End-of-Day report
Timeframe: Mittwoch 29-07-2020 18:00 - Donnerstag 30-07-2020 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
News
TrickBots new Linux malware covertly infects Windows devices
TrickBots Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels.
https://www.bleepingcomputer.com/news/security/trickbots-new-linux-malware-covertly-infects-windows-devices/
Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019
Posted by Maddie Stone, Project Zero. This blog post synthesizes many of our efforts and what we-ve seen over the last year. We provide a review of what we can learn from 0-day exploits detected as used in the wild in 2019.
https://googleprojectzero.blogspot.com/2020/07/detection-deficit-year-in-review-of-0.html
Security controls for ICS/SCADA environments
Supervisory control and data acquisition systems (SCADA) are a subset of ICS. These systems are unique in comparison to traditional IT systems. This makes using standard security controls written with traditional systems in mind somewhat tricky.
https://resources.infosecinstitute.com/security-controls-for-ics-scada-environments/
ESET Threat Report Q2 2020
A view of the Q2 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts.
https://www.welivesecurity.com/2020/07/29/eset-threat-report-q22020/
Researchers exploit HTTP/2, WPA3 protocols to stage highly efficient -timeless timing- attacks
Presented at this year-s Usenix conference, the technique, named -Timeless Timing Attacks-, exploits the way network protocols handle concurrent requests to solve one of the endemic challenges of remote timing side-channel attacks.
https://portswigger.net/daily-swig/researchers-exploit-http-2-wpa3-protocols-to-stage-highly-efficient-timeless-timing-attacks
Effective Threat Intelligence Through Vulnerability Analysis
The vulnerability ecosystem has matured considerably in the last few years. A significant amount of effort has been invested to capture, curate, taxonomize and communicate the vulnerabilities in terms of severity, impact and complexity of the associated exploit or attack.
https://www.tripwire.com/state-of-security/vulnerability-management/effective-threat-intelligence-vulnerability-analysis-enisa/
Vulnerabilities
Grub 2: Boothole ermöglicht Umgehung von Secure Boot
Der Fehler in dem Bootloader Grub ermöglicht damit ein dauerhaftes Bootkit. Ein komplettes Update wird aber schwierig und dauert. (grub, Linux)
https://www.golem.de/news/grub-2-boothole-ermoeglicht-umgehung-von-secure-boot-2007-149959-rss.html
CVE-2020-9934: Bypassing TCC for Unauthorized Access
In this guest blog post, security researcher Matt Shockley describes a lovely security vulnerability he uncovered in macOS.
https://objective-see.com/blog/blog_0x4C.html
Sicherheitsupdates: Gefährliche Lücken in Cisco SD-WAN und Data Center
Angreifer könnten durch Schwachstellen in Cisco-Software ganze Netzwerke übernehmen.
https://heise.de/-4858759
Security Bulletin: Multiple vulnerabilities in IBM® Java- SDK and IBM® Java- Runtime that affect IBM® Intelligent Operations Center products (October 2019)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-that-affect-ibm-intelligent-operations-center-products-october-2019/
Security Bulletin: Security Vulnerabilities in OpenSSL affect IBM Netezza Analytics
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-openssl-affect-ibm-netezza-analytics/
Security Bulletin: IBM Security Guardium is affected by an Information exposure in HTML comments vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-information-exposure-in-html-comments-vulnerability/
Security Bulletin: Multiple vulnerabilities in IBM® Java- SDK and IBM® Java- Runtime that affect IBM® Intelligent Operations Center products (Apr 2020)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-that-affect-ibm-intelligent-operations-center-products-apr-2020/
Security Bulletin: IBM Security Guardium is affected by a Use of Broken or Risky Cryptographic Algorithm vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-use-of-broken-or-risky-cryptographic-algorithm-vulnerability/
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2020, Apr 2020
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2020-apr-2020/
Security Bulletin: Vulnerability in Open Source logback used in IBM Cloud Pak System
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-open-source-logback-used-in-ibm-cloud-pak-system/
Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM App Connect Enterprise V11
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-v11/
Security Bulletin: Multiple vulnerabilities in IBM® Java- SDK and IBM® Java- Runtime that affect IBM® Intelligent Operations Center products (CVE-2020-2654)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-that-affect-ibm-intelligent-operations-center-products-cve-2020-2654/
Security Vulnerabilities fixed in Thunderbird 68.11
https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/
Dell OpenManage Server Administrator: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
http://www.cert-bund.de/advisoryshort/CB-K20-0770
Drupal: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-0768