[CERT-daily] Tageszusammenfassung - 25.09.2020
Daily end-of-shift report
team at cert.at
Fri Sep 25 18:25:16 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 24-09-2020 18:00 − Freitag 25-09-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Datenleck: Airbnb gibt Gastgebern Zugriff auf fremde Postfächer ∗∗∗
---------------------------------------------
Hosts berichten, dass ihnen die Nachrichten anderer Airbnb-Hosts angezeigt werden - bis hin zur PIN, mit der sich die Tür öffnen lässt.
---------------------------------------------
https://www.golem.de/news/datenleck-airbnb-gibt-gastgebern-zugriff-auf-fremde-postfaecher-2009-151125-rss.html
∗∗∗ Sodinokibi Ransomware 101: Origin, Victims, Prevention Strategies ∗∗∗
---------------------------------------------
Cyberattacks have become a part of our reality, but have you ever wondered what might happen if your company gets targeted? You probably imagine that you would lose some money and a great deal of time, maybe fire an employee or too, lose a few clients and have your reputation tainted or eventually even deal [...]
---------------------------------------------
https://heimdalsecurity.com/blog/sodinokibi-ransomware-101/
∗∗∗ Ghost in action: the Specter botnet ∗∗∗
---------------------------------------------
On August 20, 2020, 360Netlab Threat Detect System captured a suspicious ELF file (22523419f0404d628d02876e69458fbe.css) with 0 VT detection. When we took a close look, we see a new botnet that targets AVTECH IP Camera / NVR / DVR devices, and it has flexible configuration, highly modular / plugin, and uses TLS, [...]
---------------------------------------------
https://blog.netlab.360.com/ghost-in-action-the-specter-botnet/
∗∗∗ Securing Exchange Online [Guest Diary], (Fri, Sep 25th) ∗∗∗
---------------------------------------------
[...] The base configuration of Exchange Online is set to allow quick onboarding of customers with minimal barriers to the smooth migration of email into the service. The configuration does require tweaks to in order to make it more secure. I aim to cover some of the more effective tweaks in this document and point the reader to the right documentation to secure their Exchange tenant.
---------------------------------------------
https://isc.sans.edu/diary/rss/26600
∗∗∗ Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers ∗∗∗
---------------------------------------------
As the pandemic continues to accelerate the shift towards working from home, a slew of digital threats have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks. Now according to network security platform provider SAM Seamless Network, over 200,000 businesses that have deployed the Fortigate VPN solution to enable employees to [...]
---------------------------------------------
https://thehackernews.com/2020/09/fortigate-vpn-security.html
∗∗∗ Studie: Angreifer wollen ins Homeoffice – millionenfach über RDP-Verbindungen ∗∗∗
---------------------------------------------
In Corona-Zeiten haben Forscher einen signifikanten Anstieg von Attacken auf Remote-Verbindungen registriert. Mit den richtigen Tipps schützt man sich.
---------------------------------------------
https://heise.de/-4912452
∗∗∗ Security-Updatepaket für Ciscos Netzwerkbetriebssysteme IOS und IOS XE ∗∗∗
---------------------------------------------
Admins aufgepasst: Vor dem Start ins Wochenende warten noch Updates für IOS und IOS XE, die insgesamt 34 Schwachstellen mit hoher Risikoeinstufung schließen.
---------------------------------------------
https://heise.de/-4912352
∗∗∗ Handling Incidents in ICS – Getting to the Root of the Problem ∗∗∗
---------------------------------------------
For most organizations, having an incident response plan is a regulatory or even legal requirement these days. Unfortunately just having [...]
---------------------------------------------
https://www.dragos.com/blog/industry-news/handling-incidents-in-ics-getting-to-the-root-of-the-problem/
=====================
= Vulnerabilities =
=====================
∗∗∗ macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave ∗∗∗
---------------------------------------------
This document describes the security content of macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave.
---------------------------------------------
https://support.apple.com/kb/HT211849
∗∗∗ iCloud for Windows 11.4 ∗∗∗
---------------------------------------------
This document describes the security content of iCloud for Windows 11.4.
---------------------------------------------
https://support.apple.com/kb/HT211846
∗∗∗ iCloud for Windows 7.21 ∗∗∗
---------------------------------------------
This document describes the security content of iCloud for Windows 7.21.
---------------------------------------------
https://support.apple.com/kb/HT211847
∗∗∗ Cisco Security Advisories ∗∗∗
---------------------------------------------
Cisco hat 42 Security Advisories mit folgenden "Security Impact Ratings" veröffentlicht:
High: 29
Medium: 13
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2020%2F09%2F24&firstPublishedEndDate=2020%2F09%2F25&limit=50
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (rails), openSUSE (chromium, jasper, ovmf, roundcubemail, samba, and singularity), Oracle (firefox), SUSE (bcm43xx-firmware, firefox, libqt5-qtbase, qemu, and tiff), and Ubuntu (aptdaemon, atftp, awl, packagekit, and spip).
---------------------------------------------
https://lwn.net/Articles/832509/
∗∗∗ Security Bulletin: IBM InfoSphere Information Server is vulnerable to Cross-frame scripting ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-vulnerable-to-cross-frame-scripting/
∗∗∗ Security Bulletin: Security Vulnerabilities in IBM® Java SDK July 2020 CPU plus CVE-2020-2590 and CVE-2020-2601 affect multiple IBM Continuous Engineering products based on IBM Jazz Technology ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-july-2020-cpu-plus-cve-2020-2590-and-cve-2020-2601-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology/
∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect IBM Spectrum Conductor and IBM Spectrum Conductor with Spark ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark-2/
∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4643) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-an-information-exposure-vulnerability-cve-2020-4643-2/
∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect IBM Spectrum Conductor and IBM Spectrum Conductor with Spark ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark/
∗∗∗ Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4531 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4531/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list