End-of-Day report
Timeframe: Donnerstag 13-08-2020 18:00 - Freitag 14-08-2020 18:00
Handler: Dimitri Robl
Co-Handler: n/a
News
Definition of overkill - using 130 MB executable to hide 24 kB malware, (Fri, Aug 14th)
One of our readers, Lukas, shared an unusual malicious executable with us earlier this week - one that was 130 MB in size. Making executables extremely large is not an uncommon technique among malware authors[1], as it allows them to easily avoid detection by most AV solutions, since the size of files which AVs will check is usually fairly low (tens of megabytes at most).
https://isc.sans.edu/diary/rss/26464
XCSSET: Mac-Malware infiziert Xcode-Projekte
Der Schädling setzt auf 0-day-Exploits, um Nutzerdaten zu klauen. Manipulierte Xcode-Projekte finden über Github Verbreitung, warnt eine Sicherheitsfirma.
https://heise.de/-4870987
Chrome extensions that lie about their permissions
Users have learned to review the list of permissions Chrome extensions require before installing them from the webstore. But whats the use if they lie to you?
https://blog.malwarebytes.com/puppum/2020/08/chrome-extensions-that-lie-about-their-permissions/
Vorsicht vor Handwerks-Notdiensten mit der Telefonnummer 06608643901!
Bei einem Wasserrohrbruch, einem Gasgebrechen oder bei einem Stromausfall, muss meist schnell eine Expertin oder ein Experte her. Für die Überprüfung eines Installations- oder Elektrik-Notdienstes bleibt da oft keine Zeit mehr. Das nützen unseriöse Unternehmen aus: Sie bieten online einen Notdienst an, kommen auch tatsächlich, aber stellen im Nachhinein viel zu überhöhte Kosten in Rechnung.
https://www.watchlist-internet.at/news/vorsicht-vor-handwerks-notdiensten-mit-der-telefonnummer-06608643901/
Mekotio: These aren-t the security updates you-re looking for-
Another in our occasional series demystifying Latin American banking trojans The post Mekotio: These aren-t the security updates you-re looking for- appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/13/mekotio-these-arent-the-security-updates-youre-looking-for/
Vulnerabilities
Sicherheitslücke: Microsofts Multi-Faktor-Authentifizierung umgangen
Eigentlich sollten Microsofts Onlinedienste mit Fido-Stick und PIN geschützt sein - doch zwei Entwickler konnten die PIN-Abfrage umgehen.
https://www.golem.de/news/sicherheitsluecke-microsofts-multi-faktor-authentifizierung-umgangen-2008-150275.html
Critical Vulnerabilities Patched in Quiz and Survey Master Plugin
On July 17, 2020, our Threat Intelligence team discovered two vulnerabilities in Quiz and Survey Master (QSM), a WordPress plugin installed on over 30,000 sites. These flaws made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution, as well as delete arbitrary files like a site-s wp-config.php file [...]
https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime may affect Tivoli Netcool Performance Manager for Wireless,Oracle January 2020 CPU
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-may-affect-tivoli-netcool-performance-manager-for-wirelessoracle-january-2020-cpu/
Security Bulletin: jackson-databind (Publicly disclosed vulnerability) found in Network Performance Insight (CVE-2020-8840)
https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-publicly-disclosed-vulnerability-found-in-network-performance-insight-cve-2020-8840/
Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by a International Components for Unicode (ICU) for C/C++ vulnerability (CVE-2020-10531)
https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insight-cloud-native-event-analytics-is-affected-by-a-international-components-for-unicode-icu-for-c-c-vulnerability-cve-2020-10531/
Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio July 2020 CPU plus deferred CVE-2019-2590 and CVE-2020-2601
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-service-registry-and-repository-and-websphere-service-registry-and-repository-studio-july-2020-cpu-plus-deferred-cve/
Security Bulletin: A vulnerability exists in the Event Streams 10.0.0 schema registry that allows unauthorised access to create, edit and delete schemas (CVE-2020-4662)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in-the-event-streams-10-0-0-schema-registry-that-allows-unauthorised-access-to-create-edit-and-delete-schemas-cve-2020-4662/
Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4589)
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4589-2/
Apache Struts: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-0824
PostgreSQL: Mehrere Schwachstellen ermöglichen Privilegieneskalation
http://www.cert-bund.de/advisoryshort/CB-K20-0825