Tageszusammenfassung - 22.05.2020

End-of-Day report

Timeframe: Mittwoch 20-05-2020 18:00 - Freitag 22-05-2020 18:00 Handler: Stephan Richter Co-Handler: n/a

News

Drahtlos-Standard: Bluetooth-Sicherheitslücke betrifft praktisch alle Geräte

Bluetooth erfordert beim Verbindungsaufbau keine beidseitige Authentifizierung. Der Angriff Bias funktioniert als Master und als Slave.

https://www.golem.de/news/drahtlos-standard-bluetooth-sicherheitsluecke-betrifft-praktisch-alle-geraete-2005-148659-rss.html

Sarwent Malware Continues to Evolve With Updated Command Functions

Sarwent has received little attention from researchers, but this backdoor malware is still being actively developed, with new commands and a focus on RDP.

https://labs.sentinelone.com/sarwent-malware-updates-command-detonation/

Shining a light on -Silent Night- Zloader/Zbot

The latest Malwarebytes Threat Intel report focuses on Silent Night, a new banking Trojan recently tracked as Zloader/Zbot.

https://blog.malwarebytes.com/threat-analysis/2020/05/the-silent-night-zloader-zbot/

Vulnerability Spotlight: Memory corruption vulnerability in GNU Glibc leaves smart vehicles open to attack

Modern automobiles are complex machines, merging both mechanical and computer systems under one roof. As automobiles become more advanced, additional sensors and devices are added to help the vehicle understand its internal and external environments. These sensors provide drivers with real-time information, connect the vehicle to the global fleet network and, in some cases, actively use and interpret this telemetry data to drive the [...]

https://blog.talosintelligence.com/2020/05/cve-2020-6096.html

Bequemlichkeit vs. Sicherheit bei Smart-Home Geräten

Trotz der wachsenden Akzeptanz von Smart-Home-Geräten, sollten wir unsere Privatsphäre und Sicherheit nicht der Bequemlichkeit opfern.

https://www.welivesecurity.com/deutsch/2020/05/20/bequemlichkeit-vs-sicherheit-bei-smart-home-geraeten/

Tools Used in GhostDNS Router Hijack Campaigns Dissected

The source code of the GhostDNS exploit kit (EK) has been obtained and analyzed by researchers. GhostDNS is used to compromise a wide range of routers to facilitate phishing -- perhaps more accurately, pharming -- for banking credentials. Target routers are mostly, but not solely, located in Latin America.

https://www.securityweek.com/tools-used-ghostdns-router-hijack-campaigns-dissected

Ragnar Locker Ransomware Uses Virtual Machines for Evasion

The Ragnar Locker ransomware has been deploying a full virtual machine to ensure that it can evade detection, Sophos reveals.

https://www.securityweek.com/ragnar-locker-ransomware-uses-virtual-machines-evasion

Free ImmuniWeb Tool Allows Organizations to Check Dark Web Exposure

Web security company ImmuniWeb this week announced a free tool that allows businesses and government organizations to check their dark web exposure.

https://www.securityweek.com/free-immuniweb-tool-allows-organizations-check-dark-web-exposure

Wahre Liebe oder Betrug? So finden Sie es heraus!

Egal ob auf Sozialen Netzwerken wie Facebook oder Instagram, auf Online-Partnerbörsen oder einfach per Mail - immer wieder melden uns LeserInnen sogenannte Love- oder Romance-Scammer. Durch Liebesbeteuerungen und Geschichten aus Ihrem Alltag erschleichen sich die BetrügerInnen das Vertrauen der Opfer. Tatsächlich geht es aber auch bei dieser Betrugsmasche nur um eines: Geld.

https://www.watchlist-internet.at/news/wahre-liebe-oder-betrug-so-finden-sie-es-heraus/

Spectra: Neuartiger Angriff überwindet Trennung von WLAN und Bluetooth

Er richtet sich gegen Combo-Chips der Hersteller Broadcom und Cypress. Sie finden sich unter anderem in iPhones, MacBooks und Galaxy-S-Smartphones. Spectra nutzt Schwachstellen in einer Funktion, die einen schnellen Wechsel von einer Funktechnik zur anderen erlaubt.

https://www.zdnet.de/88380022/spectra-neuartiger-angriff-ueberwindet-trennung-von-wlan-und-bluetooth/

Vulnerabilities

Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003

Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. The vulnerability is caused by insufficient validation of the destination query parameter in the drupal_goto() function.

https://www.drupal.org/sa-core-2020-003

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002

The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are [...] security issues in jQuery-s DOM manipulation methods, as in .html(), .append(), and the others.

https://www.drupal.org/sa-core-2020-002

Apple Security Update: Xcode 11.5

Impact: A crafted git URL that contains a newline in it may cause credential information to be provided for the wrong host

https://support.apple.com/en-us/HT211183

Security updates for Thursday

Security updates have been issued by Arch Linux (keycloak, qemu, and thunderbird), Debian (dovecot), Fedora (abcm2ps and oddjob), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, and kernel-rt), SUSE (ant, bind, and freetype2), and Ubuntu (bind9 and linux, linux-aws, linux-aws-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3,linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2 ).

https://lwn.net/Articles/821093/

Security updates for Friday

Security updates have been issued by CentOS (firefox, ipmitool, kernel, squid, and thunderbird), Debian (pdns-recursor), Fedora (php and ruby), Red Hat (dotnet and dotnet3.1), SUSE (dom4j, dovecot23, memcached, and tomcat), and Ubuntu (clamav, libvirt, and qemu).

https://lwn.net/Articles/821205/

Hackers Can Target Rockwell Industrial Software With Malicious EDS Files

Rockwell Automation recently patched two vulnerabilities related to EDS files that can allow malicious actors to expand their access within a targeted organization-s OT network.

https://www.securityweek.com/hackers-can-target-rockwell-industrial-software-malicious-eds-files