[CERT-daily] Tageszusammenfassung - 23.09.2020
Daily end-of-shift report
team at cert.at
Wed Sep 23 18:15:49 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 22-09-2020 18:00 − Mittwoch 23-09-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Security-Checkliste Webbrowser ∗∗∗
---------------------------------------------
Ihr Browser kommt, auch ohne Surfen auf zwielichtigen Websites, sehr häufig mit Schadcode in Kontakt. Umso wichtiger ist es, ihn maximal sicher einzustellen.
---------------------------------------------
https://heise.de/-4886750
∗∗∗ Aufgepasst: Emotet versteckt sich nun in passwortgeschützten Archiven ∗∗∗
---------------------------------------------
Die Drahtzieher hinter Emotet haben eine neue Kampagne gestartet, um die Malware zu verbreiten. Dieses Mal haben Sie aber bei einer Sache gepennt.
---------------------------------------------
https://heise.de/-4909712
∗∗∗ Betrügerische Kredite von Continental Bank und Eran Finance! ∗∗∗
---------------------------------------------
Durch die Auswirkungen der Corona-Krise sind immer mehr Menschen von Finanzhilfen abhängig. Kein Wunder, dass Kredite und Darlehen beliebter werden und dass auch Cyberkriminelle betrügerischen Kredite anbieten. So zum Beispiel der Kreditvermittler royal-eranfinance.com und die Bank continental-groupe.com. Die beiden vermeintlichen Unternehmen arbeiten zusammen. Doch statt Kredite auszuzahlen, stehlen die Unternehmen die Identität der Opfer und verlangen Vorschusszahlungen.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-kredite-von-continental-bank-und-eran-finance/
∗∗∗ Case Study: Emotet Thread Hijacking, an Email Attack Technique ∗∗∗
---------------------------------------------
Thread hijacking, recently used to distribute Emotet, uses stolen copies of messages collected from infected users' email clients to attack others.
---------------------------------------------
https://unit42.paloaltonetworks.com/emotet-thread-hijacking/
∗∗∗ Linux vulnerabilities: How unpatched servers lead to persistent backdoors ∗∗∗
---------------------------------------------
Vulnerability management is a challenge Humans make mistakes, software has bugs and some of these bugs are exploitable vulnerabilities. The existence of vulnerabilities in software is not a new problem, but as the volume of software in existence grows, so does the number of exploitable vulnerabilities.
---------------------------------------------
https://resources.infosecinstitute.com/linux-vulnerabilities-how-unpatched-servers-lead-to-persistent-backdoors/
∗∗∗ Looking for sophisticated malware in IoT devices ∗∗∗
---------------------------------------------
Let's talk about the structure of the firmware of an IoT device in order to get a better understanding of the different components.
---------------------------------------------
https://securelist.com/looking-for-sophisticated-malware-in-iot-devices/98530/
∗∗∗ [SANS ISC] Malicious Word Document with Dynamic Content ∗∗∗
---------------------------------------------
I published the following diary on isc.sans.edu: "Malicious Word Document with Dynamic Content": Here is another malicious Word document that I spotted while hunting. "Another one?" may ask some of our readers. Indeed but malicious documents remain a very common infection vector and you learn a lot when you analyze [...]
---------------------------------------------
https://blog.rootshell.be/2020/09/23/sans-isc-malicious-word-document-with-dynamic-content/
=====================
= Vulnerabilities =
=====================
∗∗∗ Critical Vulnerabilities Patched in XCloner Backup and Restore Plugin ∗∗∗
---------------------------------------------
On August 14, our Threat Intelligence team discovered several vulnerabilities present in XCloner Backup and Restore, a WordPress plugin installed on over 30,000 sites. This flaw gave authenticated attackers, with subscriber-level or above capabilities, the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution on [...]
---------------------------------------------
https://www.wordfence.com/blog/2020/09/critical-vulnerabilities-patched-in-xcloner-backup-and-restore-plugin/
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by openSUSE (libetpan, libqt4, lilypond, otrs, and perl-DBI), Red Hat (kernel-rt), Slackware (seamonkey), SUSE (grafana, libmspack, openldap2, ovmf, pdns, rubygem-actionpack-5_1, and samba), and Ubuntu (debian-lan-config, ldm, libdbi-perl, and netty-3.9).
---------------------------------------------
https://lwn.net/Articles/832276/
∗∗∗ Samba Issues Patches for Zerologon Vulnerability ∗∗∗
---------------------------------------------
The Samba team has released patches for a critical-severity elevation of privilege vulnerability impacting the Microsoft Windows Netlogon Remote Protocol (MS-NRPC).
---------------------------------------------
https://www.securityweek.com/samba-issues-patches-zerologon-vulnerability
∗∗∗ CVE-2020-1472/Zerologon. As an IT manager should I worry? ∗∗∗
---------------------------------------------
TL;DR Yes, apply the update from Microsoft.
---------------------------------------------
https://www.pentestpartners.com/security-blog/cve-2020-1472-zerologon-as-an-it-manager-should-i-worry/
∗∗∗ Citrix Hypervisor Security Update ∗∗∗
---------------------------------------------
Several security issues have been identified in Citrix Hypervisor (formerly Citrix XenServer) that may allow privileged code in a guest VM to cause the host to crash or become unresponsive. In addition, unprivileged code in a PV guest VM may be able to [...]
---------------------------------------------
https://support.citrix.com/article/CTX282314
∗∗∗ Security Advisory - Buffer Overflow Vulnerability BootHole in GRUB2 Secure Boot ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200923-01-grub2-en
∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200923-01-outofbound-en
∗∗∗ Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4698 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4698-2/
∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to path traversal (CVE-2019-4582) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-path-traversal-cve-2019-4582-2/
∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2020-15358) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2020-15358/
∗∗∗ Atlassian Confluence: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-0920
∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-0921
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list