End-of-Day report
Timeframe: Montag 19-10-2020 18:00 - Dienstag 20-10-2020 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
News
Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack
Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours.
https://threatpost.com/ryuk-ransomware-gang-zerologon-lightning-attack/160286/
Mirai-alike Python Scanner, (Tue, Oct 20th)
Last week, I found an interesting Python script that behaves like a Mirai bot. It scans for vulnerable devices exposing their telnet (TCP/23) interface in the wild, then tries to connect using a dictionary of credentials.
https://isc.sans.edu/diary/rss/26698
Advanced Ransomware Attacks
SI-CERT, the national CSIRT of Slovenia has been handling reports of ransomware attacks on a regular basis since April 2012. Until 2019, attack victims were selected randomly as part of a mass-volume campaign aiming to spread the virus. However, since 2019 the attacks have been more targeted.
https://connect.geant.org/2020/10/19/advanced-ransomware-attacks
Beim Kauf auf Kleinanzeigen-Plattformen: Zahlung nicht via PayPal-Funktion -Geld an Freunde oder Familie senden- durchführen
Auf den beliebten Kleinanzeigen-Plattformen wie willhaben, shpock oder ebay Kleinanzeigen treiben auch Kriminelle ihr Unwesen. Neben Vorkasse- und Treuhand-Betrug ist auch der PayPal-Trick eine beliebte Masche, um KäuferInnen abzuzocken.
https://www.watchlist-internet.at/news/beim-kauf-auf-kleinanzeigen-plattformen-zahlung-nicht-via-paypal-funktion-geld-an-freunde-oder-fam/
Vulnerabilities
Security Bulletins Posted
Adobe has published security bulletins for Adobe Illustrator (APSB20-53), Adobe Dreamweaver (APSB20-55), Marketo(APSB20-60), Adobe Animate (APSB20-61), Adobe After Effects (APSB20-62), Adobe Photoshop (APSB20-63), Adobe Premiere Pro (APSB20-64), Adobe Media Encoder (APSB20-65), Adobe InDesign (APSB20-66) and Adobe Creative Cloud Desktop Application (APSB20-68).
https://blogs.adobe.com/psirt/?p=1930
QNAP: Sicherheitsupdates für QTS wehren "Zerologon"-Angriffe auf NAS ab
Je nach Konfiguration können Netzwerkspeicher von QNAP über die Sicherheitslücke "Zerologon" aus der Ferne angreifbar sein. Updates für QTS stehen bereit.
https://heise.de/-4932748
Seven mobile browsers vulnerable to address bar spoofing attacks
Vulnerabilities allow attackers to trick users into accessing malicious sites while showing the incorrect URL in the address bar.
https://www.zdnet.com/article/seven-mobile-browsers-vulnerable-to-address-bar-spoofing-attacks/
Security Bulletin: Cross-Site Scripting Security Vulnerability Affects IBM Sterling B2B Integrator Standard Edition ( CVE-2020-4564)
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-security-vulnerability-affects-ibm-sterling-b2b-integrator-standard-edition-cve-2020-4564/
Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged local user may cause a denial of service ( CVE-2020-4411)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-where-an-unprivileged-local-user-may-cause-a-denial-of-service-cve-2020-4411/
Security Bulletin: IBM Elastic Storage System 3000 is affected by weak cryptographic algorithm (CVE-2020-4350)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-system-3000-is-affected-by-weak-cryptographic-algorithm-cve-2020-4350/
Security Bulletin: SQL Injection Vulnerability Affects the Graphic Process Modeler in IBM Sterling B2B Integrator (CVE-2019-4680)
https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerability-affects-the-graphic-process-modeler-in-ibm-sterling-b2b-integrator-cve-2019-4680/
Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System
https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-the-linux-kernel-used-in-ibm-elastic-storage-system/
Security Bulletin: A vulnerability in IBM Spectrum Scale packaged in IBM Elastic Storage System could cause a denial of service (CVE-2020-4756)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-spectrum-scale-packaged-in-ibm-elastic-storage-system-could-cause-a-denial-of-service-cve-2020-4756/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageGateway
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-messagegateway-2/
Security Bulletin: Cross-Site Scripting Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4564)
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-ibm-sterling-file-gateway-cve-2020-4564/
Security Bulletin: Multiple vulnerabilities affect the IBM Spectrum Scale GUI.
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-the-ibm-spectrum-scale-gui/
Security Bulletin: Multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-linux-kernel-used-in-ibm-elastic-storage-system/
XSA-347
https://xenbits.xen.org/xsa/advisory-347.html
XSA-346
https://xenbits.xen.org/xsa/advisory-346.html
XSA-345
https://xenbits.xen.org/xsa/advisory-345.html
XSA-332
https://xenbits.xen.org/xsa/advisory-332.html
XSA-331
https://xenbits.xen.org/xsa/advisory-331.html
XSA-286
https://xenbits.xen.org/xsa/advisory-286.html
Security Vulnerabilities fixed in Firefox 82
https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/
Synology-SA-20:24 Media Server
https://www.synology.com/en-global/support/security/Synology_SA_20_24
Synology-SA-20:23 Download Station
https://www.synology.com/en-global/support/security/Synology_SA_20_23
VMware ESXi: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-1003
Nagios Enterprises Nagios XI: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-1005