Tageszusammenfassung - 18.08.2020
End-of-Day report
Timeframe: Montag 17-08-2020 18:00 - Dienstag 18-08-2020 18:00 Handler: Robert Waldner Co-Handler: n/aNews
Cryptojacking worm steals AWS credentials from Docker systems
According to researchers at Cado Security this is the first-ever worm that comes with AWS credential theft functionality on top of run-of-the-mill cryptomining modules. This botnet uses already infected servers to execute an open-source masscan IP port scanner instance that scans for exposed Docker APIs (and Kubernetes systems as later discovered), installing itself in new containers on any misconfigured servers it finds.E-Mail: Gefährliche Mailto-Links können Daten stehlen
Dieses Feature für Dateianhänge ist nicht Teil der Standardspezifikation für Mailto-Links. Es handelt sich um eine inoffizielle Erweiterung, die von einigen Mailprogrammen genutzt wird. Laut der Veröffentlichung wird das Feature in Kmail und Evolution unterstützt, die Standardmailprogramme der Linux-Desktopumgebungen KDE und Gnome. Auch IBM Notes unterstützen das Feature. Thunderbird ist zwar selbst nicht betroffen, kann aber verwundbar sein, wenn die Verarbeitung der Mailto-Links über das Tool xdg-open erfolgt.Pre-announcement of five BIND security issues scheduled for disclosure 20 August 2020
We therefore are writing to inform you that the August BIND maintenance releases that will be released on Thursday, 20 August, contain patches for five separate vulnerabilities. Further details about the vulnerabilities will be publicly disclosed at the time the releases are published on Thursday.https://lists.isc.org/pipermail/bind-announce/2020-August/001161.html
Online- Anlagen- und Investitionsbetrug floriert
Laufend treten von Investitionsbetrug betroffene Konsumentinnen und Konsumenten an die Watchlist Internet heran. Die Methoden der Kriminellen sind dabei fast immer die gleichen. Erfundene Werbeschaltungen, hohe Gewinnversprechen und persönliche Betreuung verleiten die Opfer zu großen Investitionen. Im Endergebnis führt dies zu mitunter existenzbedrohenden Schadenssummen.https://www.watchlist-internet.at/news/online-anlagen-und-investitionsbetrug-floriert/
Vulnerabilities
Rocket.Chat Cross-Site Scripting leading to Remote Code Execution CVE-2020-15926
A malicious user can send a specially crafted message either to a channel or in a direct message to another user which will result in executing JavaScript in the victim's browser or inside the desktop client when the victim will use the 'Reply in Thread' functionality. In the case of desktop clients cross-site scripting (XSS) vulnerability leads to a remote code execution (RCE)https://blog.redteam.pl/2020/08/rocket-chat-xss-rce-cve-2020-15926.html
Security updates for Tuesday
Security updates have been issued by Debian (sane-backends), Fedora (kernel, LibRaw, and wob), openSUSE (balsa, hylafax+, postgresql, postgresql96, postgresql10, postgresql12, and postgresql96, postgresql10 and postgresql12), Oracle (.NET Core 3.1), Red Hat (bash and bind), SUSE (dovecot23, firefox, fwupd, postgresql10, postgresql12, python-azure-agent, and zabbix), and Ubuntu (ark, gnome-shell, libonig, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon, linux-gke-5.0, linux-oem-osp1 and software-properties).https://lwn.net/Articles/829030/
Vulnerability Allowing Full Server Takeover Found in Concrete5 CMS
The issue was identified in Concrete5 version 8.5.2, which essentially allowed an attacker to modify site configuration and upload a PHP file onto the server, thus gaining arbitrary command execution capabilities.https://www.securityweek.com/vulnerability-allowing-full-server-takeover-found-concrete5-cms
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update
Multiple vulnerabilities have been discovered in Citrix ADC-(formerly known as NetScaler ADC), Citrix Gateway-(formerly known as NetScaler Gateway)-and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities,-if exploited,-could result in-a number of-security issues-https://support.citrix.com/article/CTX276688