Tageszusammenfassung - 02.10.2020

End-of-Day report

Timeframe: Donnerstag 01-10-2020 18:00 - Freitag 02-10-2020 18:00 Handler: Stephan Richter Co-Handler: n/a

News

Sichere Software entwickeln mit OWASP SAMM

Sicherheit ist im gesamten Entwicklungsprozess wichtig, und OWASP SAMM bietet ein flexibles Rahmenwerk zur Umsetzung.

Common Ways Attackers Are Stealing Credentials

A few weeks ago, we reviewed some of the worst website hacks we-ve ever seen. Every one of them started with poor password choices and escalated into a disastrous event for the site owner. Strong passwords and good password hygiene are often the first line of defense.

https://www.wordfence.com/blog/2020/10/common-ways-attackers-are-stealing-credentials/

Massenhaft gefälschte Post-Mails: So entlarven Sie den Betrug!

Derzeit versenden BetrügerInnen zahlreiche E-Mails im Namen der Post. Die Kriminellen täuschen darin vor, dass Versandkosten fehlen und ein Paket daher nicht zugestellt werden könne. Tatsächlich handelt es sich um einen sogenannten -Phishing-Versuch-. Die Kriminellen versuchen so an Ihre Zugangsdaten zu kommen. Wir erklären Ihnen, wie Sie den Betrug entlarven!

https://www.watchlist-internet.at/news/massenhaft-gefaelschte-post-mails-so-entlarven-sie-den-betrug/

New service checks if your email was used in Emotet attacks

A new service has been launched that allows you to check if an email domain or address was in an Emotet spam campaign.

https://www.bleepingcomputer.com/news/security/new-service-checks-if-your-email-was-used-in-emotet-attacks/

QR Codes: A Sneaky Security Threat

What to watch out for, and how to protect yourself from malicious versions of these mobile shortcuts.

https://threatpost.com/qr-codes-sneaky-security-threat/159757/

Serious Security: Phishing without links - when phishers bring along their own web pages

How do you "check the URL before you click" if the web page youre visiting is already on your own computer?

https://nakedsecurity.sophos.com/2020/10/02/serious-security-phishing-without-links-when-phishers-bring-along-their-own-web-pages/

GFX Xsender Hack Tool: A Spam Mailer

PHP hack tools are created and used by attackers to help automate frequent or tedious tasks. During a recent investigation, we came across a hack tool used to simplify the process of sending predefined HTML emails to a list of email addresses. The tool runs on top of PHPMailer-s library, which handles the connection and sending of the malicious emails. The hack tool also grants the ability to authenticate to an email address on a remote server.

https://blog.sucuri.net/2020/10/gfx-xsender-hack-tool-a-spam-mailer.html

[SANS ISC] Analysis of a Phishing Kit

I published the following diary on isc.sans.edu: -Analysis of a Phishing Kit-: Sometimes, attackers make mistakes and allow security researchers to access interesting resources. This time, it-s another phishing kit that was left in the wild on the compromised server.

https://blog.rootshell.be/2020/10/02/sans-isc-analysis-of-a-phishing-kit/

Vulnerabilities

macOS 10.14.6 Supplemental Update

macOS 10.14.6 Supplemental Update for macOS Mojave includes the security content of Safari 14.0.

https://support.apple.com/kb/HT211872

Security updates for Friday

Security updates have been issued by Debian (jruby and ruby2.3), Fedora (crun, pdns, and podman), openSUSE (go1.14 and kernel), Oracle (qemu-kvm and virt:ol), Red Hat (qemu-kvm-ma and thunderbird), SUSE (nodejs10, nodejs12, perl-DBI, permissions, and xen), and Ubuntu (ntp).

https://lwn.net/Articles/833343/

Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9.

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ruby-on-rails-affect-ibm-license-metric-tool-v9/

Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2020-8166).

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ruby-on-rails-affects-ibm-license-metric-tool-v9-cve-2020-8166/

Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2020-8164).

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ruby-on-rails-affects-ibm-license-metric-tool-v9-cve-2020-8164/

Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js (CVE-2020-8203)

https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-node-js-cve-2020-8203/

Security Bulletin: App Connect Enterprise Certified Container is vulnerable to CVE-2019-11324

https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-is-vulnerable-to-cve-2019-11324/

Security Bulletin: Multiple IBM DB2 Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-security-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform/

Security Bulletin: IBM Maximo Asset Management is vulnerable to Authentication Bypass (CVE-2020-4493)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-authentication-bypass-cve-2020-4493/

Security Bulletin: Vulnerability in Apache Commons Codec affects IBM Cúram Social Program Management (177835)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-commons-codec-affects-ibm-cram-social-program-management-177835/

Security Bulletin: Multiple IBM DB2 Server Security Vulnerabilities Affect IBM Emptoris Contract Management

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-security-vulnerabilities-affect-ibm-emptoris-contract-management/

Security Bulletin: Vulnerability in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2020-4590)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-websphere-application-server-liberty-affect-ibm-operations-analytics-log-analysis-cve-2020-4590/