End-of-Day report
Timeframe: Montag 25-05-2020 18:00 - Dienstag 26-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Dumping COVID-19.jar with Java Instrumentation
There is a generic and easy way to unpack Java malware that is not well-known yet. For demonstration I use a recent JAR malware sample that jumps on the COVID-19 bandwagon.
https://www.gdatasoftware.com/blog/2020/05/36083-dumping-covid-19jar-with-java-instrumentation
These Aren-t the Phish You-re Looking For
An Effective Technique for Avoiding Blacklists
https://medium.com/@curtbraz/these-arent-the-phish-you-re-looking-for-7374c3986af5
Fünf Zero-Day-Lücken veröffentlicht - Microsoft will erst später patchen
Das Team der Zero Day Initiative hat Informationen zu fünf Sicherheitslücken veröffentlicht, nachdem Microsoft die gesetzte Frist nicht einhielt.
https://heise.de/-4765191
Projekt SiSyPHuS Win10: Ergebnisse der Analyse zu PowerShell
Im Rahmen der Sicherheitsanalyse von Windows 10 (Projekt SiSyPHuS Win10) hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) die Ergebnisse der Analyse zu PowerShell veröffentlicht.
https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/SiSyPHuS_Powershell_180520.html
ludwig-therese.net ist Fake
Auf der Suche nach einem Dirndl oder einer Lederhose? Viele KonsumentInnen gelangen momentan über betrügerische Werbeschaltungen auf Facebook und Instagram zum Fake-Shop ludwig-therese.net. ludwig-therese.net ist eine Kopie des seriösen Shops ludwig-therese.de. Wer bei ludwig-therese.net bestellt, erhält trotz Bezahlung keine Ware.
https://www.watchlist-internet.at/news/ludwig-theresenet-ist-fake/
RangeAmp attacks can take down websites and CDN servers
Twelve of thirteen CDN providers said they fixed or planned to fix the problem.
https://www.zdnet.com/article/rangeamp-attacks-can-take-down-websites-and-cdn-servers/
Do Androids dream of equal security?
Several pieces of research published by F-Secure Labs demonstrate that region-specific default configurations and settings in some flagship Android devices are creating security problems that affect people in some countries but not others.
https://blog.f-secure.com/android-security/
Vulnerabilities
New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps
Remember Strandhogg? A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information. Late last year, at the time of its public disclosure, researchers also confirmed that some attackers were already exploiting the flaw in the [...]
https://thehackernews.com/2020/05/stranhogg-android-vulnerability.html
Apple Mail: iOS-Updates beseitigen offenbar schwere Lücke
Mit iOS 13.5 und 12.4.7 hat Apple Sicherheitsforschern zufolge Schwachstellen behoben, die eine Manipulation der E-Mail-Inbox ermöglichten.
https://heise.de/-4764378
Security updates for Tuesday
Security updates have been issued by Debian (sqlite3), Fedora (libarchive and netdata), openSUSE (dom4j, dovecot23, gcc9, and memcached), Red Hat (devtoolset-9-gcc, httpd24-httpd and httpd24-mod_md, ipmitool, kernel, kpatch-patch, openvswitch, openvswitch2.11, openvswitch2.13, rh-haproxy18-haproxy, and ruby), and SUSE (freetds, jasper, libxslt, and sysstat).
https://lwn.net/Articles/821441/
FortiClient for Windows Insecure Temporary File vulnerability
https://fortiguard.com/psirt/FG-IR-20-040