End-of-Day report
Timeframe: Donnerstag 03-12-2020 18:00 - Freitag 04-12-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Achtung! Amazon-Phishing Mails boomen derzeit!
Der Black Friday ist vorbei, Weihnachten steht vor der Tür und Österreich befindet sich nach wie vor im Lockdown. All das sind Gründe, wieso der Online-Handel derzeit boomt - genauso boomen jedoch betrügerische Nachrichten, die im Namen von Amazon verschickt werden. Aktuell kursieren E-Mails, bei denen BetrügerInnen Ihnen eine doppelte Abbuchung vorgaukeln, um an Ihre Daten zu kommen.
https://www.watchlist-internet.at/news/achtung-amazon-phishing-mails-boomen-derzeit/
Malware für den Diebstahl von Finanzdaten versteckt sich hinter Social-Media-Buttons
Die Buttons erlauben angeblich das Teilen von Inhalten per Facebook, Twitter und Instagram. Stattdessen aktivieren sie Schadcode, der es auf persönliche Informationen und Kreditkartendaten abgesehen hat. Die zugehörige Malware ist bereits seit Ende September im Umlauf.
https://www.zdnet.de/88390301/malware-fuer-den-diebstahl-von-finanzdaten-versteckt-sich-hinter-social-media-buttons/
Cybercrime: Trickbot lernt neuen Trick
Emotet-Infektionen werden zukünftig noch gefährlicher. Denn die nachgeladene Malware könnte sich im BIOS festsetzen.
https://heise.de/-4980197
Forscher warnen vor teils noch ungefixter Schwachstelle in diversen Android-Apps
Die ehemals verwundbare, durch Google bereits im März reparierte Play Core-Library wurde durch manche App-Entwickler (noch) nicht aktiv aktualisiert.
https://heise.de/-4979478
The chronicles of Emotet
More than six years have passed since the banking Trojan Emotet was first detected. During this time it has repeatedly mutated, changed direction, acquired partners, picked up modules, and generally been the cause of high-profile incidents and multimillion-dollar losses.
https://securelist.com/the-chronicles-of-emotet/99660/
Leaking Browser URL/Protocol Handlers
An important step in any targeted attack is reconnaissance. The more information an attacker can obtain on the victim the greater the chances for a successful exploitation and infiltration. Recently, we uncovered two information disclosure vulnerabilities affecting three of the major web browsers which can be leveraged to leak out a vast range of installed applications, including the presence of security products, allowing a threat actor to gain critical insights on the target.
https://www.fortinet.com/blog/threat-research/leaking-browser-url-protocol-handlers
Vulnerabilities
VMware Releases Security Updates to Address CVE-2020-4006
VMware has released security updates to address a vulnerability-CVE-2020-4006-in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0027.2 and apply the necessary updates.
https://us-cert.cisa.gov/ncas/current-activity/2020/12/03/vmware-releases-security-updates-address-cve-2020-4006
Webserver-Sicherheitslücke: Heikle Konfigurations- und Statusdaten publiziert
Fehlkonfigurierte Webserver von Bundesbehörden und IT-Firmen präsentierten Besucher-IPs, Benutzernamen, Meeting-Kennungen und mehr offen im Internet.
https://heise.de/-4971830
Security updates for Friday
Security updates have been issued by Debian (thunderbird), Fedora (c-ares, pdfresurrect, webkit2gtk3, and xen), openSUSE (python3), SUSE (gdm, python-pip, rpmlint, and xen), and Ubuntu (snapcraft).
https://lwn.net/Articles/838960/
WECON LeviStudioU (Update C)
This updated advisory is a follow-up to the advisory update titled ICSA-20-238-03 WECON LeviStudioU (Update B) that was published October 29, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in the WECON Technology LeviStudioU software.
https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03
Apache Tomcat: Schwachstelle ermöglicht Offenlegung von Informationen
https://www.cert-bund.de/advisoryshort/CB-K20-1195
Security Advisory - Privilege Escalation Vulnerability in Huawei Smartphone
https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201202-01-smartphone-en
Security Advisory - Resource Management Error Vulnerability in Huawei CloudEngine 1800V Product
https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201202-01-cloudengine-en
Intel CPU vulnerability CVE-2020-0591
https://support.f5.com/csp/article/K82356391
Intel CPU vulnerability CVE-2020-0592
https://support.f5.com/csp/article/K04160444
QEMU vulnerability CVE-2020-27617
https://support.f5.com/csp/article/K41142448
Jetty vulnerability CVE-2019-10247
https://support.f5.com/csp/article/K41412302
Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Program Management (CVE-2020-11023, CVE-2020-11022)
https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-program-management-cve-2020-11023-cve-2020-11022/
Security Bulletin: Trusteer Mobile SDK is vulnerable to CVE-2019-17362
https://www.ibm.com/blogs/psirt/security-bulletin-trusteer-mobile-sdk-is-vulnerable-to-cve-2019-17362/
Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Sourcing (CVE-2020-11023, CVE-2020-11022)
https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-sourcing-cve-2020-11023-cve-2020-11022/
Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Contract Management (CVE-2020-11023, CVE-2020-11022)
https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-contract-management-cve-2020-11023-cve-2020-11022/
Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Spend Analysis (CVE-2020-11023, CVE-2020-11022)
https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-spend-analysis-cve-2020-11023-cve-2020-11022/
Security Bulletin: IBM API Connect is vulnerable to arbitrary code execution and security bypass in Drupal (CVE-2020-13664, CVE-2020-13665)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulnerable-to-arbitrary-code-execution-and-security-bypass-in-drupal-cve-2020-13664-cve-2020-13665-4/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2020-14579, CVE-2020-14578, CVE-2020-14577, CVE-2020-14621)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-watson-explorer-and-watson-explorer-content-analytics-studio-cve-2020-14579-cve-2020-14578-cve-2020-14577-cve-2020-14621/
Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform (CVE-2020-11023, CVE-2020-11022)
https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform-cve-2020-11023-cve-2020-11022/
Security Bulletin: Multiple security vulnerabilities with IBM Content Navigator component in IBM Business Automation Workflow - CVE-2020-4687, CVE-2020-4760, CVE-2020-4704
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-with-ibm-content-navigator-component-in-ibm-business-automation-workflow-cve-2020-4687-cve-2020-4760-cve-2020-4704/
Security Bulletin: Upgrade javaenv:2.2 to address Gradle oauth authentication concerns.
https://www.ibm.com/blogs/psirt/security-bulletin-upgrade-javaenv2-2-to-address-gradle-oauth-authentication-concerns/