End-of-Day report
Timeframe: Dienstag 20-10-2020 18:00 - Mittwoch 21-10-2020 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
News
TrickBot malware under siege from all sides, and its working
The Trickbot malware operation is on the brink of going down completely following efforts from an alliance of cybersecurity and hosting providers targeting the botnets command and control servers.
https://www.bleepingcomputer.com/news/security/trickbot-malware-under-siege-from-all-sides-and-its-working/
LockBit ransomware moves quietly on the network, strikes fast
LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim network.
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-moves-quietly-on-the-network-strikes-fast/
Shipping dangerous goods, (Wed, Oct 21st)
For the past several months, I've been tracking a campaign that sends rather odd-looking emails like this.
https://isc.sans.edu/diary/rss/26702
Securing Your Online Store for the Holidays
Shopping season is here, and so is the opportunity for ecommerce site owners to grow their business and generate revenue. In lieu of the changing global ecommerce climate that this pandemic has produced, comes the importance of securing your website to protect your users - and your revenue streams.
https://blog.sucuri.net/2020/10/securing-your-online-store-for-the-holidays.html
Studie: Mehr als die Häfte aller Windows-Server ist Security-Schrott
Rund 58 Prozent aller Windows Server im Internet werden nicht mehr regelmäßig mit Sicherheits-Updates versorgt und sind damit tickende Zeitbomben.
https://heise.de/-4933295
How safe is your USB drive?
What are some of the key security risks to be aware of when using USB flash drives and how can you mitigate the threats?
https://www.welivesecurity.com/2020/10/20/how-safe-is-your-usb-drive/
Video: So entlarven Sie betrügerische Werbung im Internet
Ob auf Google, in Sozialen Medien oder in Apps - überall lauert Werbung, die uns dazu bringen will, ein bestimmtes Produkt zu kaufen oder eine Dienstleistung in Anspruch zu nehmen. Doch nicht jede Werbung ist seriös.
https://www.watchlist-internet.at/news/video-so-entlarven-sie-betruegerische-werbung-im-internet/
IP Spoofing inbound verhindern
Die Brigham Young University schickt gerade Empfehlungsschreiben an Internet Provider aus, in denen darauf hingewiesen wird, dass es beidiesen möglich ist, eingehende IP Pakete mit Source-Adressen aus dem Netz des Internet Providers zu empfangen.
https://cert.at/de/blog/2020/10/ip-spoofing-inbound-verhindern
Vulnerabilities
Big Blue Button: Das große blaue Sicherheitsrisiko
Kritische Sicherheitslücken, die Golem.de dem Entwickler der Videochat-Software Big Blue Button meldete, sind erst nach Monaten geschlossen worden.
https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610-rss.html
Chrome zero-day in the wild - patch now!
https://nakedsecurity.sophos.com/2020/10/21/chrome-zero-day-in-the-wild-patch-now/
Oracle Critical Patch Update Advisory - October 2020
https://www.oracle.com/security-alerts/cpuoct2020.html
Security Bulletin: A security vulnerability in angular.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service.
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-angular-js-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management-and-managed-service/
Security Bulletin: A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management Managed Service.
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-go-affects-ibm-cloud-pak-for-multicloud-management-managed-service-2/
Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged local user may cause a denial of service ( CVE-2020-4411)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-where-an-unprivileged-local-user-may-cause-a-denial-of-service-cve-2020-4411-2/
Security Bulletin: A security vulnerability in Node.js acorn and bootstrap-select affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service.
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-acorn-and-bootstrap-select-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management-and-managed-service/
Security Bulletin: A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management Managed Service.
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-go-affects-ibm-cloud-pak-for-multicloud-management-managed-service/
Security Bulletin: BIND for IBM i is affected by CVE-2020-8622 and CVE-2020-8624
https://www.ibm.com/blogs/psirt/security-bulletin-bind-for-ibm-i-is-affected-by-cve-2020-8622-and-cve-2020-8624/
Security Bulletin: A vulnerability in IBM Spectrum Scale packaged in IBM Elastic Storage System could cause a denial of service (CVE-2020-4756)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-spectrum-scale-packaged-in-ibm-elastic-storage-system-could-cause-a-denial-of-service-cve-2020-4756-2/
Security Bulletin: IBM MQ could allow leak sensitive information due to an error within the pre-v7 pubsub logic (CVE-2020-4319)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-leak-sensitive-information-due-to-an-error-within-the-pre-v7-pubsub-logic-cve-2020-4319/
Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients.
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-platform-software-clients-2/