End-of-Day report
Timeframe: Freitag 13-11-2020 18:00 - Montag 16-11-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Stories from the SOC - Multi-layered defense detects Windows Trojan
Malware infections are common and are often missed by antivirus software. Their impact to critical infrastructure and applications can be devastating to an organizations network, brand and customers if not remediated. With the everchanging nature of [...]
https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-multi-layered-defense-detects-windows-trojan
New TroubleGrabber Discord malware steals passwords, system info
TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators.
https://www.bleepingcomputer.com/news/security/new-troublegrabber-discord-malware-steals-passwords-system-info/
Windows Kerberos authentication breaks due to security updates
Microsoft is investigating a new known issue causing enterprise domain controllers to experience Kerberos authentication problems after installing security updates released during this months Patch Tuesday, on November 10.
https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentication-breaks-due-to-security-updates/
Schneider Electric Warns Customers of Drovorub Linux Malware
One of the security bulletins released this week by Schneider Electric warns customers about Drovorub, a piece of Linux malware that was recently detailed by the NSA and the FBI.
https://www.securityweek.com/schneider-electric-warns-customers-drovorub-linux-malware
Ok Google: please publish your DKIM secret keys
The Internet is a dangerous place in the best of times. Sometimes Internet engineers find ways to mitigate the worst of these threats, and sometimes they fail. Every now and then, however, a major Internet company finds a solution that actually makes the situation worse for just about everyone. Today I want to talk about [...]
https://blog.cryptographyengineering.com/2020/11/16/ok-google-please-publish-your-dkim-secret-keys/
The ransomware landscape is more crowded than you think
More than 25 Ransomware-as-a-Service (RaaS) portals are currently renting ransomware to other criminal groups.
https://www.zdnet.com/article/the-ransomware-landscape-is-more-crowded-than-you-think/
Ngioweb Botnet Targeting IoT Devices
A new version of the Ngioweb botnet malware was discovered and analyzed by Netlab 360 researchers. Their blog post details the changes observed in these newer samples.
https://exchange.xforce.ibmcloud.com/collection/e4becb0bc47fb9b7ad74c9fb579f027b
Vulnerabilities
Heartbleed, BlueKeep and other vulnerabilities that didnt disappear just because we dont talk about them anymore, (Mon, Nov 16th)
Since new critical vulnerabilities are discovered and published nearly every day, it is no wonder that we (i.e. security professionals and security-oriented media) tend to focus on these and dont return to the ones that came before too often. Unless there is a massive exploitation campaign, that is. This doesnt present any problems for organizations, which manage to patch vulnerabilities on time, but for many others [...]
https://isc.sans.edu/diary/rss/26798
Security updates for Monday
Security updates have been issued by Debian (libdatetime-timezone-perl and libvncserver), Fedora (chromium, kernel, kernel-headers, kernel-tools, krb5, libexif, libxml2, and thunderbird), Gentoo (chromium, libmaxminddb, and mit-krb5), Mageia (arpwatch, bluez, chromium-browser-stable, firefox and thunderbird, golang, java-1.8.0-op, kdeconnect-kde, kleopatra, libexif, lilypond, microcode, packagekit, ruby, and tpm2-tss), openSUSE (chromium, firefox, ImageMagick, kernel, openldap2, python-waitress, SDL, u-boot, ucode-intel, and zeromq), Oracle (fence-agents, firefox, freetype, kernel, python, python3, and thunderbird), Red Hat (rh-postgresql10-postgresql, rh-postgresql12-postgresql, and virt:8.2 and virt-devel:8.2), Slackware (seamonkey), and SUSE (firefox, gdm, kernel, and kernel-firmware).
https://lwn.net/Articles/837431/
SIGE (Joomla) 3.4.1 & 3.5.3 Pro - Multiple Vulnerabilities
https://cxsecurity.com/issue/WLB-2020110113
Opera Touch for iOS: Schwachstelle ermöglicht Darstellen falscher Informationen
https://www.cert-bund.de/advisoryshort/CB-K20-1123
Nagios Enterprises Nagios XI: Mehrere Schwachstellen
https://www.cert-bund.de/advisoryshort/CB-K20-1122
Security Bulletin: Information Disclosure Vulnerability Affects EBICS Client of IBM Sterling B2B Integrator (CVE-2020-4475)
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-affects-ebics-client-of-ibm-sterling-b2b-integrator-cve-2020-4475/
Security Bulletin: Information Disclosure Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4476)
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-affects-ibm-sterling-file-gateway-cve-2020-4476/
Security Bulletin: CKEditor XSS Vulnerability Affects IBM Sterling B2B Integrator (CVE-2018-17960)
https://www.ibm.com/blogs/psirt/security-bulletin-ckeditor-xss-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2018-17960/
Security Bulletin: XSS Vulnerability Affects IBM Sterling B2B Integrator (CVE-2020-4705)
https://www.ibm.com/blogs/psirt/security-bulletin-xss-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2020-4705/
Security Bulletin: SQL Injection Vulnerability Affects EBICS in IBM Sterling B2B Integrator (CVE-2020-4655)
https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerability-affects-ebics-in-ibm-sterling-b2b-integrator-cve-2020-4655/
Security Bulletin: B2B API Information Disclosure Vulnerability Affects IBM Sterling B2B Integrator (CVE-2020-4566)
https://www.ibm.com/blogs/psirt/security-bulletin-b2b-api-information-disclosure-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2020-4566/
Security Bulletin: Cross-site scripting vulnerability affects IBM Business Automation Workflow - CVE-2020-4672
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-ibm-business-automation-workflow-cve-2020-4672/
Security Bulletin: Multiple Security Vulnerabilities in Apache Struts Affect IBM Sterling File Gateway (CVE-2019-0233, CVE-2019-0230)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-apache-struts-affect-ibm-sterling-file-gateway-cve-2019-0233-cve-2019-0230-2/
Security Bulletin: Cookie Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4763)
https://www.ibm.com/blogs/psirt/security-bulletin-cookie-vulnerability-affects-ibm-sterling-file-gateway-cve-2020-4763/
Security Bulletin: Cookie Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4665)
https://www.ibm.com/blogs/psirt/security-bulletin-cookie-vulnerability-affects-ibm-sterling-file-gateway-cve-2020-4665/