End-of-Day report
Timeframe: Montag 20-01-2020 18:00 - Dienstag 21-01-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
SIM Hijacking
SIM hijacking -- or SIM swapping -- is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Since your smartphone often serves as a security measure or backup verification system, this allows the fraudster to take over other accounts of yours. Sometimes this involves people inside the phone companies. Phone companies have added security measures since this attack became popular and public, but a new study [...]
https://www.schneier.com/blog/archives/2020/01/sim_hijacking.html
Realistic Factory Honeypot Shows Threats Faced by Industrial Organizations
Trend Micro researchers have set up a factory honeypot and found that industrial organizations should be more concerned about attacks launched by profit-driven cybercriminals rather than the threat posed by sophisticated state-sponsored groups.
https://www.securityweek.com/realistic-factory-honeypot-shows-threats-faced-industrial-organizations
Vorsicht vor betrügerischen Microsoft-Anrufen
Aktuell geben sich Kriminelle wieder als Microsoft-MitarbeiterInnen aus und rufen beliebige Telefonnummern an. Angeblich gäbe es ein Problem mit Ihrem Computer. Dieses wollen die betrügerischen AnruferInnen nun mit Ihnen gemeinsam beheben. Legen Sie sofort auf, Kriminelle wollen sich Zugang auf Ihren Computer verschaffen und sensible Benutzerdaten abgreifen.
https://www.watchlist-internet.at/news/vorsicht-vor-betruegerischen-microsoft-anrufen/
Antivirus vendors push fixes for EFS ransomware attack method
Signature-based software may not be enough to protect Microsoft-s Windows EFS against evolving ransomware families.
https://www.zdnet.com/article/antivirus-vendors-scramble-to-fix-new-efs-ransomware-attack/
Vulnerabilities
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2019-14902, CVE-2019-14907, and CVE-2019-19344 and apply the necessary updates and workarounds.
https://www.us-cert.gov/ncas/current-activity/2020/01/21/samba-releases-security-updates
CVE-2019-19886 - HIGH - DoS against libModSecurity 3
The ModSecurity 3.0.x release line suffers from a Denial of Service vulnerability after triggering a segmentation fault on the webserver when parsing a malformed cookie header. All users of ModSecurity 3.0.0 - 3.0.3 should update to ModSecurity 3.0.4 as soon as possible.
https://coreruleset.org/20200118/cve-2019-19886-high-dos-against-libmodsecurity-3/
Security updates for Tuesday
Security updates have been issued by Debian (openconnect), Fedora (e2fsprogs, glibc, kernel, and nss), openSUSE (Mesa, php7, and slurm), Oracle (.NET Core, java-1.8.0-openjdk, java-11-openjdk, and thunderbird), Red Hat (java-1.8.0-openjdk, openvswitch, and openvswitch2.11), Scientific Linux (java-1.8.0-openjdk), SUSE (java-11-openjdk, libssh, libvpx, Mesa, and thunderbird), and Ubuntu (libbsd and samba).
https://lwn.net/Articles/810157/
Insufficient Authentication Vulnerability in OSCA Products
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200121-01-osca-en
Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ermöglichen Codeausführung
http://www.cert-bund.de/advisoryshort/CB-K20-0062
Red Hat Enterprise Linux: Schwachstelle ermöglicht Denial of Service
http://www.cert-bund.de/advisoryshort/CB-K20-0061