End-of-Day report
Timeframe: Dienstag 27-10-2020 18:00 - Mittwoch 28-10-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
So schützen Sie sich im Webbrowser vor Phishing-Attacken
Derzeit werden der Watchlist Internet sehr viele Phishing-Versuche gemeldet. Die BetrügerInnen werden dabei immer raffinierter. Damit Sie sich besser vor den betrügerischen Phishing-Seiten schützen können, zeigen wir Ihnen Schritt für Schritt wie Sie Phishing-Warnungen in Google Chrome und Firefox einschalten können.
https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-im-webbrowser-vor-phishing-attacken/
LokiBot Malware: What it is and how to respond to it
The Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security recently announced that activity in LokiBot, a form of aggressive malware, has increased dramatically over the last two months. The activity increase was discovered by an automated intrusion detection system referred to as EINSTEIN, which the Department of Homeland Security uses for collecting and analyzing security information across numerous [...]
https://cybersecurity.att.com/blogs/security-essentials/lokibot-malware-what-it-is-and-how-to-respond-to-it
Microsoft Defender ATP scars admins with false Cobalt Strike alerts
Administrators woke up to a scary surprise today after false positives in Microsoft Defender ATP showed network devices infected with Cobalt Strike.
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-atp-scars-admins-with-false-cobalt-strike-alerts/
Facebook "copyright violation" tries to get past 2FA - don-t fall for it!
Watch out for "Facebook copyright violation" emails - even if they link straight back to Facebook.com
https://nakedsecurity.sophos.com/2020/10/27/facebook-copyright-violation-tries-to-get-past-2fa-dont-fall-for-it/
SMBGhost - the critical vulnerability many seem to have forgotten to patch, (Wed, Oct 28th)
You probably remember that back in March, Microsoft released a patch for a vulnerability in SMBv3 dubbed SMBGhost (CVE-2020-0796), since at that time, it received as much media attention as was reasonable for a critical (CVSS 10.0) vulnerability in Windows, which might lead to remote code execution[1].
https://isc.sans.edu/diary/rss/26732
Hörmann - Tag der offenen Tür für alle...
Die Erkennung potenzieller Schwachstellen durch SEC Consult erwies sich als hilfreich, um das gesamte BiSecur-System zu verbessern.
https://www.sec-consult.com/./blog/2020/10/hoermann-tag-der-offenen-tuer-fuer-alle/
TrickBot Linux Variants Active in the Wild Despite Recent Takedown
Efforts to disrupt TrickBot may have shut down most of its critical infrastructure, but the operators behind the notorious malware arent sitting idle. According to new findings shared by cybersecurity firm Netscout, TrickBots authors have moved portions of their code to Linux in an attempt to widen the scope of victims that could be targeted.
https://thehackernews.com/2020/10/trickbot-linux-variants-active-in-wild.html
Welcome to ThreatPursuit VM: A Threat Intelligence and Hunting Virtual Machine
Skilled adversaries can deceive detection and often employ new measures in their tradecraft. Keeping a stringent focus on the lifecycle and evolution of adversaries allows analysts to devise new detection mechanisms and response processes. Access to the appropriate tooling and resources is critical to discover these threats within a timely and accurate manner. Therefore, we are actively compiling the most essential software packages into a Windows-based distribution: ThreatPursuit VM.
http://www.fireeye.com/blog/threat-research/2020/10/threatpursuit-vm-threat-intelligence-and-hunting-virtual-machine.html
Vulnerabilities
Security updates for Wednesday
Security updates have been issued by Debian (blueman), Fedora (nodejs), Gentoo (firefox), openSUSE (kleopatra), Oracle (java-1.8.0-openjdk), SUSE (apache2, binutils, firefox, pacemaker, sane-backends, spice, spice-gtk, tomcat, virt-bootstrap, xen, and zeromq), and Ubuntu (ca-certificates, mariadb-10.1, mariadb-10.3, netty, openjdk-8, openjdk-lts, perl, and tomcat6).
https://lwn.net/Articles/835497/
Sicherheitsupdate: Angreifer könnten eigene Befehle auf Qnap NAS ausführen
Netzwerkspeicher von Qnap sind über zwei Lücken attackierbar. Ein Patch schafft Abhilfe.
https://heise.de/-4941315
MediaWiki: Schwachstelle ermöglicht Cross-Site Scripting
https://www.cert-bund.de/advisoryshort/CB-K20-1048
Red Hat OpenShift: Mehrere Schwachstellen
https://www.cert-bund.de/advisoryshort/CB-K20-1049
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Jul 2020
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-jul-2020-2/
Security Bulletin: Vulnerability in IBM Java SDK affect IBM Tivoli System Automation Application Manager Jul 2020 (CVE-2020-2590)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-application-manager-jul-2020-cve-2020-2590/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA (July 2020)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-itcam-for-soa-july-2020/
Security Bulletin: A security vulnerability in Node.js serialize-javascript affects IBM Cloud Pak for Multicloud Management Managed Service.
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-serialize-javascript-affects-ibm-cloud-pak-for-multicloud-management-managed-service/
Security Bulletin: Security vulnerability in Java SE affects Rational Build Forge (CVE-2020-2601)
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-java-se-affects-rational-build-forge-cve-2020-2601/
Security Bulletin: Vulnerability in Network Time Protocol (NTP) affects IBM Virtualization Engine TS7700 (CVE-2020-11868)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-network-time-protocol-ntp-affects-ibm-virtualization-engine-ts7700-cve-2020-11868/
Security Bulletin: Security vulnerabilities in Java SE affects Rational Build Forge
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-java-se-affects-rational-build-forge/
Security Bulletin: A security vulnerability in Node.js jison affects IBM Cloud Pak for Multicloud Management Managed Service.
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-jison-affects-ibm-cloud-pak-for-multicloud-management-managed-service/
Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities.
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-cast-iron-solution-app-connect-professional-is-affected-by-apache-tomcat-vulnerabilities-5/
Security Bulletin: A Remote Vulnerability Affects IBM Sterling Connect:Direct for Microsoft Windows (CVE-2020-4767)
https://www.ibm.com/blogs/psirt/security-bulletin-a-remote-vulnerability-affects-ibm-sterling-connectdirect-for-microsoft-windows-cve-2020-4767/