End-of-Day report
Timeframe: Freitag 09-10-2020 18:00 - Montag 12-10-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Sophisticated Android Ransomware Executes with the Home Button
The malware also has a unique machine-learning module.
https://threatpost.com/android-ransomware-home-button/160001/
Open Packaging Conventions, (Sat, Oct 10th)
Office files like .docx, .xlsm, ... are Office Open XML (OOXML) files: a ZIP container containing XML files and possibly other file types.
https://isc.sans.edu/diary/rss/26662
Operation TrickBot - ein globaler Schlag gegen das Botnetz
ESET Forscher unterstützten den erfolgreichen Schlag gegen eines der größten Botnetze und Schadcode-Verbreiter.
https://www.welivesecurity.com/deutsch/2020/10/12/operation-trickbot-eset-ist-teil-der-globalen-operation-gegen-das-botnetz/
Deepfake Voice Technology Iterates on Old Phishing Strategies
As the world of AI and deepfake technology grows more complex, the risk that deepfakes pose to firms and individuals grows increasingly potent. This growing sophistication of the latest software and algorithms has allowed malicious hackers, scammers and cyber criminals who work tirelessly behind the scenes to stay one step ahead of the authorities, making [...]
https://www.tripwire.com/state-of-security/featured/deepfake-voice-technology-phishing-strategies/
Vorsicht vor dem Fake-Shop sport-monkey.de!
Über das Wochenende erreichten die Watchlist Internet unzählige Meldungen zu dem Online-Shop sport-monkey.de. Dieser bietet ein breites Sortiment an Sportausrüstung zu schier unglaublichen Preisen an. Die Preise sind aus einem einzigen Grund so niedrig: Es handelt sich um einen Fake-Shop, der trotz Zahlung per Vorkasse keine Waren liefert.
https://www.watchlist-internet.at/news/vorsicht-vor-dem-fake-shop-sport-monkeyde/
Event Report - A convenient mechanism to edit, visualize and share reports
MISP is widely known as a powerful tool to gather, correlate and share information. As a response to the growing information-sharing maturity of the community, more features have been introduced over the past few years to meet analyst skills and requirements.
https://www.misp-project.org/2020/10/08/Event-Reports.html
Hacker nutzen Bugs in VPN und Windows Netlogon
Angreifer verschaffen sich Zugang zu Behördennetzwerken, indem sie gezielt Schwachstellen in VPN-Systemen und Windows Netlogon ausnutzen.
https://www.zdnet.de/88383319/hacker-nutzen-bugs-in-vpn-und-windows-netlogon/
Vulnerabilities
Citrix Hypervisor Security Update
A previous version of this bulletin had links to hotfixes that addressed the security issues but caused stability issues for some deployments that were using the Hypervisor Introspection (HVI) functionality of Citrix Hypervisor. Customers who are not using HVI functionality and who have already applied the earlier updates need take no further action.
https://support.citrix.com/article/CTX282314
Atlassian Jira Software: Schwachstelle ermöglicht Cross-Site Scripting
https://www.cert-bund.de/advisoryshort/CB-K20-0970
phpMyAdmin: Mehrere Schwachstellen
https://www.cert-bund.de/advisoryshort/CB-K20-0969
Reflected Cross-Site Scripting and Unauthenticated Malicious File Upload in Sage DPW
https://sec-consult.com/./en/blog/advisories/reflected-cross-site-scripting-and-unauthenticated-malicious-file-upload-in-sage-dpw-cve-2020-26584/
Security Bulletin: IBM InfoSphere Information Server is vulnerable to HTML injection.
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-vulnerable-to-html-injection/
Security Bulletin: IBM QRadar SIEM is vulnerable to deserialization of untrusted data
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-deserialization-of-untrusted-data-2/
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-cve-2020-4386-3/
Security Bulletin: IBM InfoSphere Metadata Asset Manager is vulnerable to stored cross-site scripting.
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-metadata-asset-manager-is-vulnerable-to-stored-cross-site-scripting/
Security Bulletin: IBM Security Guardium is affected by an SQLite vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-sqlite-vulnerability-6/
Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-buffer-overflow-leading-to-a-privileged-escalation-cve-2020-4363-4/
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure and denial of service (CVE-2020-4414)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-and-denial-of-service-cve-2020-4414-3/
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4387)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-cve-2020-4387-3/
Security Bulletin: IBM® Db2® is vulnerable to a denial of service attack (CVE-2020-4420)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-denial-of-service-attack-cve-2020-4420-2/
Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9.
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-db2-shipped-with-ibm-license-metric-tool-v9-2/