, and xen), and Ubuntu (ntp).
---------------------------------------------
https://lwn.net/Articles/833343/


∗∗∗ Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ruby-on-rails-affect-ibm-license-metric-tool-v9/


∗∗∗ Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2020-8166). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ruby-on-rails-affects-ibm-license-metric-tool-v9-cve-2020-8166/


∗∗∗ Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2020-8164). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ruby-on-rails-affects-ibm-license-metric-tool-v9-cve-2020-8164/


∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data – Node.js (CVE-2020-8203) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-node-js-cve-2020-8203/


∗∗∗ Security Bulletin: App Connect Enterprise Certified Container is vulnerable to CVE-2019-11324 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-is-vulnerable-to-cve-2019-11324/


∗∗∗ Security Bulletin: Multiple IBM DB2 Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-security-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform/


∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to Authentication Bypass (CVE-2020-4493) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-authentication-bypass-cve-2020-4493/


∗∗∗ Security Bulletin: Vulnerability in Apache Commons Codec affects IBM Cúram Social Program Management (177835) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-commons-codec-affects-ibm-cram-social-program-management-177835/


∗∗∗ Security Bulletin: Multiple IBM DB2 Server Security Vulnerabilities Affect IBM Emptoris Contract Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-security-vulnerabilities-affect-ibm-emptoris-contract-management/


∗∗∗ Security Bulletin: Vulnerability in WebSphere Application Server Liberty affect IBM Operations Analytics – Log Analysis (CVE-2020-4590) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-websphere-application-server-liberty-affect-ibm-operations-analytics-log-analysis-cve-2020-4590/


∗∗∗ Multiple Vulnerabilities in SevOne Network Management System (NMS) ∗∗∗
---------------------------------------------
https://sec-consult.com/./en/blog/advisories/multiple-vulnerabilities-in-sevone-network-management-system-nms/


∗∗∗ PHP: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0949


∗∗∗ Trend Micro AntiVirus for Mac: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0948


∗∗∗ Bitdefender Produkte: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0947

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily