End-of-Day report
Timeframe: Freitag 20-11-2020 18:00 - Montag 23-11-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Jetzt patchen! Exploit-Code bedroht fast 50.000 Fortinet VPNs
Die Lage um eine ein Jahr alte Lücke in VPN-Systemen von Fortinet spitzt sich zu. Sicherheitspatches sind schon lange verfügbar.
https://heise.de/-4968392
GitHub fixes high severity security flaw spotted by Google
Two weeks after Google disclosed a security flaw in GitHub, the Microsoft-owned site has fixed the issue.
https://www.zdnet.com/article/github-fixes-high-severity-security-flaw-spotted-by-google/
Botnetze suchen massenhaft nach Anmeldedaten in ungesicherten ENV-Dateien
Die speichern Konfigurationsdaten von Umgebungen wie Docker, Node.js und Symfony. Sicherheitsanbieter finden zuletzt mehr als 1100 aktive Scanner für ENV-Dateien. Hacker erhalten darüber unter Umständen Zugang zu Servern, um Daten zu stehlen und Malware einzuschleusen.
https://www.zdnet.de/88389948/botnetze-suchen-massenhaft-nach-anmeldedaten-in-ungesicherten-env-dateien/
FBI warns of increasing Ragnar Locker ransomware activity
The U.S. Federal Bureau of Investigation (FBI) Cyber Division has warned private industry partners of increased Ragnar Locker ransomware activity following a confirmed attack from April 2020.
https://www.bleepingcomputer.com/news/security/fbi-warns-of-increasing-ragnar-locker-ransomware-activity/
LightBot: TrickBot-s new reconnaissance malware for high-value targets
The notorious TrickBot has gang has released a new lightweight reconnaissance tool used to scope out an infected victims network for high-value targets.
https://www.bleepingcomputer.com/news/security/lightbot-trickbot-s-new-reconnaissance-malware-for-high-value-targets/
TrickBot turns 100: Latest malware released with new features
The TrickBot cybercrime gang has released the hundredth version of the TrickBot malware with additional features to evade detection.
https://www.bleepingcomputer.com/news/security/trickbot-turns-100-latest-malware-released-with-new-features/
PYSA/Mespinoza Ransomware
Over the course of 8 hours the PYSA/Mespinoza threat actors used Empire and Koadic as well as RDP to move laterally throughout the environment, grabbing credentials from as many [...]
https://thedfirreport.com/2020/11/23/pysa-mespinoza-ransomware/
Vulnerabilities
ICS Advisory (ICSA-20-324-05) Mitsubishi Electric MELSEC iQ-R Series
Successful exploitation of this vulnerability could cause a denial-of-service condition for the affected product.
https://us-cert.cisa.gov/ics/advisories/icsa-20-324-05
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0008
Date Reported: November 23, 2020
Advisory ID: WSA-2020-0008
CVE identifiers: CVE-2020-13584, CVE-2020-9948,CVE-2020-9951, CVE-2020-9952,CVE-2020-9983.
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
https://webkitgtk.org/security/WSA-2020-0008.html
Multiple Vulnerabilities in ZTE WLAN router MF253V
https://sec-consult.com/./en/blog/advisories/multiple-vulnerabilities-in-zte-wlan-router-mf253v/
HCL Domino: Mehrere Schwachstellen ermöglichen Denial of Service
https://www.cert-bund.de/advisoryshort/CB-K20-1155
Opera Mini für Android: Schwachstelle ermöglicht Darstellen falscher Informationen
https://www.cert-bund.de/advisoryshort/CB-K20-1152
Trend Micro ServerProtect: Schwachstelle ermöglicht Privilegieneskalation
https://www.cert-bund.de/advisoryshort/CB-K20-1150
WordPress Fancy Product Designer For WooCommerce 4.5.1 File Upload
https://cxsecurity.com/issue/WLB-2020110179
[webapps] TP-Link TL-WA855RE V5_200415 - Device Reset Auth Bypass
https://www.exploit-db.com/exploits/49092
Security Bulletin: IBM Spectrum Protect Server allows Triple DES (3DES) ciphers to be used (CVE-2018-1785)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-server-allows-triple-des-3des-ciphers-to-be-used-cve-2018-1785/
Security Bulletin: Improper Authentication of Websocket Endpoint in IBM Spectrum Protect Operations Center
https://www.ibm.com/blogs/psirt/security-bulletin-improper-authentication-of-websocket-endpoint-in-ibm-spectrum-protect-operations-center/
Security Bulletin: Vulnerabilities in IBM Java Runtime, IBM WebSphere Application Server Liberty, and Apache Commons affect IBM Spectrum Protect Operations Center and IBM Spectrum Protect Client Management Service
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-ibm-websphere-application-server-liberty-and-apache-commons-affect-ibm-spectrum-protect-operations-center-and-ibm-spectrum-protect-client-manag/
Security Bulletin: Vulnerabilities in IBM Db2 and IBM Java Runtime affect IBM Spectrum Protect Server
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-db2-and-ibm-java-runtime-affect-ibm-spectrum-protect-server/
Security Bulletin: Vulnerabilities in jQuery, Spring, Dom4j, MongoDB, Linux Kernel, Targetcli-fb, Jackson, Node.js, and Apache Commons affect IBM Spectrum Protect Plus
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/
Security Bulletin: Static Credential Vulnerability in IBM Spectrum Protect Plus (CVE-2020-4854)
https://www.ibm.com/blogs/psirt/security-bulletin-static-credential-vulnerability-in-ibm-spectrum-protect-plus-cve-2020-4854/
Security Bulletin: IBM Spectrum Protect Plus allows use of TLS Version 1.1 protocols (CVE-2020-4783)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-plus-allows-use-of-tls-version-1-1-protocols-cve-2020-4783/
Security Bulletin: Vulnerability in Python affects IBM Spectrum Protect Plus Microsoft Windows File Systems agent (CVE-2020-15801)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-python-affects-ibm-spectrum-protect-plus-microsoft-windows-file-systems-agent-cve-2020-15801/
Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-websphere-application-server-liberty-affects-ibm-spectrum-protect-backup-archive-client-web-user-interface-ibm-spectrum-protect-for-space-management-and-ibm/
Security Bulletin: Vulnerabilities in Apache Commons and Log4j affect IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-commons-and-log4j-affect-ibm-spectrum-protect-backup-archive-client-and-ibm-spectrum-protect-for-virtual-environments/
Security Bulletin: IBM Java Runtime Vulnerabilities affect the IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerabilities-affect-the-ibm-spectrum-protect-backup-archive-client-ibm-spectrum-protect-for-space-management-and-ibm-spectrum-protect-for-virtual-environments/