End-of-Day report
Timeframe: Freitag 19-06-2020 18:00 - Montag 22-06-2020 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Top 8 tips for office security when employees are working from home
Who-s minding the store? Cybersecurity has become even more high profile during the current COVID-19 pandemic. A recent warning from the UK National Cyber Security Centre and the US Department of Homeland Security talks of state-backed hackers targeting healthcare organizations. Many other examples of pandemic-focused cyberattacks have popped up since the coronavirus appeared.
https://resources.infosecinstitute.com/top-8-tips-for-office-security-when-employees-are-working-from-home/
Web skimming with Google Analytics
Recently, we identified several cases where Google Analytics was misused: attackers injected malicious code into sites, which collected all the data entered by users, and then sent it via Analytics.
https://securelist.com/web-skimming-with-google-analytics/97414/
Pi Zero HoneyPot , (Sat, Jun 20th)
The ISC has had a Pi honeypot(1) for the last couple of years, but I haven't had much time to try it on the Pi zero. Recently, I've had a chance to try it out, and it works great.
https://isc.sans.edu/diary/rss/26260
Hijacking DLLs in Windows
DLL Hijacking is a popular technique for executing malicious payloads. This post lists nearly 300 executables vulnerable to relative path DLL Hijacking on Windows 10 (1909), and shows how with a few lines of VBScript some of the DLL hijacks can be executed with elevated privileges, bypassing UAC.
https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows
Turn on MFA Before Crooks Do It For You
Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who dont take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Heres the story of one such incident.
https://krebsonsecurity.com/2020/06/turn-on-mfa-before-crooks-do-it-for-you/
Achtung vor gefährlicher "BawagPSK" Phishing-SMS
BetrügerInnen senden derzeit eine SMS-Nachricht im Namen der BAWAG P.S.K. aus. Als Absender wird keine Telefonnummer, sondern -BawagPSK- angegeben. Laut der Nachricht müssen Sie einem Link folgen, um eine Anfrage zu Ihrem mobilen Banking zu bestätigen. Folgen Sie dem Link nicht! Er führt auf eine gefälschte Website und eingegebene Daten landen direkt in den Händen der Kriminellen.
https://www.watchlist-internet.at/news/achtung-vor-gefaehrlicher-bawagpsk-phishing-sms/
Vulnerabilities
Sicherheitsupdate: Firmware-Bug gefährdet XG Firewalls von Sophos
Angreifer könnten über ein Schlupfloch in Sophos XG Firewalls Schadcode in Netzwerken ausführen.
https://heise.de/-4790793
Security updates for Monday
Security updates have been issued by Debian (lynis, mutt, neomutt, ngircd, and rails), Mageia (gnutls), Oracle (thunderbird), Red Hat (chromium-browser, gnutls, grafana, thunderbird, and unbound), Scientific Linux (thunderbird and unbound), and SUSE (bind, java-1_8_0-openjdk, kernel, libgxps, and osc).
https://lwn.net/Articles/824113/
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Elastic Elasticsearch
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-elastic-elasticsearch/
Security Bulletin: OpenSSL for IBM i is affected by CVE-2020-1967
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affected-by-cve-2020-1967/
Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management/
Security Bulletin: Potential vulnerability with FasterXML jackson-databind
https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-fasterxml-jackson-databind/
Security Bulletin: Multiple potential vulnerabilities in Node.js
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-potential-vulnerabilities-in-node-js/
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-java/
Security Bulletin: Apache Commons FileUpload (Publicly disclosed vulnerability) in IBM eDiscovery Manager
https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-fileupload-publicly-disclosed-vulnerability-in-ibm-ediscovery-manager/
Security Bulletin: January 2020 Critical Patch Update for Java
https://www.ibm.com/blogs/psirt/security-bulletin-january-2020-critical-patch-update-for-java/
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-6/
Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-server-security-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform/