[CERT-daily] Tageszusammenfassung - 11.01.2021
Daily end-of-shift report
team at cert.at
Mon Jan 11 18:10:33 CET 2021
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 08-01-2021 18:00 − Montag 11-01-2021 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Bitcoin-Höhenflug spielt betrügerischen Plattformen in die Karten ∗∗∗
---------------------------------------------
Der neuerliche Höhenflug des Bitcoins sorgt für großes mediales Interesse und laufende Berichterstattung. Diese Aufmerksamkeit nützen auch Kriminelle aus. Sie bewerben betrügerische Investitionsplattformen mit erfundenen News-Beiträgen. Vorsicht: Wer in solche Plattformen investiert, verliert das Geld! Schadenssummen in Höhe mehrerer hundertausend Euro sind keine Seltenheit.
---------------------------------------------
https://www.watchlist-internet.at/news/bitcoin-hoehenflug-spielt-betruegerischen-plattformen-in-die-karten/
∗∗∗ New version of Sysinternals released, Process Hollowing detection added in Sysmon, new registry access detection added to Procmon https://docs.microsoft.com/en-us/sysinternals/, (Mon, Jan 11th) ∗∗∗
---------------------------------------------
https://isc.sans.edu/diary/rss/26972
∗∗∗ Using the NVD Database and API to Keep Up with Vulnerabilities and Patches - Tool Drop: CVEScan (Part 3 of 3), (Mon, Jan 11th) ∗∗∗
---------------------------------------------
Now with a firm approach to or putting an inventory and using the NVD API (https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Part+1+of+3/26958/ and https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Playing+with+Code+Part+2+of+3/26964/), for any client I typically create 4 inventories: [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/26974
∗∗∗ Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments ∗∗∗
---------------------------------------------
This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This Alert is a companion alert to AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations.
---------------------------------------------
https://us-cert.cisa.gov/ncas/alerts/aa21-008a
∗∗∗ How I stole the data in millions of people’s Google accounts ∗∗∗
---------------------------------------------
As many of you may have suspected, this post is not entirely truthful. I have not released this fitness app onto the Play Store, nor have I collected millions of master tokens. ... But yes, these methods do work. I absolutely could release such an app, and so could anyone else (and maybe they have).
---------------------------------------------
https://ethanblake4.medium.com/how-i-stole-the-data-in-millions-of-peoples-google-accounts-aa1b72dcc075
∗∗∗ Free decrypter released for victims of Darkside ransomware ∗∗∗
---------------------------------------------
A new tool released today by Romanian security firm Bitdefender allows victims of the Darkside ransomware to recover their files without paying the ransom demand.
---------------------------------------------
https://www.zdnet.com/article/free-decrypter-released-for-victims-of-darkside-ransomware/
∗∗∗ Trickbot Still Alive and Well ∗∗∗
---------------------------------------------
In October of 2020, the group behind the infamous botnet known as Trickbot had a bad few days. The group was under concerted pressure applied by US Cyber Command infiltrating … Read MoreThe post Trickbot Still Alive and Well appeared first on The DFIR Report.
---------------------------------------------
https://thedfirreport.com/2021/01/11/trickbot-still-alive-and-well/
∗∗∗ Shodan Verified Vulns 2020-12-01 ∗∗∗
---------------------------------------------
Auch im Dezember wollen wir einen Blick auf Schwachstellen werfen, die Shodan in Österreich sieht. Die folgende Grafik basiert auf den Daten vom 2020-12-01: Die Daten zeigen abermals kaum Veränderungen zu den Vormonaten: der Rückgang der SSL-Schwachstellen setzt sich grundsätzlich fort, auch wenn die Änderungen erstmals seit wir die Daten erheben (also seit 2020-09) nur im zweistelligen Bereich sind. Einen Überblick über die bisherige Entwicklung bietet der [...]
---------------------------------------------
https://cert.at/de/aktuelles/2020/12/shodan-verified-vulns-2020-12
=====================
= Vulnerabilities =
=====================
∗∗∗ Typeform fixes Zendesk Sell form data hijacking vulnerability ∗∗∗
---------------------------------------------
Online survey and form creator Typeform has quietly patched a data hijacking vulnerability in its Zendesk Sell integration. If exploited, the vulnerability could let attacks redirect the form submissions containing potentially sensitive information to themselves.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/typeform-fixes-zendesk-sell-form-data-hijacking-vulnerability/
∗∗∗ QNAP: Command Injection Vulnerability in QTS and QuTS hero ∗∗∗
---------------------------------------------
CVE identifier: CVE-2020-2508
Affected products: All QNAP NAS
Summary: A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application.
---------------------------------------------
https://www.qnap.com/de-de/security-advisory/QSA-21-01
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, firefox, and mbedtls), Debian (coturn), Fedora (firefox, flac, and nodejs), Gentoo (ark, chromium, dovecot, firefox, firejail, ipmitool, nodejs, and pillow), Mageia (alpine, c-client, binutils, busybox, cherokee, firefox, golang, guava, imagemagick, libass, openexr, squirrelmail, tomcat, and xrdp), openSUSE (chromium, cobbler, rpmlint, and tomcat), Oracle (kernel), Red Hat (firefox, libpq, and openssl), SUSE (python-defusedxml, [...]
---------------------------------------------
https://lwn.net/Articles/842304/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime 1.8 affect IBM Sterling Secure Proxy ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-1-8-affect-ibm-sterling-secure-proxy-3/
∗∗∗ Security Bulletin: An Eclipse Jetty Vulnerability Affects IBM Sterling Secure External Authentication Server (CVE-2020-27216) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-an-eclipse-jetty-vulnerability-affects-ibm-sterling-secure-external-authentication-server-cve-2020-27216/
∗∗∗ Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Sterling Secure Proxy (CVE-2020-27216) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-eclipse-jetty-affects-ibm-sterling-secure-proxy-cve-2020-27216/
∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling External Authentication Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-external-authentication-server-3/
∗∗∗ Security Bulletin: IBM DataPower Gateway Java security update ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-java-security-update/
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2020-4869) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2020-4869/
∗∗∗ Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Sterling Secure Proxy (CVE-2020-13920) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-activemq-affects-ibm-sterling-secure-proxy-cve-2020-13920/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list