[CERT-daily] Tageszusammenfassung - 06.10.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 05-10-2020 18:00 − Dienstag 06-10-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Hacker group compromises mobile provider to steal credit cards ∗∗∗
---------------------------------------------
Credit card skimming group Fullz House has compromised and injected the website of US mobile virtual network operator (MVNO) Boom! Mobile with a credit card stealer script.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hacker-group-compromises-mobile-provider-to-steal-credit-cards/


∗∗∗ Ransomware threat surge, Ryuk attacks about 20 orgs per week ∗∗∗
---------------------------------------------
Malware researchers monitoring ransomware threats noticed a sharp increase in these attacks over the past months compared to the first six months of 2020.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ransomware-threat-surge-ryuk-attacks-about-20-orgs-per-week/


∗∗∗ Obfuscation and Repetition, (Mon, Oct 5th) ∗∗∗
---------------------------------------------
The obfuscated payload of a maldoc submitted by a reader can be quickly extracted with the "strings method" I explained in diary entry "Quickie: String Analysis is Still Useful".
---------------------------------------------
https://isc.sans.edu/diary/rss/26648


∗∗∗ Release the Kraken: Fileless APT attack abuses Windows Error Reporting service ∗∗∗
---------------------------------------------
We discovered a new attack that injected its payload—dubbed "Kraken" into the Windows Error Reporting (WER) service as a defense evasion mechanism.
---------------------------------------------
https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service/


∗∗∗ Betrug auf Amazon erkennen: So geht‘s ∗∗∗
---------------------------------------------
Auch auf Amazon können Sie auf betrügerische Angebote stoßen. Das Positive jedoch vorweg: Ein betrügerisches Angebot kann schnell entlarvt werden, indem Sie sich das Profil der Marketplace-HändlerInnen genauer ansehen. Werden Sie dort aufgefordert, sich vor einer Bestellung per E-Mail an den Verkäufer/ die Verkäuferin zu wenden, handelt es sich um Betrug!
---------------------------------------------
https://www.watchlist-internet.at/news/betrug-auf-amazon-erkennen-so-gehts/


∗∗∗ 5 steps to secure your connected devices ∗∗∗
---------------------------------------------
As we steadily adopt smart devices into our lives, we shouldn’t forget about keeping them secured and our data protected.
---------------------------------------------
https://www.welivesecurity.com/2020/10/05/5-steps-secure-connected-devices/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Smart male chastity lock cock-up ∗∗∗
---------------------------------------------
TL;DR Smart Bluetooth male chastity lock, designed for user to give remote control to a trusted 3rd party using mobile app [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/smart-male-chastity-lock-cock-up/


∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to Multiple Jackson-Databind CVEs – February 2020 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-multiple-jackson-databind-cves-february-2020/


∗∗∗ Security Bulletin: IBM DataPower Gateway is potentially vulnerable to a Denial of Service (CVE-2020-14147) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-is-potentially-vulnerable-to-a-denial-of-service-cve-2020-14147/


∗∗∗ Security Bulletin: IBM DataPower Gateway can expose remote credentials to local users (CVE-2020-4528) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-can-expose-remote-credentials-to-local-users-cve-2020-4528/


∗∗∗ Security Bulletin: Multiple Security Vulnerabilities fixed in IBM WebSphere Liberty as shipped in IBM Security Access Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-fixed-in-ibm-websphere-liberty-as-shipped-in-ibm-security-access-manager/


∗∗∗ Security Bulletin: Cross-Site Scripting (XSS) fixed in IBM Security Access Manager 9.0.7.2 (CVE-2019-4725) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-xss-fixed-in-ibm-security-access-manager-9-0-7-2-cve-2019-4725/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-oracle-mysql-vulnerability-2/


∗∗∗ Security Bulletin: IBM DataPower Gateway may allow a potential DoS when importing malicious ZIP files (CVE-2019-13232) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-may-allow-a-potential-dos-when-importing-malicious-zip-files-cve-2019-13232/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by Python vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-python-vulnerabilities/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-service-tester/


∗∗∗ October 2020 ∗∗∗
---------------------------------------------
https://source.android.com/security/bulletin/2020-10-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily