Tageszusammenfassung - 17.07.2020

End-of-Day report

Timeframe: Donnerstag 16-07-2020 18:00 - Freitag 17-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter

News

MMS Exploit Part 1: Introduction to the Samsung Qmage Codec and Remote Attack Surface

This post is the first of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. New posts will be published as they are completed and will be linked here when complete.

https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-1-introduction-to-qmage.html


Zoom Addresses Vanity URL Zero-Day

A previously undisclosed bug in Zoom-s customizable URL feature has been addressed that could have offered a hacker a perfect social-engineering avenue for stealing credentials or sensitive information.

https://threatpost.com/zoom-vanity-url-zero-day/157510/


Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors

Fake WordPress plugins appear to be trending as an effective way of establishing a foothold on compromised websites. During a recent investigation, we discovered a fake component which was masquerading as a legitimate plugin. Named SiteSpeed, it contained a lot of interesting malicious capabilities.

https://blog.sucuri.net/2020/07/fake-wordpress-plugin-sitespeed-malware-backdoors.html


capa: Automatically Identify Malware Capabilities

capa is the FLARE team-s newest open-source tool for analyzing malicious programs. Our tool provides a framework for the community to encode, recognize, and share behaviors that we-ve seen in malware. Regardless of your background, when you use capa, you invoke decades of cumulative reverse engineering experience to figure out what a program does. In this post you will learn how capa works, how to install and use the tool, and why you should integrate it into your triage workflow [...]

http://www.fireeye.com/blog/threat-research/2020/07/capa-automatically-identify-malware-capabilities.html


Threat modelling and IoT hubs

IoT hubs are increasingly being used to provide a single point of access to the myriad of smart devices in the home. One ring to rule them all, if rather [...]

https://www.pentestpartners.com/security-blog/threat-modelling-and-iot-hubs/


Diese Betrugsmaschen sollten GamerInnen kennen (Teil 2)

Ob Phishing-Versuche oder Fake-Shops: Die Betrugsmaschen im Gaming-Bereich unterscheiden sich teilweise kaum von anderen Betrügereien im Internet. Wir sammeln die häufigsten Betrugsmaschen und erklären, wie Sie diese erkennen und dagegen vorgehen können. Im zweiten Teil zeigen wir Ihnen Betrugsmaschen rund um Schadsoftware, Fake-Shops und betrügerische Apps.

https://www.watchlist-internet.at/news/diese-betrugsmaschen-sollten-gamerinnen-kennen-teil-2/


Diebold Nixdorf warns of a new class of ATM black box attacks across Europe

New ATM black box (jackpotting) attacks have been spotted in Belgium.

https://www.zdnet.com/article/diebold-nixdorf-warns-of-a-new-class-of-atm-black-box-attacks-across-europe/


Mac cryptocurrency trading application rebranded, bundled with malware

ESET researchers lure GMERA malware operators to remotely control their Mac honeypots

https://www.welivesecurity.com/2020/07/16/mac-cryptocurrency-trading-application-rebranded-bundled-malware/

Vulnerabilities

Security updates for Friday

Security updates have been issued by Fedora (bashtop and python39), openSUSE (openexr), Red Hat (java-1.8.0-openjdk), and Scientific Linux (thunderbird).

https://lwn.net/Articles/826367/


Security Bulletin: Vulnerabilities in Dojo affect IBM Spectrum Protect for Virtual Environments (CVE-2020-5259, CVE-2020-5258)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-dojo-affect-ibm-spectrum-protect-for-virtual-environments-cve-2020-5259-cve-2020-5258/


Security Bulletin: IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments are vulnerabile to Logjam (CVE-2015-4000)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-backup-archive-client-web-user-interface-ibm-spectrum-protect-for-space-management-and-ibm-spectrum-protect-for-virtual-environments-are-vulnerabile-to-logjam/


Security Bulletin: IBM Spectrum Protect Snapshot for VMware is vulnerable to Logjam (CVE-2015-4000)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-snapshot-for-vmware-is-vulnerable-to-logjam-cve-2015-4000/


Security Bulletin: Vulnerabilities in Dojo affect IBM Spectrum Protect Snapshot for VMware (CVE-2020-5259, CVE-2020-5258)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-dojo-affect-ibm-spectrum-protect-snapshot-for-vmware-cve-2020-5259-cve-2020-5258/


Security Bulletin: Multiple vulnerabilities in IBM Java JRE, 8.0-1.1 affect IBM Netezza Platform Software clients.

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-jre-8-0-1-1-affect-ibm-netezza-platform-software-clients/


Security Bulletin: Addressing the Sqlite Vulnerability CVE-2020-11656, CVE-2020-11655

https://www.ibm.com/blogs/psirt/security-bulletin-addressing-the-sqlite-vulnerability-cve-2020-11656-cve-2020-11655-2/


Security Bulletin: IBM Java Runtime Vulnerability affects IBM Spectrum Protect Snapshot for VMware (CVE-2020-2654)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerability-affects-ibm-spectrum-protect-snapshot-for-vmware-cve-2020-2654/


Security Bulletin: IBM WebSphere Application Server Liberty XSS Vulnerabilities Affect IBM Control Center (CVE-2020-4303, CVE-2020-4304)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-xss-vulnerabilities-affect-ibm-control-center-cve-2020-4303-cve-2020-4304/


Security Bulletin: Apache CXF XSS Vulnerability Affects IBM Control Center (CVE-2019-17573)

https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-xss-vulnerability-affects-ibm-control-center-cve-2019-17573/


Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)

https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4464/