End-of-Day report
Timeframe: Montag 10-08-2020 18:00 - Dienstag 11-08-2020 18:00
Handler: Dimitri Robl
Co-Handler: n/a
News
Upgraded Agent Tesla malware steals passwords from browsers, VPNs
New variants of Agent Tesla remote access Trojan now come with modules dedicated to stealing credentials from applications including popular web browsers, VPN software, as well as FTP and email clients.
https://www.bleepingcomputer.com/news/security/upgraded-agent-tesla-malware-steals-passwords-from-browsers-vpns/
SBA phishing scams: from malware to advanced social engineering
SBA loan scams continue to make the rounds targeting small business owners, CEOS, and CFOs.
https://blog.malwarebytes.com/scams/2020/08/sba-phishing-scams-from-malware-to-advanced-social-engineering/
Script-Based Malware: A New Attacker Trend on Internet Explorer
Script-based malware can be appealing for attackers who want the ability to quickly and easily develop new variants to evade detection.
https://unit42.paloaltonetworks.com/script-based-malware/
Vulnerabilities
Security Bulletins Posted
Adobe has published security bulletins for Adobe Acrobat and Reader (APSB20-48) and Adobe Lightroom (APSB20-51). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided -AS IS- with no warranties and confers no rights.
https://blogs.adobe.com/psirt/?p=1908
vBulletin fixes ridiculously easy to exploit zero-day RCE bug
A simple one-line exploit has been published for a zero-day pre-authentication remote code execution (RCE) vulnerability in the vBulletin forum software.
https://www.bleepingcomputer.com/news/security/vbulletin-fixes-ridiculously-easy-to-exploit-zero-day-rce-bug/
Kritische Updates für Citrix Endpoint Management
Insgesamt 5 Lücken schließt Citrix; wer eine eigene Installation betreibt, sollte schnell patchen.
https://heise.de/-4867952
Security updates for Monday
Security updates have been issued by Debian (pillow, ruby-kramdown, wpa, and xrdp), Fedora (ark and rpki-client), Gentoo (apache, ark, global, gthumb, and iproute2), openSUSE (chromium, grub2, java-11-openjdk, libX11, and opera), Red Hat (bind, chromium-browser, java-1.7.1-ibm, java-1.8.0-ibm, and libvncserver), SUSE (LibVNCServer, perl-XML-Twig, thunderbird, and xen), and Ubuntu (samba).
https://lwn.net/Articles/828476/
iCloud for Windows 11.3
https://support.apple.com/kb/HT211294
iCloud for Windows 7.20
https://support.apple.com/kb/HT211295
SSA-809841: Buffer Overflow Vulnerability in Third-Party Component pppd
https://cert-portal.siemens.com/productcert/txt/ssa-809841.txt
SSA-786743: Code Injection Vulnerability in Advanced Reporting for Desigo CC and
https://cert-portal.siemens.com/productcert/txt/ssa-786743.txt
SSA-712518: Information Disclosure Vulnerability (Kr00k) in Industrial Wi-Fi
https://cert-portal.siemens.com/productcert/txt/ssa-712518.txt
SSA-388646: Local Privilege Escalation in Automation License Manager
https://cert-portal.siemens.com/productcert/txt/ssa-388646.txt
SSA-370042: Cross-Site-Scripting (XSS) in SICAM A8000 RTUs
https://cert-portal.siemens.com/productcert/txt/ssa-370042.txt
Security Bulletin: IBM Event Streams is affected by multiple Java vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-multiple-java-vulnerabilities/
Security Bulletin: IBM Event Streams affected by multiple vulnerabilities in OpenSSL package
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-affected-by-multiple-vulnerabilities-in-openssl-package/
Security Bulletin: Publicly disclosed vulnerabilities from Bind affect IBM Netezza Host Management
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-bind-affect-ibm-netezza-host-management/
Security Bulletin: IBM Event Streams is affected by multiple Node.js vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-multiple-node-js-vulnerabilities-3/
Security Bulletin: JQuery as used by IBM QRadar Network Packet Capture is vulnerable to Cross Site Scripting (XSS) (CVE-2020-11023, CVE-2020-11022)
https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-by-ibm-qradar-network-packet-capture-is-vulnerable-to-cross-site-scripting-xss-cve-2020-11023-cve-2020-11022/
Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-3/
Security Bulletin: IBM Event Streams is affected by a vulnerability in Apache Commons Compress (CVE-2019-12402)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-a-vulnerability-in-apache-commons-compress-cve-2019-12402/
Security Bulletin: IBM Event Streams is affected by a Java vulnerability (CVE-2020-2654)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-a-java-vulnerability-cve-2020-2654/
Security Bulletin: Information disclosure in WebSphere Liberty (CVE-2020-4329)
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-liberty-cve-2020-4329/
Security Bulletin: Publicly disclosed vulnerability from Libreswan affects IBM Netezza Host Management
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-libreswan-affects-ibm-netezza-host-management/
SAP Patchday August 2020
http://www.cert-bund.de/advisoryshort/CB-K20-0800