End-of-Day report
Timeframe: Donnerstag 26-11-2020 18:00 - Freitag 27-11-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Achtung Identitätsdiebstahl: Kriminelle versenden betrügerische E-Mails im Namen der Post!
Zahlreiche LeserInnen melden uns derzeit eine betrügerische E-Mail, die im Namen der Österreichischen Post verschickt wird. In diesem E-Mail werden Sie dazu aufgefordert, eine Ausweiskopie zu senden, damit eine Lieferung verarbeitet werden kann. Ignorieren Sie diese E-Mail. Es handelt sich um Betrug!
https://www.watchlist-internet.at/news/achtung-identitaetsdiebstahl-kriminelle-versenden-betruegerische-e-mails-im-namen-der-post/
Sicherheitsupdates: Archive mit Schadcode könnten Drupal-Websites gefährden
Die Drupal-Enwickler haben zwei gefährliche Sicherheitslücken im Content Management System Drupal geschlossen.
https://heise.de/-4972845
Mit dem Bloodhound auf Active-Directory-Jagd
Auf seiner SO-CON zeigte SpecterOps viele Aktualisierungen für Security-Werkzeuge, darunter BloodHound 4.0 für Active-Directory-Angriffe.
https://heise.de/-4973049
Hackers Love Expired Domains
Sometimes, website owners no longer want to own a domain name and they allow it to expire without attempting to renew it. This happens all the time and is totally normal, but it-s important to remember that attackers regularly monitor domain expirations and may target certain domains that meet specific criteria. Vendor domains can be an easy backdoor A vendor (supplier) domain is defined as a website that is used to host and load third party Javascript resources [...]
https://blog.sucuri.net/2020/11/hackers-love-expired-domains.html
Digitally Signed Bandook Malware Once Again Targets Multiple Sectors
A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan. Check Point Research called out hackers affiliated with a group named Dark Caracal in a new report published yesterday for their efforts to deploy "dozens of digitally signed variants" of [...]
https://thehackernews.com/2020/11/digitally-signed-bandook-malware-once.html
Vulnerabilities
Citrix Virtual Apps and Desktops Security Update
2020-11-25: Improved clarification on when a version is impacted and added that 1912 LTSR CU2 is now available
https://support.citrix.com/article/CTX285059
Security updates for Friday
Security updates have been issued by Arch Linux (go, libxml2, postgresql, and wireshark-cli), Debian (drupal7 and lxml), Fedora (drupal7, java-1.8.0-openjdk-aarch32, libxml2, pacemaker, slurm, and swtpm), openSUSE (c-ares, ceph, chromium, dash, firefox, go1.14, java-1_8_0-openjdk, kernel, krb5, perl-DBI, podman, postgresql10, postgresql12, rclone, slurm, ucode-intel, wireshark, wpa_supplicant, and xen), SUSE (ceph, firefox, kernel, LibVNCServer, and python), and Ubuntu (freerdp, poppler, and [...]
https://lwn.net/Articles/838469/