Tageszusammenfassung - 10.07.2020

End-of-Day report

Timeframe: Donnerstag 09-07-2020 18:00 - Freitag 10-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer

News

tag2domain - a system for labeling DNS domains

Tag2domain - doing proper statistics on domain names In the course of nic.at-s Connecting Europe Facilities (CEF) project CEF-TC-2018-3 we were able to focus on some long overdue but relevant research: a tagging / labeling database of domain names.

https://cert.at/en/blog/2020/7/tag2domain


Conti ransomware shows signs of being a Ryuk successor

The Conti Ransomware is an upcoming threat targeting corporate networks with new features that allow it to perform quicker and more targeted attacks. There are also indications that this ransomware shares the same malware code as Ryuk, who has slowly been fading away, while Contis distribution is increasing.

https://www.bleepingcomputer.com/news/security/conti-ransomware-shows-signs-of-being-a-ryuk-successor/


How to unc0ver a 0-day in 4 hours or less

By Brandon Azad, Project Zero. At 3 PM PDT on May 23, 2020, the unc0ver jailbreak was released for iOS 13.5 (the latest signed version at the time of release) using a zero-day vulnerability and heavy obfuscation. By 7 PM, I had identified the vulnerability and informed Apple. By 1 AM, I had sent Apple a POC and my analysis. This post takes you along that journey.

https://googleprojectzero.blogspot.com/2020/07/how-to-unc0ver-0-day-in-4-hours-or-less.html


Report: Most Popular Home Routers Have -Critical- Flaws

Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates don-t fix.

https://threatpost.com/report-most-popular-home-routers-have-critical-flaws/157346/


Excel spreasheet macro kicks off Formbook infection, (Fri, Jul 10th)

Today's diary covers a Formbook infection from Thursday, June 9th 2020.

https://isc.sans.edu/diary/rss/26332


Fintechs im Visier - Analyse der Evilnum-Malware

Bei der Analyse der Angriffe auf Fintech-Unternehmen fanden ESET Forscher selbstentwickelte Tools und interessante Parallelen zu anderen APT-Gruppen.

https://www.welivesecurity.com/deutsch/2020/07/08/fintechs-im-visier-analyse-der-evilnum-malware/

Vulnerabilities

Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data

The backdoor accounts grant access to a secret Telnet admin account running on the devices external WAN interface.

https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/


VMSA-2020-0017

A privilege escalation vulnerability in VMware Fusion, VMRC for Mac and Horizon Client for Mac was privately reported to VMware. Updates are available to address this vulnerability.

https://www.vmware.com/security/advisories/VMSA-2020-0017.html


Security updates for Friday

Security updates have been issued by Fedora (curl, LibRaw, python-pillow, and python36), Mageia (coturn, samba, and vino), openSUSE (opera), and Ubuntu (openssl).

https://lwn.net/Articles/825850/


Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2020 - Includes Oracle Jan 2020 CPU affect IBM Content Classification

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2020-includes-oracle-jan-2020-cpu-affect-ibm-content-classification/


Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java- Technology Edition for IBM Content Classification

https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-2949-may-affect-ibm-sdk-java-technology-edition-for-ibm-content-classification/