End-of-Day report
Timeframe: Mittwoch 12-08-2020 18:00 - Donnerstag 13-08-2020 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
News
Avaddon: The Latest RaaS (Ransomware-as-a-Service) to Jump on the Extortion Bandwagon
As of August 8th, Avaddon ransomware authors launched an extortion site in an effort to further incentivize victims to pay the ransom. Tarik Saleh dissects this ransomware, analyzes victimology, and provides more details on the extortion site.
https://www.domaintools.com/resources/blog/avaddon-the-latest-raas-to-jump-on-the-extortion-bandwagon
MMS Exploit Part 5: Defeating Android ASLR, Getting RCE
Posted by Mateusz Jurczyk, Project Zero. This post is the fifth and final of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices.
https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-5-defeating-aslr-getting-rce.html
To the Brim at the Gates of Mordor Pt. 1, (Wed, Aug 12th)
Search & Analyze Mordor APT29 PCAPs with Brim
https://isc.sans.edu/diary/rss/26456
Color by numbers: inside a Dharma ransomware-as-a-service attack
Dharma, a family of ransomware first spotted in 2016, continues to be a threat to many organizations-especially small and medium-sized businesses. Part of the reason for its longevity is that its variants have become the basis for ransomware-as-a-service (RaaS) operations.
https://news.sophos.com/en-us/2020/08/12/color-by-numbers-inside-a-dharma-ransomware-as-a-service-attack/
Attribution: A Puzzle
The attribution of cyber attacks is hard. It requires collecting diverse intelligence, analyzing it and deciding who is responsible. Rarely does the evidence available to researchers reach a level of proof that would be acceptable in a court of law. Nevertheless, the private sector rises to the challenge to attempt to associate cyber attacks to threat actors using the intelligence available to them.
https://blog.talosintelligence.com/2020/08/attribution-puzzle.html
Kriminelle versuchen durch seriöse Programme Schadsoftware zu verbreiten!
Die meisten Menschen vertrauen bekannten Softwareherstellerinnen und -herstellern, wenn diese eine App, ein Programm oder ein anderes Produkt aktualisieren oder ein neues Produkt auf den Markt bringen. Doch genau dieses Vertrauen nutzen Kriminelle bei sogenannten -Supply-Chain-Angriffen- aus.
https://www.watchlist-internet.at/news/kriminelle-versuchen-durch-serioese-programme-schadsoftware-zu-verbreiten/
Vulnerabilities
Amazon: Sicherheitslücke konnte Alexa-Sprachbefehle verraten
Mit einem präparierten Link konnte eine Sicherheitslücke in Amazons Infrastruktur ausgenutzt und auf fremde Alexa-Daten zugegriffen werden.
https://www.golem.de/news/amazon-sicherheitsluecke-konnte-alexa-sprachbefehle-verraten-2008-150248.html
Cybercriminals Are Infiltrating Netgear Routers with Ancient Attack Methods
It would be heartening to think that cybersecurity has advanced since the 1990s, but some things never change. Vulnerabilities that some of us first saw in 1996 are still with us.
https://www.tripwire.com/state-of-security/featured/cybercriminals-infiltrating-netgear-routers/
Security updates for Wednesday
Security updates have been issued by Debian (dovecot and roundcube), Fedora (python36), Gentoo (chromium), openSUSE (ark, firefox, go1.13, java-11-openjdk, libX11, wireshark, and xen), Red Hat (bind and kernel), SUSE (libreoffice and python36), and Ubuntu (dovecot and software-properties).
https://lwn.net/Articles/828683/
Security updates for Thursday
Security updates have been issued by Debian (linux-4.19, linux-latest-4.19, and openjdk-8) and Fedora (ark and hylafax+).
https://lwn.net/Articles/828744/
Security Advisory - Insufficient Authentication Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200812-01-authentication-en
Security Advisory - Code Execution Vulnerability in Fastjson Affect Several Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200812-01-fastjson-en
Security Bulletin: Db2 vulnerabilities affect IBM Spectrum Protect Server (CVE-2020-4230, CVE-2020-4135, CVE-2020-4204, CVE-2020-4200)
https://www.ibm.com/blogs/psirt/security-bulletin-db2-vulnerabilities-affect-ibm-spectrum-protect-server-cve-2020-4230-cve-2020-4135-cve-2020-4204-cve-2020-4200-2/
Security Bulletin: Security vulnerability has been identified in BigFix Platform shipped with IBM License Metric Tool.
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-has-been-identified-in-bigfix-platform-shipped-with-ibm-license-metric-tool-2/
Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2020-9327)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2020-9327/
Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2020-11655, CVE-2020-11656)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2020-11655-cve-2020-11656/
Security Bulletin: Apache-Log4j (Publicly disclosed vulnerability)
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-publicly-disclosed-vulnerability/
Security Bulletin: Vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server (CVE-2020-2593, CVE-2019-4732)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-the-ibm-spectrum-protect-server-cve-2020-2593-cve-2019-4732/
Security Bulletin: IBM Maximo Asset Management is vulnerable to path traversal (CVE-2019-4582)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-path-traversal-cve-2019-4582/
Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center and Client Management Service (CVE-2019-12406)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-websphere-application-server-liberty-affects-ibm-spectrum-protect-operations-center-and-client-management-service-cve-2019-12406/
Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9.
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-db2-shipped-with-ibm-license-metric-tool-v9/
Security Bulletin: A vulnerability in Faster-XML jackson databind affects IBM Operations Analytics Predictive Insights (CVE-2019-144892, CVE-2019-144893)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-faster-xml-jackson-databind-affects-ibm-operations-analytics-predictive-insights-cve-2019-144892-cve-2019-144893/
Sophos XG Firewall: Schwachstelle ermöglicht Codeausführung
http://www.cert-bund.de/advisoryshort/CB-K20-0823