Tageszusammenfassung - 16.11.2020

End-of-Day report

Timeframe: Freitag 13-11-2020 18:00 - Montag 16-11-2020 18:00 Handler: Stephan Richter Co-Handler: n/a

News

Stories from the SOC - Multi-layered defense detects Windows Trojan

Malware infections are common and are often missed by antivirus software. Their impact to critical infrastructure and applications can be devastating to an organizations network, brand and customers if not remediated. With the everchanging nature of [...]

https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-multi-layered-defense-detects-windows-trojan


New TroubleGrabber Discord malware steals passwords, system info

TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators.

https://www.bleepingcomputer.com/news/security/new-troublegrabber-discord-malware-steals-passwords-system-info/


Windows Kerberos authentication breaks due to security updates

Microsoft is investigating a new known issue causing enterprise domain controllers to experience Kerberos authentication problems after installing security updates released during this months Patch Tuesday, on November 10.

https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentication-breaks-due-to-security-updates/


Schneider Electric Warns Customers of Drovorub Linux Malware

One of the security bulletins released this week by Schneider Electric warns customers about Drovorub, a piece of Linux malware that was recently detailed by the NSA and the FBI.

https://www.securityweek.com/schneider-electric-warns-customers-drovorub-linux-malware


Ok Google: please publish your DKIM secret keys

The Internet is a dangerous place in the best of times. Sometimes Internet engineers find ways to mitigate the worst of these threats, and sometimes they fail. Every now and then, however, a major Internet company finds a solution that actually makes the situation worse for just about everyone. Today I want to talk about [...]

https://blog.cryptographyengineering.com/2020/11/16/ok-google-please-publish-your-dkim-secret-keys/


The ransomware landscape is more crowded than you think

More than 25 Ransomware-as-a-Service (RaaS) portals are currently renting ransomware to other criminal groups.

https://www.zdnet.com/article/the-ransomware-landscape-is-more-crowded-than-you-think/


Ngioweb Botnet Targeting IoT Devices

A new version of the Ngioweb botnet malware was discovered and analyzed by Netlab 360 researchers. Their blog post details the changes observed in these newer samples.

https://exchange.xforce.ibmcloud.com/collection/e4becb0bc47fb9b7ad74c9fb579f027b

Vulnerabilities

Heartbleed, BlueKeep and other vulnerabilities that didnt disappear just because we dont talk about them anymore, (Mon, Nov 16th)

Since new critical vulnerabilities are discovered and published nearly every day, it is no wonder that we (i.e. security professionals and security-oriented media) tend to focus on these and dont return to the ones that came before too often. Unless there is a massive exploitation campaign, that is. This doesnt present any problems for organizations, which manage to patch vulnerabilities on time, but for many others [...]

https://isc.sans.edu/diary/rss/26798


Security updates for Monday

Security updates have been issued by Debian (libdatetime-timezone-perl and libvncserver), Fedora (chromium, kernel, kernel-headers, kernel-tools, krb5, libexif, libxml2, and thunderbird), Gentoo (chromium, libmaxminddb, and mit-krb5), Mageia (arpwatch, bluez, chromium-browser-stable, firefox and thunderbird, golang, java-1.8.0-op, kdeconnect-kde, kleopatra, libexif, lilypond, microcode, packagekit, ruby, and tpm2-tss), openSUSE (chromium, firefox, ImageMagick, kernel, openldap2, python-waitress, SDL, u-boot, ucode-intel, and zeromq), Oracle (fence-agents, firefox, freetype, kernel, python, python3, and thunderbird), Red Hat (rh-postgresql10-postgresql, rh-postgresql12-postgresql, and virt:8.2 and virt-devel:8.2), Slackware (seamonkey), and SUSE (firefox, gdm, kernel, and kernel-firmware).

https://lwn.net/Articles/837431/


SIGE (Joomla) 3.4.1 & 3.5.3 Pro - Multiple Vulnerabilities

https://cxsecurity.com/issue/WLB-2020110113


Opera Touch for iOS: Schwachstelle ermöglicht Darstellen falscher Informationen

https://www.cert-bund.de/advisoryshort/CB-K20-1123


Nagios Enterprises Nagios XI: Mehrere Schwachstellen

https://www.cert-bund.de/advisoryshort/CB-K20-1122


Security Bulletin: Information Disclosure Vulnerability Affects EBICS Client of IBM Sterling B2B Integrator (CVE-2020-4475)

https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-affects-ebics-client-of-ibm-sterling-b2b-integrator-cve-2020-4475/


Security Bulletin: Information Disclosure Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4476)

https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-affects-ibm-sterling-file-gateway-cve-2020-4476/


Security Bulletin: CKEditor XSS Vulnerability Affects IBM Sterling B2B Integrator (CVE-2018-17960)

https://www.ibm.com/blogs/psirt/security-bulletin-ckeditor-xss-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2018-17960/


Security Bulletin: XSS Vulnerability Affects IBM Sterling B2B Integrator (CVE-2020-4705)

https://www.ibm.com/blogs/psirt/security-bulletin-xss-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2020-4705/


Security Bulletin: SQL Injection Vulnerability Affects EBICS in IBM Sterling B2B Integrator (CVE-2020-4655)

https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerability-affects-ebics-in-ibm-sterling-b2b-integrator-cve-2020-4655/


Security Bulletin: B2B API Information Disclosure Vulnerability Affects IBM Sterling B2B Integrator (CVE-2020-4566)

https://www.ibm.com/blogs/psirt/security-bulletin-b2b-api-information-disclosure-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2020-4566/


Security Bulletin: Cross-site scripting vulnerability affects IBM Business Automation Workflow - CVE-2020-4672

https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-ibm-business-automation-workflow-cve-2020-4672/


Security Bulletin: Multiple Security Vulnerabilities in Apache Struts Affect IBM Sterling File Gateway (CVE-2019-0233, CVE-2019-0230)

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-apache-struts-affect-ibm-sterling-file-gateway-cve-2019-0233-cve-2019-0230-2/


Security Bulletin: Cookie Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4763)

https://www.ibm.com/blogs/psirt/security-bulletin-cookie-vulnerability-affects-ibm-sterling-file-gateway-cve-2020-4763/


Security Bulletin: Cookie Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4665)

https://www.ibm.com/blogs/psirt/security-bulletin-cookie-vulnerability-affects-ibm-sterling-file-gateway-cve-2020-4665/