End-of-Day report
Timeframe: Montag 21-12-2020 18:00 - Dienstag 22-12-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Ransomware Task Force gegründet
Verschiedene Sicherheitsspezialisten haben die Ransomware Taks Force aus der Taufe gehoben. Zu den Gründungsmitgliedern gehören bekannte Namen wie Microsoft, McAfee und Citrix, aber auch kleinere Hersteller und gemeinnützige Organisationen.
https://www.zdnet.de/88390942/ransomware-task-force-gegruendet/
Least Privilege Application Management - A Lesson Learned from SolarWinds Orion
-The sophisticated, nation-state assault used to infiltrate SolarWinds Orion and then leveraged to compromise potentially thousands of its customers is astonishing in scope and potential fallout.
https://www.beyondtrust.com/blog/entry/least-privilege-application-management-a-lesson-learned-from-solarwinds-orion
Smart Doorbell Disaster: Many Brands Vulnerable to Attack
Investigation reveals device sector is problem plagued when it comes to security bugs.
https://threatpost.com/smart-doorbell-vulnerable-to-attack/162527/
Patrick Wardle on Hackers Leveraging 'Powerful' iOS Bugs in High-Level Attacks
Noted Apple security expert Patrick Wardle discusses how cybercriminals are stepping up their game in targeting Apple users with new techniques and cyberattacks.
https://threatpost.com/patrick-wardle-on-hackers-leveraging-powerful-ios-bugs-in-high-level-attacks/162521/
Threat Actors Increasingly Using VBA Purging in Attacks
Cyberattacks relying on malicious Office documents have increasingly leveraged a relatively new technique called VBA Purging, FireEye said over the weekend, when it also announced the availability of a related open source tool.
https://www.securityweek.com/threat-actors-increasingly-using-vba-purging-attacks
Increase in Drive-by Attacks Using SocGholish
The SocGholish framework is commonly used to distribute fake updates for applications such as Chrome, Firefox, Flash Player, and Microsoft Teams through drive-by downloads. Menlo Labs has reported an uptick in attacks using SocGholish.
https://exchange.xforce.ibmcloud.com/collection/ef2a09a8bb57d90f200a51af74506051
Meyhod - Yet Another Magecart Skimmer
Discovered by RiskIQ in October, Meyhod is a Magecart skimmer that researchers observed on several sites, in some cases it has been present on a site for months. The IP address that is hosting the malicious JavaScript code has several other domains associated with it that are suspected to be malicious.
https://exchange.xforce.ibmcloud.com/collection/5a493a06b3a2fa9585d3f239007dc663
Vulnerabilities
Sicherheitslücke mit maximaler Gefahreneinstufung in Wyse-Thin-Clients von Dell
Zwei kritische Sicherheitslücken gefährden Dell-PCs der Wyse-Thin-Serie. Updates sind verfügbar.
https://heise.de/-4997456
Security updates for Tuesday
Security updates have been issued by CentOS (kernel and thunderbird), Debian (openjdk-8 and webkit2gtk), Fedora (gdm, mingw-openjpeg2, and openjpeg2), Mageia (compat-openssl10, golang-googlecode-net, mbedtls, openssl, and virtualbox), openSUSE (ovmf and xen), Red Hat (kernel, mariadb-connector-c, mariadb:10.3, postgresql:10, and postgresql:9.6), and SUSE (ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, [...]
https://lwn.net/Articles/841099/
Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554)
A currently unpatched, medium-severity issue affecting all Kubernetes versions, CVE-2020-8554 can be mitigated in several ways.
https://unit42.paloaltonetworks.com/cve-2020-8554/
BlackBerry Powered by Android Security Bulletin - December 2020
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000072551
Security Bulletin: A vulnerability in IBM Java Runtime affect IBM Spectrum Conductor and IBM Spectrum Conductor with Spark
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark-3/
Security Bulletin: Publicly disclosed vulnerability from Bind affects IBM Netezza Host Management
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-bind-affects-ibm-netezza-host-management/
Security Bulletin: Apache Poi as used by IBMQRadar SIEM is vulnerable to information disclosure (CVE-2019-12415, CVE-2017-12626)
https://www.ibm.com/blogs/psirt/security-bulletin-apache-poi-as-used-by-ibmqradar-siem-is-vulnerable-to-information-disclosure-cve-2019-12415-cve-2017-12626/
Apache Struts vulnerability CVE-2020-17530
https://support.f5.com/csp/article/K24608264