End-of-Day report
Timeframe: Freitag 12-06-2020 18:00 - Montag 15-06-2020 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Mirai Botnet Activity, (Sat, Jun 13th)
This past week, I noticed new activity from the Mirai botnet in my honeypot. The sample log with the IP and file associated with the first log appears to have been taken down (96.30.193.26) which appeared multiple times this week including today. However, the last two logs from today are still active which is using a Bash script to download multiple exploits targeting various device types (MIPS, ARM4-7, MPSL, x86, PPC, M68k). Something else of interest is the User-Agent: XTC and the name viktor [...]
https://isc.sans.edu/diary/rss/26234
What is the Gibberish Hack?
Discovering some random folder with numbers and letters you don-t remember on your website would make any website owner put on their detective cap. At first, you may think, -Did I leave my FTP client open and my cat ran across the keyboard?- But when you open the folder, you find a series of HTML files, each named with some kind of nonsensical phrases like -cheap-cool-hairstyles-photos.html.- If you open one of these files on the browser, you-ll likely be [...]
https://blog.sucuri.net/2020/06/gibberish-hack.html
Vulnerabilities
D-Link patcht älteren WLAN-Router DIR-865L - aber nur ein bisschen
Ein wichtiges Sicherheitsupdate für den WLAN-Router DIR865L schließt mehrere Sicherheitslücken. Eine kritische Schwachstelle bleibt aber offen.
https://heise.de/-4783566
Security updates for Monday
Security updates have been issued by Debian (intel-microcode, libexif, mysql-connector-java, and thunderbird), Fedora (gnutls, grafana, kernel, kernel-headers, mingw-gnutls, mod_auth_openidc, NetworkManager, and pdns-recursor), Gentoo (adobe-flash, ansible, chromium, firefox, glibc, mailutils, nokogiri, readline, ssvnc, and webkit-gtk), Mageia (axel, bind, dbus, flash-player-plugin, libreoffice, networkmanager, and roundcubemail), openSUSE (java-1_8_0-openjdk, kernel, nodejs8, rubygem-bundler, [...]
https://lwn.net/Articles/823107/
Security Bulletin: Vulnerability in Apache Tomcat affects IBM Spectrum Protect Plus (CVE-2020-1938)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-tomcat-affects-ibm-spectrum-protect-plus-cve-2020-1938/
Security Bulletin: IBM Spectrum Protect Plus vulnerable to Logjam (CVE-2015-4000)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-plus-vulnerable-to-logjam-cve-2015-4000/
Security Bulletin: Multiple Java vulnerabilities affect IBM Spectrum Protect Plus
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-java-vulnerabilities-affect-ibm-spectrum-protect-plus/
Security Bulletin: Vulnerability in MongoDB affects IBM Spectrum Protect Plus (CVE-2019-2389)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-mongodb-affects-ibm-spectrum-protect-plus-cve-2019-2389/
Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4469, CVE-2020-4471, CVE-2020-4470)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-spectrum-protect-plus-cve-2020-4469-cve-2020-4471-cve-2020-4470/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-infosphere-information-server/
Security Bulletin: Vulnerability in Go programming language affects IBM Spectrum Protect Server (CVE-2019-16276)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-go-programming-language-affects-ibm-spectrum-protect-server-cve-2019-16276/
Security Bulletin: Db2 vulnerabilities affect IBM Spectrum Protect Server (CVE-2020-4230, CVE-2020-4135, CVE-2020-4204, CVE-2020-4200)
https://www.ibm.com/blogs/psirt/security-bulletin-db2-vulnerabilities-affect-ibm-spectrum-protect-server-cve-2020-4230-cve-2020-4135-cve-2020-4204-cve-2020-4200/
Security Bulletin: Vulnerability in IBM Java Runtime affects the IBM Spectrum Protect Server (CVE-2019-2989)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-the-ibm-spectrum-protect-server-cve-2019-2989/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2019-4732, CVE-2019-2989, CVE-2019-2964)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-operations-center-and-client-management-service-cve-2019-4732-cve-2019-2989-cve-2019-2964/
Security Bulletin: Denial of Service vulnerability in Linux Kernel affects IBM Spectrum Protect Plus (CVE-2020-12114)
https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnerability-in-linux-kernel-affects-ibm-spectrum-protect-plus-cve-2020-12114/