End-of-Day report
Timeframe: Mittwoch 28-10-2020 18:00 - Donnerstag 29-10-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Upcoming Security Updates for Adobe Acrobat and Reader (APSB20-67)
A prenotification security advisory (APSB20-67) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, November 03, 2020. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well as the Adobe PSIRT Blog. This posting is provided -AS IS- with no warranties and [...]
https://blogs.adobe.com/psirt/?p=1936
CPU: ME-Hacker knacken Intel-Microcode-Updates
Sicherheitsforscher können die Microcode-Updates für Intel-CPUs entschlüsseln und untersuchen. Eine Übernahme ist damit noch nicht möglich.
https://www.golem.de/news/cpu-me-hacker-knacken-intel-microcode-updates-2010-151797-rss.html
5 Places Where You-d Never Expect to Get Hacked
For every gleaming new IoT device that hits the market, a hacker somewhere is figuring out how to compromise it. Today, even routine activities can land you in the sights of a bad actor.
https://blog.sucuri.net/2020/10/5-places-where-youd-never-expect-to-get-hacked.html
Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser
Throughout 2020, ransomware activity has become increasingly prolific, relying on an ecosystem of distinct but co-enabling operations to gain access to targets of interest before conducting extortion. Mandiant Threat Intelligence has tracked several loader and backdoor campaigns that lead to the post-compromise deployment of ransomware, sometimes within 24 hours of initial compromise. Effective and fast detection of these campaigns is key to mitigating this threat.
http://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html
Jetzt patchen! Angreifer scannen nach verwundbaren Oracle-WebLogic-Servern
Admins sollten ihre WebLogic-Server aus Sicherheitsgründen auf den aktuellen Stand bringen.
https://heise.de/-4942360
Erpressungstrojaner: Maze hört wohl auf, REvil macht 100 Millionen US-Dollar
Ransomware ist nach wie vor der Star der Malware-Szene. Die Drahtzieher bauen ihr "Geschäftsmodell" stetig aus und ernten damit Umsätze in Millionenhöhe.
https://heise.de/-4942549
ESET Threat Report für das 3. Quartal 2020
Die Bedrohungslage im zweiten Quartal 2020 aus Sicht der ESET-Telemetrie und der ESET-Sicherheitsforscher.
https://www.welivesecurity.com/deutsch/2020/10/28/eset-threat-report-fuer-das-3-quartal-2020/
Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee
Domain parking might appear harmless at first glance, but parked domains can redirect visitors to unwanted landing pages or turn entirely malicious.
https://unit42.paloaltonetworks.com/domain-parking/
Vulnerabilities
Code vulnerabilities put health records at risk
OpenEMR is the most popular open source software for electronic health record and medical practice management. It is used world-wide to manage sensitive patient data, including information about medications, laboratory values, and diseases. [...] During our security research of popular web applications, we discovered several code vulnerabilities in OpenEMR 5.0.2.1. A combination of these vulnerabilities allowed remote attackers to execute arbitrary system commands on any OpenEMR server that [...]
https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability
Samba: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Samba ausnutzen, um Informationen offenzulegen oder einen Denial of Service zu verursachen.
https://www.cert-bund.de/advisoryshort/CB-K20-1051
F5 BIG-IP: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in F5 BIG-IP ausnutzen, um einen Denial of Service Angriff durchzuführen, Informationen offenzulegen oder einen Cross Site Scripting Angriff durchzuführen.
https://www.cert-bund.de/advisoryshort/CB-K20-1052
Security updates for Thursday
Security updates have been issued by Debian (linux-4.19), Fedora (tcpreplay, xen, and yubihsm-shell), SUSE (pacemaker), and Ubuntu (gosa and pam-python).
https://lwn.net/Articles/835552/
Security Bulletin: IBM Security Directory Suite is affected by security vulnerability(CVE-2018-4441)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-directory-suite-is-affected-by-security-vulnerabilitycve-2018-4441/
Security Bulletin: Multiple security vulnerabilities have been identified in IBM® Java SDK that affect IBM Security Directory Suite - October 2019 CPU
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-java-sdk-that-affect-ibm-security-directory-suite-october-2019-cpu/
Security Bulletin: IBM i2 Analyst's Notebook Memory Corruption Vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analysts-notebook-memory-corruption-vulnerabilities/
Security Bulletin: IBM Resilient OnPrem could allow an attacker on a restricted internal network to provide the server with a spoofed source IP address. (CVE-2020-4864)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-onprem-could-allow-an-attacker-on-a-restricted-internal-network-to-provide-the-server-with-a-spoofed-source-ip-address-cve-2020-4864/
Security Bulletin: Embedded WebSphere Application Server is vulnerable to an information disclosure vulnerability affects Content Collector for Email
https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-application-server-is-vulnerable-to-an-information-disclosure-vulnerability-affects-content-collector-for-email-2/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-13/
Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Golang (CVE-2020-16845)
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-golang-cve-2020-16845/
Security Bulletin: Embedded WebSphere Application Server is vulnerable to an information disclosure vulnerability affects Content Collector for Email
https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-application-server-is-vulnerable-to-an-information-disclosure-vulnerability-affects-content-collector-for-email/
Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
https://www.ibm.com/blogs/psirt/security-bulletin-apache-struts-publicly-disclosed-vulnerability-affects-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-col-2/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-12/