Tageszusammenfassung - 03.11.2020

End-of-Day report

Timeframe: Montag 02-11-2020 18:00 - Dienstag 03-11-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter

News

Emotet -> Qakbot -> more Emotet, (Tue, Nov 3rd)

On Friday 2020-10-30, I generated an Emotet infection in my lab and saw Qakbot as the follow-up malware. I let the activity run for a while, then another Emotet infection appeared on the same host after Qakbot started.

https://isc.sans.edu/diary/rss/26750


Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945

Through Mandiant investigation of intrusions between February 2018 and September 2020, the FLARE Advanced Practices team observed a group we track as UNC1945 compromise telecommunications companies and operate against a tailored set of targets within the financial and professional consulting industries by leveraging access to third-party networks (see this blog post for an in-depth description of -UNC- groups). UNC1945 targeted Oracle Solaris operating systems, utilized several [...]

https://www.fireeye.com/blog/threat-research/2020/11/live-off-the-land-an-overview-of-unc1945.html


JavaScript-Paketmanager: Twilio-Brandjacking-Paket öffnet Hintertür

Vergangenes Wochenende haben Angreifer ein Paket namens twilio-npm veröffentlicht, das eine Reverse Shell auf dem Entwicklersystem startet.

https://heise.de/-4945861


Schubladen für Schwachstellen: Das CVE-System im Überblick

MITREs Common Vulnerabilities and Exposures System (CVE) ist der gängige Standard zur Verwaltung von Schwachstellen. Wir erklären, was es damit auf sich hat.

https://heise.de/-4940478


Hundewelpen im Internet kaufen? - Lieber nicht!

Bei der Recherche nach Züchtern im Internet, stoßen Sie möglicherweise auf Websites, die wunderschöne Rasse-Hundewelpen verkaufen - meist zu einem sehr günstigen Preis. TierliebhaberInnen werden vor allem mit liebevollen Fotos und Beschreibung verlockt, sich mit dem vermeintlichen Züchter in Verbindung zu setzen. Doch Vorsicht: Der Handel von Hunden und Katzen über das Internet ist in Österreich verboten.

https://www.watchlist-internet.at/news/hundewelpen-im-internet-kaufen-lieber-nicht/


These software bugs are years old. But businesses still arent patching them

Many organisations still havent applied security patches issued years ago, putting them at risk from common cyber attacks.

https://www.zdnet.com/article/these-software-bugs-are-years-old-but-businesses-still-arent-patching-them/

Vulnerabilities

Security Alert CVE-2020-14750 Released

Oracle has just released Security Alert CVE-2020-14750. This vulnerability affects a number of versions of Oracle WebLogic Server and has a CVSS Base Score of 9.8. WebLogic Server customers should refer to the Security Alert Advisory for information on affected versions and how to obtain the required patches. This vulnerability is related to CVE-2020-14882, which was addressed in the October 2020 Critical Patch Update. Vulnerability CVE-2020-14750 is remotely exploitable without authentication, [...]

https://blogs.oracle.com/security/security-alert-cve-2020-14750-released


Security Updates Available for Adobe Acrobat and Reader (APSB20-67)

Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB20-67). The updates referenced in the bulletin address critical, important and moderate vulnerabilities and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.

https://blogs.adobe.com/psirt/?p=1939


Security updates for Tuesday

Security updates have been issued by Debian (blueman and wordpress), Fedora (fastd, kernel, and samba), Gentoo (bluez, fossil, kpmcore, libssh, and opendmarc), openSUSE (claws-mail and icinga2), and Ubuntu (blueman).

https://lwn.net/Articles/835952/


Googles Project Zero deckt Sicherheitslücke bei GitHub auf

Das Sicherheitsteam hat das Risiko der gefundenen Schwachstelle für Entwickler als hoch eingestuft. Eine schnelle Lösung des Problems gibt es bisher nicht.

https://heise.de/-4946535


Android Security Bulletin - November 2020

[...] The most severe of these issues is a critical security vulnerability in the System component that could enable a proximal attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.

https://source.android.com/security/bulletin/2020-11-01


Google Patches Actively Exploited Chrome Vulnerabilities

Google has released updates to address multiple vulnerabilities in the Chrome browser, including two that are actively exploited in attacks. Chrome 86.0.4240.183 for Windows, macOS, and Linux was pushed to the stable channel with patches for a total of seven vulnerabilities, all of which feature a severity rating of high.

https://www.securityweek.com/google-patches-actively-exploited-chrome-vulnerabilities