[CERT-daily] Tageszusammenfassung - 22.10.2020

Daily end-of-shift report team at cert.at
Thu Oct 22 18:17:33 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 21-10-2020 18:00 − Donnerstag 22-10-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Das sind die Gewinner von Österreichs größtem Hacker-Wettbewerb ∗∗∗
---------------------------------------------
Das Finale der Austria Cyber Security Challenge 2020 wurde virtuell ausgetragen. Die Sieger stehen fest.
---------------------------------------------
https://futurezone.at/digital-life/das-sind-die-gewinner-von-oesterreichs-groesstem-hacker-wettbewerb/401074005


∗∗∗ BazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon, (Thu, Oct 22nd) ∗∗∗
---------------------------------------------
Phishing messages distributing BazarLoader have come to be commonplace in the past six months, but in the last couple of weeks Ive been seeing more and more e-mails spreading this malware caught in my quarantine. Although contents of these messages differ, their appearance is usually similar [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/26710


∗∗∗ XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability ∗∗∗
---------------------------------------------
This tech support scam is being spread via Facebook links and uses several redirection mechanisms to avoid detection.
---------------------------------------------
https://blog.malwarebytes.com/cybercrime/2020/10/xss-to-tss-tech-support-scam-campaign/


∗∗∗ Abusing RDP’s Remote Credential Guard with Rubeus PTT ∗∗∗
---------------------------------------------
TL;DR Microsoft’s Remote Credential Guard (RCG) for RDP protects creds if an RDP server is compromised. It leaves little scope for password or NTLM credential dumping when a user connects [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/abusing-rdps-remote-credential-guard-with-rubeus-ptt/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ VU#208577: Chocolatey Boxstarter vulnerable to privilege escalation due to weak ACLs ∗∗∗
---------------------------------------------
Chocolatey Boxstarter fails to properly set ACLs, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges.
---------------------------------------------
https://kb.cert.org/vuls/id/208577


∗∗∗ Gefährliche Lücken in Cisco-Software für Netzwerkschutz und -Management ∗∗∗
---------------------------------------------
Der Netzwerkausrüster Cisco hat wichtige Sicherheitsupdates für verschiedene Netzwerk-Software veröffentlicht. Keine Lücke gilt als kritisch.
---------------------------------------------
https://heise.de/-4936512


∗∗∗ Vulnerability Spotlight: A deep dive into WAGO’s cloud connectivity and the vulnerabilities that arise ∗∗∗
---------------------------------------------
WAGO makes several programmable automation controllers that are used in many industries including automotive, rail, power engineering, manufacturing and building management. Cisco Talos discovered 41 vulnerabilities in their PFC200 and PFC100 controllers.
---------------------------------------------
https://blog.talosintelligence.com/2020/10/vulnerability-spotlight-deep-dive-into.html


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-infosphere-information-server-2/


∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-12/


∗∗∗ Security Bulletin: A security vulnerability in Node.js node-fetch module affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-node-fetch-module-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management-and-managed-service/


∗∗∗ Security Bulletin: A security vulnerability in Node.js lodash module affects IBM Cloud Pak for Multicloud Management Infrastructure Management. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-lodash-module-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list