[CERT-daily] Tageszusammenfassung - 20.10.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 19-10-2020 18:00 − Dienstag 20-10-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack ∗∗∗
---------------------------------------------
Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours.
---------------------------------------------
https://threatpost.com/ryuk-ransomware-gang-zerologon-lightning-attack/160286/


∗∗∗ Mirai-alike Python Scanner, (Tue, Oct 20th) ∗∗∗
---------------------------------------------
Last week, I found an interesting Python script that behaves like a Mirai bot. It scans for vulnerable devices exposing their telnet (TCP/23) interface in the wild, then tries to connect using a dictionary of credentials.
---------------------------------------------
https://isc.sans.edu/diary/rss/26698


∗∗∗ Advanced Ransomware Attacks ∗∗∗
---------------------------------------------
SI-CERT, the national CSIRT of Slovenia has been handling reports of ransomware attacks on a regular basis since April 2012. Until 2019, attack victims were selected randomly as part of a mass-volume campaign aiming to spread the virus. However, since 2019 the attacks have been more targeted.
---------------------------------------------
https://connect.geant.org/2020/10/19/advanced-ransomware-attacks


∗∗∗ Beim Kauf auf Kleinanzeigen-Plattformen: Zahlung nicht via PayPal-Funktion „Geld an Freunde oder Familie senden“ durchführen ∗∗∗
---------------------------------------------
Auf den beliebten Kleinanzeigen-Plattformen wie willhaben, shpock oder ebay Kleinanzeigen treiben auch Kriminelle ihr Unwesen. Neben Vorkasse- und Treuhand-Betrug ist auch der PayPal-Trick eine beliebte Masche, um KäuferInnen abzuzocken.
---------------------------------------------
https://www.watchlist-internet.at/news/beim-kauf-auf-kleinanzeigen-plattformen-zahlung-nicht-via-paypal-funktion-geld-an-freunde-oder-fam/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Illustrator (APSB20-53), Adobe Dreamweaver (APSB20-55), Marketo(APSB20-60), Adobe Animate (APSB20-61), Adobe After Effects (APSB20-62), Adobe Photoshop (APSB20-63), Adobe Premiere Pro (APSB20-64), Adobe Media Encoder (APSB20-65), Adobe InDesign (APSB20-66) and Adobe Creative Cloud Desktop Application (APSB20-68).
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1930


∗∗∗ QNAP: Sicherheitsupdates für QTS wehren "Zerologon"-Angriffe auf NAS ab ∗∗∗
---------------------------------------------
Je nach Konfiguration können Netzwerkspeicher von QNAP über die Sicherheitslücke "Zerologon" aus der Ferne angreifbar sein. Updates für QTS stehen bereit.
---------------------------------------------
https://heise.de/-4932748


∗∗∗ Seven mobile browsers vulnerable to address bar spoofing attacks ∗∗∗
---------------------------------------------
Vulnerabilities allow attackers to trick users into accessing malicious sites while showing the incorrect URL in the address bar.
---------------------------------------------
https://www.zdnet.com/article/seven-mobile-browsers-vulnerable-to-address-bar-spoofing-attacks/


∗∗∗ Security Bulletin: Cross-Site Scripting Security Vulnerability Affects IBM Sterling B2B Integrator Standard Edition ( CVE-2020-4564) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-security-vulnerability-affects-ibm-sterling-b2b-integrator-standard-edition-cve-2020-4564/


∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged local user may cause a denial of service ( CVE-2020-4411) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-where-an-unprivileged-local-user-may-cause-a-denial-of-service-cve-2020-4411/


∗∗∗ Security Bulletin: IBM Elastic Storage System 3000 is affected by weak cryptographic algorithm (CVE-2020-4350) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-system-3000-is-affected-by-weak-cryptographic-algorithm-cve-2020-4350/


∗∗∗ Security Bulletin: SQL Injection Vulnerability Affects the Graphic Process Modeler in IBM Sterling B2B Integrator (CVE-2019-4680) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerability-affects-the-graphic-process-modeler-in-ibm-sterling-b2b-integrator-cve-2019-4680/


∗∗∗ Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-the-linux-kernel-used-in-ibm-elastic-storage-system/


∗∗∗ Security Bulletin: A vulnerability in IBM Spectrum Scale packaged in IBM Elastic Storage System could cause a denial of service (CVE-2020-4756) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-spectrum-scale-packaged-in-ibm-elastic-storage-system-could-cause-a-denial-of-service-cve-2020-4756/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageGateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-messagegateway-2/


∗∗∗ Security Bulletin: Cross-Site Scripting Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4564) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-ibm-sterling-file-gateway-cve-2020-4564/


∗∗∗ Security Bulletin: Multiple vulnerabilities affect the IBM Spectrum Scale GUI. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-the-ibm-spectrum-scale-gui/


∗∗∗ Security Bulletin: Multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-linux-kernel-used-in-ibm-elastic-storage-system/


∗∗∗ XSA-347 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-347.html


∗∗∗ XSA-346 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-346.html


∗∗∗ XSA-345 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-345.html


∗∗∗ XSA-332 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-332.html


∗∗∗ XSA-331 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-331.html


∗∗∗ XSA-286 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-286.html


∗∗∗ Security Vulnerabilities fixed in Firefox 82 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/


∗∗∗ Synology-SA-20:24 Media Server ∗∗∗
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_24


∗∗∗ Synology-SA-20:23 Download Station ∗∗∗
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_23


∗∗∗ VMware ESXi: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-1003


∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-1005

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily