Tageszusammenfassung - 29.12.2020

End-of-Day report

Timeframe: Montag 28-12-2020 18:00 - Dienstag 29-12-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter

News

Video: Betrugsmaschen auf Facebook, WhatsApp, Instagram und Co.

Abo-Fallen, Phishing-Nachrichten oder unseriöse Werbungen. Auf Facebook, WhatsApp, Instagram & Co. stößt man auf verschiedene Betrugsmaschen. Im Video zeigen wir Ihnen, auf was Sie achten müssen, um sicher in den sozialen Medien surfen zu können!

https://www.watchlist-internet.at/news/video-betrugsmaschen-auf-facebook-whatsapp-instagram-und-co/

Useful Sources of Domain and DNS Logging

The final part of this blog series on log collection covers Managed DNS Providers, Packet Capture, IDS/IPS Tools, Mail Exchange, IIS Servers, and more. Learn about these log sources and explore the next steps for ideas beyond logging.

https://www.domaintools.com/resources/blog/useful-sources-of-domain-and-dns-logging

Using Microsoft 365 Defender to protect against Solorigate

This blog is a comprehensive guide for security operations and incident response teams using Microsoft 365 Defender to identify, investigate, and respond to the Solorigate attack if it-s found in your environment.

https://www.microsoft.com/security/blog/2020/12/28/using-microsoft-365-defender-to-coordinate-protection-against-solorigate/

Want to know whats in a folder you dont have a permission to access? Try asking your AV solution..., (Tue, Dec 29th)

Back in February, I wrote a diary about a small vulnerability in Windows, which allows users to brute-force names of files in folders, which they dont have permission to open/list[1]. While thinking on the topic, it occurred to me that a somewhat-complete list of files placed in a folder one cant access due to lack of permissions might potentially be obtained by scanning the folder with an anti-malware solution, which displays files which are currently being scanned.

https://isc.sans.edu/diary/rss/26932

A Google Docs Bug Could Have Allowed Hackers See Your Private Documents

Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 as part of Googles Vulnerability Reward Program.

https://thehackernews.com/2020/12/a-google-docs-bug-could-have-allowed.html

SearchDimension search hijackers: An overview of developments

The SearchDimension family of search hijackers has made some headway over the past year. Heres an overview of their latest tricks.

https://blog.malwarebytes.com/adware/2020/12/searchdimension-search-hijackers/

Vulnerabilities

ZDI-20-1453: Qognify Ocularis EventCoordinator ConnectedChannel_GotMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis. Authentication is not required to exploit this vulnerability.

http://www.zerodayinitiative.com/advisories/ZDI-20-1453/

Security updates for Tuesday

Security updates have been issued by Mageia (flac, graphicsmagick, jackit, kdeconnect-kde, libmaxminddb, libvirt, openjpeg2, pngcheck, python3, roundcubemail, and spice-vdagent), openSUSE (gimp), and SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, cyrus-sasl, and gimp).

https://lwn.net/Articles/841436/

Synology-SA-20:29 SRM

A vulnerability allows remote attackers to obtain sensitive information via a susceptible version of Synology Router Manager (SRM).

https://www.synology.com/en-global/support/security/Synology_SA_20_29