[CERT-daily] Tageszusammenfassung - 24.09.2020
Daily end-of-shift report
team at cert.at
Thu Sep 24 18:23:39 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 23-09-2020 18:00 − Donnerstag 24-09-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Security-Checkliste Passwörter & Accounts ∗∗∗
---------------------------------------------
Passwörter sind ein notwendiges Übel. Mit den folgenden Tipps haben Sie so wenig Passwortstress wie nötig, ohne an der Sicherheit zu sparen.
---------------------------------------------
https://heise.de/-4886755
∗∗∗ Vorsicht vor Raiffeisen Phishing SMS ∗∗∗
---------------------------------------------
Momentan werden massenhaft betrügerische Phishing SMS im Namen der Raiffeisen Bank verschickt. Angeblich sollte eine PushTAN Registrierung abgeschlossen werden. Die verlinkte Website sieht der echten dabei zum Verwechseln ähnlich. Achtung: Hier dürfen keinesfalls die eigenen Online Banking Daten eingegeben werden. Diese landen direkt in den Händen Krimineller.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-raiffeisen-phishing-sms/
∗∗∗ Android-Malware Alien stiehlt Geld ∗∗∗
---------------------------------------------
Ein Android-Trojaner namens Alien ist seit Anfang des Jahres aktiv und wird als Malware-as-a-Service (MaaS) in unterirdischen Hackerforen angeboten. Ziel sind Banking- und Finanz-Apps auch in Deutschland
---------------------------------------------
https://www.zdnet.de/88382932/android-malware-alien-stiehlt-geld/
∗∗∗ Supply Chain bietet Angriffspunkte ∗∗∗
---------------------------------------------
Hacker nutzen zunehmend die Lieferketten im Ökosystem von Unternehmen, um ihre Angriffe vorzutragen. Kleinere Lieferanten mit schwachen Sicherheitsstrukturen bieten Einstiegspunkte für Attacken.
---------------------------------------------
https://www.zdnet.de/88382938/supply-chain-bietet-angriffspunkte/
∗∗∗ Protecting Against PowerShell Attacks: 5 Key Steps ∗∗∗
---------------------------------------------
Admins are already busy maintaining all systems running onsite and remotely, so the extra demand to protect against fileless threats can be overwhelming for manual security operations and inexperienced IT professionals. There are, however, five basic steps you can take to help mitigate the threat
---------------------------------------------
https://www.beyondtrust.com/blog/entry/protecting-against-powershell-attacks-is-easier-than-you-think
∗∗∗ AgeLocker ransomware targets QNAP NAS devices, steals data ∗∗∗
---------------------------------------------
QNAP NAS devices are being targeted in attacks by the AgeLocker ransomware, which encrypts the devices data, and in some cases, steal files from the victim.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/agelocker-ransomware-targets-qnap-nas-devices-steals-data/
∗∗∗ Malicious One-Liner Using Hastebin ∗∗∗
---------------------------------------------
Short scripts that deliver malware to a website are nothing new, but during a recent investigation we found a script using hastebin[.]com, which is a domain we see used infrequently. The script was found writing malicious contents into an image directory on a compromised website, allowing an attacker to execute other malicious commands.
---------------------------------------------
https://blog.sucuri.net/2020/09/malicious-one-liner-using-hastebin.html
∗∗∗ [SANS ISC] Party in Ibiza with PowerShell ∗∗∗
---------------------------------------------
I published the following diary on isc.sans.edu: "Party in Ibiza with PowerShell": Today, I would like to talk about PowerShell ISE or "Integration Scripting Environment". This tool is installed by default on all Windows computers (besides the classic PowerShell interpreter). From a malware analysis point of view, ISE offers a key feature: [...]
---------------------------------------------
https://blog.rootshell.be/2020/09/24/sans-isc-party-in-ibiza-with-powershell/
∗∗∗ Fuzzing Image Parsing in Windows, Part One: Color Profiles ∗∗∗
---------------------------------------------
Image parsing and rendering are basic features of any modern operating system (OS). Image parsing is an easily accessible attack surface, and a vulnerability that may lead to remote code execution or information disclosure in such a feature is valuable to attackers.
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2020/09/fuzzing-image-parsing-in-windows-color-profiles.html
=====================
= Vulnerabilities =
=====================
∗∗∗ Jetzt patchen! Attacken auf Zerologon-Lücke in Windows Server ∗∗∗
---------------------------------------------
Microsoft warnt vor Attacken auf eine kritische Sicherheitslücke in verschiedenen Windows-Server-Versionen. Auch Samba ist betroffen.
---------------------------------------------
https://heise.de/-4910854
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (firefox, libproxy, mbedtls, samba, and zeromq), openSUSE (chromium and virtualbox), Red Hat (firefox and kernel), SUSE (cifs-utils, conmon, fuse-overlayfs, libcontainers-common, podman, libcdio, python-pip, samba, and wavpack), and Ubuntu (rdflib).
---------------------------------------------
https://lwn.net/Articles/832405/
∗∗∗ Synology-SA-20:22 SRM ∗∗∗
---------------------------------------------
A vulnerability allows remote authenticated users to bypass security constraints via a susceptible version of Synology Router Manager (SRM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_22
∗∗∗ Wireshark: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0922
∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Struts affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-0233, CVE-2019-0230) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-struts-affect-tivoli-netcool-omnibus-webgui-cve-2019-0233-cve-2019-0230/
∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-10/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor and IBM Spectrum Conductor with Spark ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark-3/
∗∗∗ Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Manager previously known as IBM Security Privilege Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-security-verify-privilege-manager-previously-known-as-ibm-security-privilege-manager/
∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-7/
∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-9/
∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-6/
∗∗∗ Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Vault previously known as IBM Security Secret Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-security-verify-privilege-vault-previously-known-as-ibm-security-secret-server/
∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-8/
∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application and IHS server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-tivoli-monitoring-embedded-websphere-application-and-ihs-server-2/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list