Tageszusammenfassung - 11.12.2020

End-of-Day report

Timeframe: Donnerstag 10-12-2020 18:00 - Freitag 11-12-2020 18:00 Handler: Stephan Richter Co-Handler: n/a

News

Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers

A persistent malware campaign has been actively distributing Adrozek, an evolved browser modifier malware at scale since at least May 2020. At its peak in August, the threat was observed on over 30,000 devices every day. The malware is designed to inject ads into search engine results pages and affects multiple browsers.

https://www.microsoft.com/security/blog/2020/12/10/widespread-malware-campaign-seeks-to-silently-inject-ads-into-search-results-affects-multiple-browsers/

Symantec Messaging Gateway könnte Passwörter leaken

Es ist ein wichtiges Sicherheitsupdate für Symantec Messaging Gateway erschienen.

https://heise.de/-4986723

PoC Released for Unpatched Windows Vulnerability Present Since 2006

Details and a proof-of-concept (PoC) exploit have been released for an unpatched privilege escalation vulnerability in Windows related to the PsExec administration tool. The vulnerability was discovered by Tenable researcher David Wells and it was disclosed this week after Microsoft failed to release a patch within 90 days.

https://www.securityweek.com/poc-released-unpatched-windows-vulnerability-present-2006

myusenet.de, bigusenet.de & Co.: Neue betrügerische Streaming-Plattformen führen in Abofalle!

Immer wieder berichtet die Watchlist Internet von betrügerischen Streaming-Plattformen, die in die Abofalle führen. Derzeit gehen zahlreiche Meldungen bei uns ein, die vor myusenet.de, foxusenet.de bigusenet.de und megausenet.de warnen. Diese neuen Streaming-Plattformen sehen zwar anders aus als die üblichen Fake-Streaming-Plattformen, die Masche bleibt aber die gleiche: Nach einer Registrierung, erhalten Sie eine Zahlungsaufforderung von 384 Euro.

https://www.watchlist-internet.at/news/myusenetde-bigusenetde-co-neue-betruegerische-streaming-plattformen-fuehren-in-abofalle/

Update now: Researchers warn of security vulnerabilities in these widely used point-of-sale terminals

Security researchers disclose vulnerabilities including default passwords in two of the largest PoS manufacturers in the world.

https://www.zdnet.com/article/update-now-researchers-warn-of-security-vulnerabilities-in-widely-used-point-of-sale-terminals/

Vulnerabilities

Adobe Releases Security Updates for Acrobat and Reader

Adobe has released security updates to address a vulnerability in Acrobat and Reader. An attacker could exploit this vulnerability to obtain sensitive information.

https://us-cert.cisa.gov/ncas/current-activity/2020/12/10/adobe-releases-security-updates-acrobat-and-reader

Hotfix rüstet Firewalls und Router von Sophos gegen Attacken

Unter bestimmten Voraussetzungen könnten Angreifer das Netzwerkbetriebssystem Cyberoam attackieren.

https://heise.de/-4986665

Security updates for Friday

Security updates have been issued by Debian (minidlna and x11vnc), Fedora (pam), openSUSE (chromium, minidlna, nsd, openssl-1_1, and pngcheck), SUSE (gcc7 and kernel), and Ubuntu (lxml and squirrelmail).

https://lwn.net/Articles/839861/

Security Bulletin: IBM Resilient Platform could allow formula injection in Excel (CVE-2020-4633)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-platform-could-allow-formula-injection-in-excel-cve-2020-4633/

Security Bulletin: NGINX vulnerability CVE-2019-20372 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0

https://www.ibm.com/blogs/psirt/security-bulletin-nginx-vulnerability-cve-2019-20372-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to-v4-0/

Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow (CVE-2020-4701)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-buffer-overflow-cve-2020-4701-4/

Security Bulletin: Fixed CP4D timeout for IBM Netezza for Cloud Pak for Data 11.1.1.0

https://www.ibm.com/blogs/psirt/security-bulletin-fixed-cp4d-timeout-for-ibm-netezza-for-cloud-pak-for-data-11-1-1-0/

Security Bulletin: OpenSSL vulnerability CVE-2020-1968 impacts IBM Aspera Streaming/IBM Aspera Streaming for Video version 3.9.6.1 and earlier

https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-cve-2020-1968-impacts-ibm-aspera-streaming-ibm-aspera-streaming-for-video-version-3-9-6-1-and-earlier/

Security Bulletin: App Connect Enterprise Certified Container is vulnerable to code injection and Denial of Service attacks

https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-is-vulnerable-to-code-injection-and-denial-of-service-attacks/

Security Bulletin: HAProxy vulnerability CVE-2019-18277 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0

https://www.ibm.com/blogs/psirt/security-bulletin-haproxy-vulnerability-cve-2019-18277-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to-v4-0/

Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-buffer-overflow-leading-to-a-privileged-escalation-cve-2020-4363-7/

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4387)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-cve-2020-4387-6/

Security Bulletin: App Connect Enterprise Certified Container Integration Servers could cause a Denial of Service or a buffer overflow when using MQ

https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-integration-servers-could-cause-a-denial-of-service-or-a-buffer-overflow-when-using-mq/