Tageszusammenfassung - 06.10.2020

End-of-Day report

Timeframe: Montag 05-10-2020 18:00 - Dienstag 06-10-2020 18:00 Handler: Dimitri Robl Co-Handler: n/a

News

Hacker group compromises mobile provider to steal credit cards

Credit card skimming group Fullz House has compromised and injected the website of US mobile virtual network operator (MVNO) Boom! Mobile with a credit card stealer script.

https://www.bleepingcomputer.com/news/security/hacker-group-compromises-mobile-provider-to-steal-credit-cards/

---

Ransomware threat surge, Ryuk attacks about 20 orgs per week

Malware researchers monitoring ransomware threats noticed a sharp increase in these attacks over the past months compared to the first six months of 2020.

https://www.bleepingcomputer.com/news/security/ransomware-threat-surge-ryuk-attacks-about-20-orgs-per-week/

---

Obfuscation and Repetition, (Mon, Oct 5th)

The obfuscated payload of a maldoc submitted by a reader can be quickly extracted with the "strings method" I explained in diary entry "Quickie: String Analysis is Still Useful".

https://isc.sans.edu/diary/rss/26648

---

Release the Kraken: Fileless APT attack abuses Windows Error Reporting service

We discovered a new attack that injected its payload-dubbed "Kraken" into the Windows Error Reporting (WER) service as a defense evasion mechanism.

https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service/

---

Betrug auf Amazon erkennen: So geht-s

Auch auf Amazon können Sie auf betrügerische Angebote stoßen. Das Positive jedoch vorweg: Ein betrügerisches Angebot kann schnell entlarvt werden, indem Sie sich das Profil der Marketplace-HändlerInnen genauer ansehen. Werden Sie dort aufgefordert, sich vor einer Bestellung per E-Mail an den Verkäufer/ die Verkäuferin zu wenden, handelt es sich um Betrug!

https://www.watchlist-internet.at/news/betrug-auf-amazon-erkennen-so-gehts/

---

5 steps to secure your connected devices

As we steadily adopt smart devices into our lives, we shouldn-t forget about keeping them secured and our data protected.

https://www.welivesecurity.com/2020/10/05/5-steps-secure-connected-devices/

Vulnerabilities

Smart male chastity lock cock-up

TL;DR Smart Bluetooth male chastity lock, designed for user to give remote control to a trusted 3rd party using mobile app [...]

https://www.pentestpartners.com/security-blog/smart-male-chastity-lock-cock-up/

---

Security Bulletin: IBM Maximo Asset Management is vulnerable to Multiple Jackson-Databind CVEs - February 2020

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-multiple-jackson-databind-cves-february-2020/

---

Security Bulletin: IBM DataPower Gateway is potentially vulnerable to a Denial of Service (CVE-2020-14147)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-is-potentially-vulnerable-to-a-denial-of-service-cve-2020-14147/

---

Security Bulletin: IBM DataPower Gateway can expose remote credentials to local users (CVE-2020-4528)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-can-expose-remote-credentials-to-local-users-cve-2020-4528/

---

Security Bulletin: Multiple Security Vulnerabilities fixed in IBM WebSphere Liberty as shipped in IBM Security Access Manager

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-fixed-in-ibm-websphere-liberty-as-shipped-in-ibm-security-access-manager/

---

Security Bulletin: Cross-Site Scripting (XSS) fixed in IBM Security Access Manager 9.0.7.2 (CVE-2019-4725)

https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-xss-fixed-in-ibm-security-access-manager-9-0-7-2-cve-2019-4725/

---

Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerability

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-oracle-mysql-vulnerability-2/

---

Security Bulletin: IBM DataPower Gateway may allow a potential DoS when importing malicious ZIP files (CVE-2019-13232)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-may-allow-a-potential-dos-when-importing-malicious-zip-files-cve-2019-13232/

---

Security Bulletin: IBM Security Guardium is affected by Python vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-python-vulnerabilities/

---

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester/

---

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-service-tester/

---

October 2020

https://source.android.com/security/bulletin/2020-10-01