Tageszusammenfassung - 07.10.2020

End-of-Day report

Timeframe: Dienstag 06-10-2020 18:00 - Mittwoch 07-10-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer

News

Backdoor Shell Dropper Deploys CMS-Specific Malware

A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and execute whatever commands they want.

https://blog.sucuri.net/2020/10/backdoor-shell-dropper-deploys-cms-specific-malware.html


Alert (AA20-280A): Emotet Malware

Emotet-a sophisticated Trojan commonly functioning as a downloader or dropper of other malware-resurged in July 2020, after a dormant period that began in February.

https://us-cert.cisa.gov/ncas/alerts/aa20-280a


New HEH botnet can wipe routers and IoT devices

The disk-wiping feature is present in the code but has not been used yet.

https://www.zdnet.com/article/new-heh-botnet-can-wipe-routers-and-iot-devices/


Betrügerische Post-Mail verbreitet Schadsoftware

Derzeit werden betrügerische E-Mails im Namen der Post willkürlich an zahlreiche EmpfängerInnen versendet. Die Kriminellen drohen den Opfern mit einer Geldstrafe, da bestimmte Kosten noch nicht bezahlt wurden.

https://www.watchlist-internet.at/news/betruegerische-post-mail-verbreitet-schadsoftware/


Vulnerabilities

Enter the Vault: Authentication Issues in HashiCorp Vault

Posted by Felix Wilhelm, Project Zero: In this blog post I'll discuss two vulnerabilities in HashiCorp Vault and its integration with Amazon Web Services (AWS) and Google Cloud Platform (GCP).

https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html


90 days, 16 bugs, and an Azure Sphere Challenge

Cisco Talos reports 16 vulnerabilities in Microsoft Azure Spheres sponsored research challenge.

https://blog.talosintelligence.com/2020/10/Azure-Sphere-Challenge.html


Security Bulletin: Security vulnerabilities in OpenSSH and OpenSSL shipped with IBM Security Access Manager Appliance (CVE-2018-15473, CVE-2019-1559)

https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-openssh-and-openssl-shipped-with-ibm-security-access-manager-appliance-cve-2018-15473-cve-2019-1559/


Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js (CVE-2019-15606, CVE-2019-15604, CVE-2019-15605)

https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-node-js-cve-2019-15606-cve-2019-15604-cve-2019-15605/


Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-kernel-vulnerabilities-4/


Security Bulletin: IBM Security Guardium is affected by an Apache commons beanutils 1.9.2 library vulnerability

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-apache-commons-beanutils-1-9-2-library-vulnerability/


Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in MySQL.

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-developer-portal-is-impacted-by-vulnerabilities-in-mysql-2/


Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to a denial of service (CVE-2020-4590)

https://www.ibm.com/blogs/psirt/security-bulletin-liberty-for-java-for-ibm-cloud-is-vulnerable-to-a-denial-of-service-cve-2020-4590/


Security Bulletin: IBM Security Guardium is affected by an OpenSSL vulnerability

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-openssl-vulnerability-5/


Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-8/


Security Bulletin: IBM Security Guardium is affected by an Apache Commons vulnerability

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-apache-commons-vulnerability-2/


Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-oracle-mysql-vulnerabilities-3/