End-of-Day report
Timeframe: Freitag 04-12-2020 18:00 - Montag 07-12-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Finanzmarktaufsicht und Bundeskriminalamt warnen vor Geldwäsche-Jobs
Warnung: Professionelle Geldwäscher versuchen Jobsuchende als Finanzagent anzuwerben und zur Geldwäscherei zu missbrauchen.
https://www.watchlist-internet.at/news/finanzmarktaufsicht-und-bundeskriminalamt-warnen-vor-geldwaesche-jobs/
Sicherheitslücke: Remote Code Execution in Microsoft Teams
Im Desktop-Client von Microsoft Teams fand sich eine extrem kritische Sicherheitslücke, aber Microsoft hat das Problem heruntergespielt.
https://www.golem.de/news/sicherheitsluecke-remote-code-execution-in-microsoft-teams-2012-152636-rss.html
What is Ransomware - 15 Easy Steps To Protect Your System [Updated 2020]
May 12th 2017 saw the biggest ever cyber attack in Internet history (yes, bigger than the Dyn DDoS). A ransomware named WannaCry stormed through the web, with the damage epicenter being in Europe. WannaCry leveraged a vulnerability in Windows OS, first discovered by the NSA, and then publicly revealed to the world by the Shadow [...]
https://heimdalsecurity.com/blog/what-is-ransomware-protection/
Obfuscation Techniques in MARIJUANA Shell "Bypass"
Attackers are always trying to come up with new ways to evade detection from the wide range of security controls available for web applications. This also extends to malware like PHP shells, which are typically left on compromised websites as a backdoor to maintain unauthorized access. MARIJUANA is the name of a PHP shell that we have been tracking since last year.
https://blog.sucuri.net/2020/12/obfuscation-techniques-in-marijuana-shell-bypass.html
Payment Card Skimmer Group Using Raccoon Info-Stealer to Siphon Off Data
A cybercrime group known for targeting e-commerce websites unleashed a "multi-stage malicious campaign" earlier this year designed with an intent to distribute information stealers and JavaScript-based payment skimmers. In a new report published today and shared with The Hacker News, Singapore-based cybersecurity firm Group-IB attributed the operation to the same group thats been linked to a [...]
https://thehackernews.com/2020/12/payment-card-skimmer-group-using.html
Exploitation of Windows RDP Vulnerability CVE-2019-0708 (BlueKeep): Get RCE with System Privilege Using Refresh Rect PDU and RDPDR Client Name Request PDU
To better protect Windows users, we discuss how attackers might exploit CVE-2019-0708 (BlueKeep) on Windows RDP endpoints.
https://unit42.paloaltonetworks.com/cve-2019-0708-bluekeep/
Shodan Verified Vulns 2020-12
Auch im Dezember wollen wir einen Blick auf Schwachstellen werfen, die Shodan in Österreich sieht. Die folgende Grafik basiert auf den Daten vom 2020-12-01: [...]
https://cert.at/de/aktuelles/2020/12/shodan-verified-vulns-2020-12
Vulnerabilities
QNAP patches QTS vulnerabilities allowing NAS device takeover
Network-attached storage (NAS) maker QNAP today released security updates to address vulnerabilities that could enable attackers to take control of unpatched NAS devices following successful exploitation.
https://www.bleepingcomputer.com/news/security/qnap-patches-qts-vulnerabilities-allowing-nas-device-takeover/
Cisco Security Manager Java Deserialization Vulnerabilities
Multiple vulnerabilities in the Java deserialization function that is used by Cisco'Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-java-rce-mWJEedcD
Security updates for Monday
Security updates have been issued by Arch Linux (ceph, gitea, matrix-synapse, musl, mutt, neomutt, opensc, and webkit2gtk), Debian (debian-security-support, openldap, salt, xen, and xorg-server), Fedora (fossil, pdfresurrect, tcpdump, thunderbird, and xorg-x11-server), Gentoo (chromium, firefox, mariadb, pam, postgresql, seamonkey, thunderbird, and xorg-server), Mageia (mutt, pdfresurrect, privoxy, and thunderbird), openSUSE (chromium, java-1_8_0-openjdk, kernel, minidlna, neomutt, opera, [...]
https://lwn.net/Articles/839198/
HPE HP-UX: Mehrere Schwachstellen
https://www.cert-bund.de/advisoryshort/CB-K20-1199
Security Bulletin: Vulnerability in PyYAML affects IBM Spectrum Protect Plus Container and Microsoft File Systems Agents (CVE-2020-1747)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-pyyaml-affects-ibm-spectrum-protect-plus-container-and-microsoft-file-systems-agents-cve-2020-1747-2/
Security Bulletin: Denial of Service Vulnerability in Chart.js affects IBM Spectrum Protect Plus (CVE-2020-7746)
https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnerability-in-chart-js-affects-ibm-spectrum-protect-plus-cve-2020-7746/
Security Bulletin: Upgrade to IBP v2.5.1 to address recent concerns/issues with Golang versions other than 1.14.7
https://www.ibm.com/blogs/psirt/security-bulletin-upgrade-to-ibp-v2-5-1-to-address-recent-concerns-issues-with-golang-versions-other-than-1-14-7/
Security Bulletin: Vulnerability in Urllib3 affects IBM Spectrum Protect Container and Microsoft File Systems Agents (CVE-2020-26137)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-urllib3-affects-ibm-spectrum-protect-container-and-microsoft-file-systems-agents-cve-2020-26137/
Public Service Announcement
Due to Dec 8 being a public holiday in Austria the next End-of-Day report will be published on Dec 9.
https://en.wikipedia.org/wiki/Feast_of_the_Immaculate_Conception