End-of-Day report
Timeframe: Dienstag 14-07-2020 18:00 - Mittwoch 15-07-2020 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Windows Server: Sigred ist eine wurmartige kritische Lücke in Windows DNS
Der Bug betrifft alle Maschinen mit Windows Server 2003 bis 2019. Microsoft rät zum Patch, da sich Malware darüber selbst ausbreiten kann.
https://www.golem.de/news/windows-server-sigred-ist-eine-wurmartige-kritische-luecke-in-windows-dns-2007-149655-rss.html
Spamdexing (SEO spam malware)
Introduction: About SEO spam - is my website a target? You-ve spent time and energy in positioning your website high in search engine rankings through good SEO practices. You realize, however, that someone has hijacked your site by inserting their own spam. You are a victim of SEO spam, otherwise known as spamdexing, web spam, [...]
https://resources.infosecinstitute.com/spamdexing-seo-spam-malware/
Word docs with macros for IcedID (Bokbot), (Wed, Jul 15th)
Today's diary reviews Microsoft Word documents with macros to infect vulnerable Windows hosts with IcedID malware (also known as Bokbot) on Tuesday 2020-07-14. This campaign has previously pushed Valak or Ursnif, often with IcedID as the follow-up malware to these previous infections.
https://isc.sans.edu/diary/rss/26352
Simple DGA Spotted in a Malicious PowerShell
DGA (-Domain Generation Algorithm-) is a technique implemented in some malware families to defeat defenders and to make the generation of IOC-s (and their usage - example to implement black lists) more difficult. When a piece of malware has to contact a C2 server, it uses domain names or IP [...]
https://blog.rootshell.be/2020/07/14/simple-dga-spotted-in-a-malicious-powershell/
Website misconfigurations and other errors to avoid
Website misconfigurations can lead to hacking, malfunction, and worse. We take a look at recent mishaps and advise site owners on how to lock down their platforms.
https://blog.malwarebytes.com/how-tos-2/2020/07/website-misconfigurations-and-other-errors-to-avoid/
Diese Betrugsmaschen sollten GamerInnen kennen (Teil 1)
Ob Phishing-Versuche oder Fake-Shops: Die Betrugsmaschen im Gaming-Bereich unterscheiden sich teilweise kaum von anderen Betrügereien im Internet. Wir sammeln die häufigsten Betrugsmaschen und erklären, wie Sie diese erkennen und dagegen vorgehen können. Im ersten Teil zeigen wir Ihnen die betrügerischen Tricks rund um Phishing und Accountdiebstahl.
https://www.watchlist-internet.at/news/diese-betrugsmaschen-sollten-gamerinnen-kennen-teil-1/
Vulnerabilities
Microsoft July 2020 Patch Tuesday - Patch Now!, (Tue, Jul 14th)
This month we got patches for 123 vulnerabilities. Of these, 17 are critical and 2 were previously disclosed.
https://isc.sans.edu/diary/rss/26350
Security updates for Wednesday
Security updates have been issued by CentOS (dbus), Debian (python3.5), Fedora (podofo and roundcubemail), Oracle (dbus, dovecot, jbig2dec, kernel, nodejs:10, nodejs:12, sane-backends, and thunderbird), Red Hat (.NET Core and kernel), SUSE (ansible, ansible1, ardana-ansible, ardana-cluster, ardana-freezer, ardana-input-model, ardana-logging, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, [...]
https://lwn.net/Articles/826181/
Security Advisory - Two Vulnerabilities in SaltStack Salt
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200715-01-salt-en
Security Advisory - Apache Tomcat File Inclusion Vulnerability
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200715-01-tomact-en
Security Bulletin: IBM has released a Unified Extensible Firmware Interface (UEFI) fix in response to an Intel escalation of information disclosure vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-released-a-unified-extensible-firmware-interface-uefi-fix-in-response-to-an-intel-escalation-of-information-disclosure-vulnerability/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Apr 2020 CPU
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-apr-2020-cpu/
Security Bulletin: Vulnerabilities in Java affect the IBM FlashSystem 900 (CVE-2019-2989 and CVE-2019-2964)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-affect-the-ibm-flashsystem-900-cve-2019-2989-and-cve-2019-2964-2/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Apr 2020 CPU (CVE-2020-2805, CVE-2020-2803, CVE-2020-2757, CVE-2020-2756)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-application-manager-apr-2020-cpu-cve-2020-2805-cve-2020-2803-cve-2020-2757-cve-2020-2756/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM eDiscovery Analyzer
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-ediscovery-analyzer-3/
Apache Tomcat: Mehrere Schwachstellen ermöglichen Denial of Service
http://www.cert-bund.de/advisoryshort/CB-K20-0717