Tageszusammenfassung - 02.07.2020

End-of-Day report

Timeframe: Mittwoch 01-07-2020 18:00 - Donnerstag 02-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer

News

TrickBot malware now checks screen resolution to evade analysis

The infamous TrickBot trojan has started to check the screen resolutions of victims to detect whether the malware is running in a virtual machine.

https://www.bleepingcomputer.com/news/security/trickbot-malware-now-checks-screen-resolution-to-evade-analysis/

GoldenSpy backdoor installed by tax software gets remotely removed

As soon as security researchers uncovered the activity of GoldenSpy backdoor, the actor behind it fell back and delivered an uninstall tool to remove all traces of the malware.

https://www.bleepingcomputer.com/news/security/goldenspy-backdoor-installed-by-tax-software-gets-remotely-removed/

FakeSpy Android Malware Spread Via -Postal-Service- Apps

New -smishing- campaigns from the Roaming Mantis threat group infect Android users with the FakeSpy infostealer.

https://threatpost.com/fakespy-android-malware-spread-via-postal-service-apps/157102/

Setting up the Dshield honeypot and tcp-honeypot.py, (Wed, Jul 1st)

After Johannes did his Tech Tuesday presentation last week on setting up Dshield honeypots, I thought I'd walk you through how I setup my honeypots.

https://isc.sans.edu/diary/rss/26302

PhishINvite with Malicious ICS Files

Employing a popular type of file as an attachment to malicious emails is a common trick by cybercriminals to boost the success rate of their cyber-attacks. As iCalendars files are not included in the list of automatically blocked attachments by email clients like Outlook, the possibility of the maliciously crafted iCalendar falling to the targets- mailbox is increased.

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishinvite-with-malicious-ics-files/

Vulnerabilities

Security updates for Thursday

Security updates have been issued by Debian (chromium and firefox-esr), Fedora (chromium and ntp), SUSE (ntp and unbound), and Ubuntu (libvncserver).

https://lwn.net/Articles/825070/

Cisco AnyConnect Secure Mobility Client for Mac OS File Corruption Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-dos-36s2y3Lv

Cisco Small Business Smart and Managed Switches Session Management Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbswitch-session-JZAS5jnY

Cisco Small Business RV042 and RV042G Routers Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlt-ise-strd-xss-nqFhTtx7

Cisco Digital Network Architecture Center Information Disclosure Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-info-disc-6xsCyDYy

Cisco Unified Customer Voice Portal Information Disclosure Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvp-info-dislosure-NZBEwj9V

Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq

Cisco Unified Communications Products Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-cuc-imp-xss-OWuSYAp

Cisco Small Business Smart and Managed Switches Session Management Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbswitch-session-JZAS5jnY

Security Bulletin: A vulnerability in IBM Java Runtime affects Rational Asset Analyzer

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-rational-asset-analyzer/

Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability

https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-affected-by-a-websphere-application-server-vulnerability-4/

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Asset Analyzer

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-asset-analyzer-2/

Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability

https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-affected-by-a-websphere-application-server-vulnerability-3/

Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability

https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-affected-by-a-websphere-application-server-vulnerability-2/

Security Bulletin: Asset Analyzer (RAA) is affected by two WebSphere Application Server vulnerabilities.

https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-affected-by-two-websphere-application-server-vulnerabilities/

Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Netcool Impact (CVE-2020-2654)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-tivoli-netcool-impact-cve-2020-2654/

Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability

https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-raa-is-affected-by-a-websphere-application-server-vulnerability-3/

Security Bulletin: A vulnerability in IBM Java Runtime affect Rational Asset Analyzer.

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-rational-asset-analyzer/