Tageszusammenfassung - 22.10.2020

End-of-Day report

Timeframe: Mittwoch 21-10-2020 18:00 - Donnerstag 22-10-2020 18:00 Handler: Dimitri Robl Co-Handler: n/a

News

Das sind die Gewinner von Österreichs größtem Hacker-Wettbewerb

Das Finale der Austria Cyber Security Challenge 2020 wurde virtuell ausgetragen. Die Sieger stehen fest.

https://futurezone.at/digital-life/das-sind-die-gewinner-von-oesterreichs-groesstem-hacker-wettbewerb/401074005

---

BazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon, (Thu, Oct 22nd)

Phishing messages distributing BazarLoader have come to be commonplace in the past six months, but in the last couple of weeks Ive been seeing more and more e-mails spreading this malware caught in my quarantine. Although contents of these messages differ, their appearance is usually similar [...]

https://isc.sans.edu/diary/rss/26710

---

XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability

This tech support scam is being spread via Facebook links and uses several redirection mechanisms to avoid detection.

https://blog.malwarebytes.com/cybercrime/2020/10/xss-to-tss-tech-support-scam-campaign/

---

Abusing RDP-s Remote Credential Guard with Rubeus PTT

TL;DR Microsoft-s Remote Credential Guard (RCG) for RDP protects creds if an RDP server is compromised. It leaves little scope for password or NTLM credential dumping when a user connects [...]

https://www.pentestpartners.com/security-blog/abusing-rdps-remote-credential-guard-with-rubeus-ptt/

Vulnerabilities

VU#208577: Chocolatey Boxstarter vulnerable to privilege escalation due to weak ACLs

Chocolatey Boxstarter fails to properly set ACLs, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges.

https://kb.cert.org/vuls/id/208577

---

Gefährliche Lücken in Cisco-Software für Netzwerkschutz und -Management

Der Netzwerkausrüster Cisco hat wichtige Sicherheitsupdates für verschiedene Netzwerk-Software veröffentlicht. Keine Lücke gilt als kritisch.

https://heise.de/-4936512

---

Vulnerability Spotlight: A deep dive into WAGO-s cloud connectivity and the vulnerabilities that arise

WAGO makes several programmable automation controllers that are used in many industries including automotive, rail, power engineering, manufacturing and building management. Cisco Talos discovered 41 vulnerabilities in their PFC200 and PFC100 controllers.

https://blog.talosintelligence.com/2020/10/vulnerability-spotlight-deep-dive-into.html

---

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-infosphere-information-server-2/

---

Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management

https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-12/

---

Security Bulletin: A security vulnerability in Node.js node-fetch module affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service.

https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-node-fetch-module-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management-and-managed-service/

---

Security Bulletin: A security vulnerability in Node.js lodash module affects IBM Cloud Pak for Multicloud Management Infrastructure Management.

https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-lodash-module-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management/