End-of-Day report
Timeframe: Freitag 22-05-2020 18:00 - Montag 25-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Discord client turned into a password stealer by updated malware
A threat actor converted the AnarchyGrabber trojan into a new malware that steals passwords and user tokens, disables 2FA, and spreads malware to a victims friends.
https://www.bleepingcomputer.com/news/security/discord-client-turned-into-a-password-stealer-by-updated-malware/
Portscan: Ebay.de scannt den Rechner auf offene Ports
Mit einem Javascript werden 14 Ports auf dem lokalen PC abgeklopft.
https://www.golem.de/news/portscan-ebay-de-scannt-den-rechner-auf-offene-ports-2005-148690-rss.html
70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs
A lack of awareness about where and how open-source libraries are being used is problematic, researchers say.
https://threatpost.com/70-of-apps-open-source-bugs/156040/
New activity of DoubleGuns- gang, control hundreds of thousands of bots via public cloud service
Recently, our DNS data based threat monitoning system DNSmon flagged a suspicious domain pro.csocools.com. The system estimates the scale of infection may well above hundreds of thousands of users. By analyzing the related samples and C2s,We traced its family back to the ShuangQiang(double gun) campaign, [...]
https://blog.netlab.360.com/shuangqiang/
AgentTesla Delivered via a Malicious PowerPoint Add-In, (Sat, May 23rd)
Attackers are always trying to find new ways to deliver malicious code to their victims. Microsoft Word and Excel are documents that can be easily weaponized by adding malicious VBA macros. Today, they are one of the most common techniques to compromise a computer. Especially because Microsoft implemented automatically executed macros when the document is opened. In Word, the macro must be named AutoOpen(). In Excel, the name must be Workbook_Open(). However, PowerPoint does not support this [...]
https://isc.sans.edu/diary/rss/26162
Securing SSH: What To Do and What Not To Do
The SSH service is critical, ensuring its security is key. This blog will describe how best to secure the SSH service from threat actors.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/securing-ssh-what-to-do-and-what-not-to-do/
Thousands of enterprise systems infected by new Blue Mockingbird malware gang
Hackers are exploiting a dangerous and hard to patch vulnerability to go after enterprise servers.
https://www.zdnet.com/article/thousands-of-enterprise-systems-infected-by-new-blue-mockingbird-malware-gang/
Insidious Android malware gives up all malicious features but one to gain stealth
ESET researchers detect a new way of misusing Accessibility Service, the Achilles- heel of Android security
https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/
Vulnerabilities
Apples iPhone und iPad: Aktueller Jailbreak für iOS 13.5 nutzt Zero-Day-Lücke aus
Kurz nach der Veröffentlichung von iOS 13.5 ist ein Jailbreak erschienen. Damit wird das Sicherheitssystem in iOS und iPadOS ausgehebelt.
https://www.golem.de/news/apples-iphone-und-ipad-aktueller-jailbreak-fuer-ios-13-5-nutzt-zero-day-luecke-aus-2005-148678-rss.html
Security updates for Monday
Security updates have been issued by Arch Linux (chromium, dovecot, openconnect, and powerdns-recursor), Debian (cracklib2, feh, netqmail, ruby-rack, tomcat7, and transmission), Fedora (dovecot, kernel, log4net, openconnect, python-markdown2, and unbound), Mageia (ansible, clamav, dovecot, file-roller, glpi, kernel, kernel-linus, libntlm, microcode, nmap, pdns-recursor, unbound, viewvc, and wireshark), openSUSE (ant, autoyast2, dpdk, file, freetype2, gstreamer-plugins-base, imapfilter, libbsd, [...]
https://lwn.net/Articles/821347/
2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on FOX615 Multiservice-Multiplexer
https://search.abb.com/library/Download.aspx?DocumentID=1KHW003578&LanguageCode=en&DocumentPartId=&Action=Launch
2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on Relion 670, Relion 650, SAM600-IO Series
https://search.abb.com/library/Download.aspx?DocumentID=1MRG035816&LanguageCode=en&DocumentPartId=&Action=Launch
2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on AFS66x
https://search.abb.com/library/Download.aspx?DocumentID=1MRG000001&LanguageCode=en&DocumentPartId=&Action=Launch
2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on NSD570 Teleprotection Equipment
https://search.abb.com/library/Download.aspx?DocumentID=1KHW003577&LanguageCode=en&DocumentPartId=&Action=Launch
2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on ETL600 Power Line Carrier System
https://search.abb.com/library/Download.aspx?DocumentID=1KHW003576&LanguageCode=en&DocumentPartId=&Action=Launch
2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on REB500
https://search.abb.com/library/Download.aspx?DocumentID=1KHL501885&LanguageCode=en&DocumentPartId=&Action=Launch
2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on RTU500 series
https://search.abb.com/library/Download.aspx?DocumentID=1KGT090327&LanguageCode=en&DocumentPartId=&Action=Launch
Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-a-netty-vulnerability-2/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Insights
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-insights/
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-ze
https://www.ibm.com/blogs/psirt/security-bulletin-vyatta-5600-vrouter-software-patches-release-1801-ze-2/
Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-a-netty-vulnerability/
Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-kernel-vulnerabilities-2/
Grafana: Schwachstelle ermöglicht Cross-Site Scripting
http://www.cert-bund.de/advisoryshort/CB-K20-0495