Tageszusammenfassung - 12.05.2020

End-of-Day report

Timeframe: Montag 11-05-2020 18:00 - Dienstag 12-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter

News

Astaroth-s New Evasion Tactics Make It -Painful to Analyze-

The infostealer has gone above and beyond in its new anti-analysis and obfuscation tactics.

https://threatpost.com/astaroths-evasion-tactics-painful-analyze/155633/

Anubis Malware Upgrade Logs When Victims Look at Their Screens

Threat actors are cooking up new features for the sophisticated banking trojan that targets Google Android apps and devices.

https://threatpost.com/anubis-malware-upgrade-victims-screens/155644/

Analyzing Dark Crystal RAT, a C# backdoor

[...] The FLARE Team helps augment our threat intelligence by reverse engineering malware samples. Recently, FLARE worked on a new C# variant of Dark Crystal RAT (DCRat) that the threat intel team passed to us. We reviewed open source intelligence and prior work, performed sandbox testing, and reverse engineered the Dark Crystal RAT to review its capabilities [...]

http://www.fireeye.com/blog/threat-research/2020/05/analyzing-dark-crystal-rat-backdoor.html

Profilbesuche auf Facebook erkennen - Geht das?

Auf Facebook kursiert momentan ein Link, der es angeblich ermöglicht, Profilzugriffe anzuzeigen. Das macht natürlich neugierig. Doch Vorsicht: Sie landen auf einer Phishing-Seite! Kriminelle greifen Ihre Facebook-Login-Daten ab und posten betrügerische Beiträge in Ihrem Namen. Und: Facebook bietet kein Tool an, dass Ihnen anzeigt, wer auf Ihrem Profil war.

https://www.watchlist-internet.at/news/profilbesuche-auf-facebook-erkennen-geht-das/

Rückblick auf das erste Drittel 2020

Jänner: BMEIA, Shitrix, BlueGate - ein besinnlicher Jahresbeginn Februar: Die (fast) letzten Augenblicke von TLS März und April: COVID-19 oder "Im Cyber nix neues"

https://cert.at/de/blog/2020/5/ruckblick-auf-das-erste-drittel-2020

Vulnerabilities

Adobe fixes critical vulnerabilities in Acrobat, Reader, and DNG SDK

Adobe has released security updates for Adobe Acrobat, Reader, and Adobe DNG Software Development Kit that resolve a combined total of thirty-six security vulnerabilities in the three products.

https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-vulnerabilities-in-acrobat-reader-and-dng-sdk/

Siemens SSA-352504: Urgent/11 TCP/IP Stack Vulnerabilities in Siemens Power Meters

Siemens low & high voltage power meters are affected by multiple security vulnerabilities due to the underlying Wind River VxWorks network stack. This stack is affected by eleven vulnerabilities known as the "URGENT/11".

https://cert-portal.siemens.com/productcert/txt/ssa-352504.txt

TYPO3 Core version 10.4.2 fixes multiple vulnerabilities

TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface

https://typo3.org/help/security-advisories/typo3-cms

TYPO3 - vulnerabilities in multiple extensions - 2020-05-12

TYPO3-EXT-SA-2020-004: SQL Injection in extension "phpMyAdmin" (phpmyadmin) TYPO3-EXT-SA-2020-005: Multiple vulnerabilities in extension "Direct Mail" (direct_mail) TYPO3-EXT-SA-2020-006: Broken Access Control in extension "gForum" (g_forum) TYPO3-EXT-SA-2020-007: Sensitive Data Exposure in extension "Job Fair" (jobfair) TYPO3-EXT-SA-2020-008: Cross-Site Scripting in "SVG Sanitizer" (svg_sanitizer)

https://typo3.org/help/security-advisories/typo3-extensions

Sicherheitspatches: Online-Foren über vBulletin-Lücke attackierbar

Es sind mehrere abgesicherte Version der Foren-Software vBulletin erschienen.

https://heise.de/-4719217

Security updates for Tuesday

Security updates have been issued by Arch Linux (a2ps and qutebrowser), openSUSE (cacti, cacti-spine, ghostscript, and python-markdown2), Oracle (kernel), Red Hat (chromium-browser, libreswan, and qemu-kvm-ma), Scientific Linux (thunderbird), and SUSE (kernel and libvirt).

https://lwn.net/Articles/820307/