Tageszusammenfassung - 21.08.2020

End-of-Day report

Timeframe: Donnerstag 20-08-2020 18:00 - Freitag 21-08-2020 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer

News

Malware can no longer disable Microsoft Defender via the Registry

Microsoft has removed the ability to disable Microsoft Defender and third-party security software via the Registry to prevent malware from tampering with protection settings.

 

https://www.bleepingcomputer.com/news/microsoft/malware-can-no-longer-disable-microsoft-defender-via-the-registry/

Emotet Malware Over the Years: The History of an Active Cyber-Threat

Malware strains come and go while Internet users become more and more accustomed to online threats being dealt with swiftly by the competent authorities. But what happens when a Trojan constantly eludes everyone-s best efforts to stop it in its tracks?

 

https://heimdalsecurity.com/blog/emotet-malware-history/

From SSRF to Compromise: Case Study

SSRF is a neat bug because it jumps trust boundaries. You go from being the user of a web application to someone on the inside, someone who can reach out and touch things on behalf of the vulnerable server. Exploiting SSRF beyond a proof-of-concept callback is often tricky because the impact is largely dependent on the environment you-re making that internal request in.

 

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/from-ssrf-to-compromise-case-study/

MISP 2.4.130 released (Various fixes, performance improvements and new features)

MISP 2.4.130 releasedA new version of MISP (2.4.130) has been released with performance improvements, multiple bugs fixed and new features.

 

https://www.misp-project.org/2020/08/21/MISP.2.4.130.released.html

Aggressive DDoS-Erpresser von Fancy Bear sind wieder aktiv

Vor erneuten DDoS-Erpressungen im Namen von Fancy Bear, die von großvolumigen DDoS-Attacken begleitet werden, hat jetzt das Link11 Security Operation Center gewarnt. Laut des IT-Sicherheitsanbieters Link11 zählen zu den angegriffenen Unternehmen auch KRITIS-Betreiber.

 

https://www.zdnet.de/88382211/aggressive-ddos-erpresser-von-fancy-bear-sind-wieder-aktiv/

Vulnerabilities

BIND Security Advisories

CVE-2020-8620: A specially crafted large TCP payload can trigger an assertion failure in tcpdns.c

CVE-2020-8621: Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c

CVE-2020-8622: A truncated TSIG response can lead to an assertion failure

CVE-2020-8623: A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c

CVE-2020-8624: update-policy rules of type "subdomain" are enforced incorrectly

 

https://kb.isc.org/docs/cve-2020-8620

https://kb.isc.org/docs/cve-2020-8621

https://kb.isc.org/docs/cve-2020-8622

https://kb.isc.org/docs/cve-2020-8623

https://kb.isc.org/docs/cve-2020-8624

Sicherheitsupdates: Wieder eine "vergessene" Hintertür in Cisco-Produkten

Angreifer könnten unter anderem Cisco vWAAS, Smart Software Manager und Video Surveillance 8000 Series attackieren.

 

https://heise.de/-4875646

Security updates for Friday

Security updates have been issued by Debian (ghostscript), Fedora (curl and mod_http2), Mageia (ngircd), openSUSE (kernel), SUSE (libreoffice), and Ubuntu (curl).

 

https://lwn.net/Articles/829280/

CERT/CC Warns of Vulnerabilities in Diebold Nixdorf, NCR ATMs

The CERT Coordination Center (CERT/CC) at Carnegie Mellon University has published alerts on several vulnerabilities that impact Diebold Nixdorf ProCash and NCR SelfServ automated teller machines (ATMs).

 

https://www.securityweek.com/certcc-warns-vulnerabilities-diebold-nixdorf-ncr-atms

Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Control (CVE-2020-4329)

 

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-websphere-application-server-liberty-affects-ibm-spectrum-control-cve-2020-4329/

Security Bulletin: Golang Vulnerabilities in IBM Cloud CLI 1.1.0 or earlier

 

https://www.ibm.com/blogs/psirt/security-bulletin-golang-vulnerabilities-in-ibm-cloud-cli-1-1-0-or-earlier/

Security Bulletin: IBM MQ for HPE NonStop Server is affected by vulnerability CVE-2020-4465

 

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4465/

Security Bulletin: Information disclosure vulnerability in WebSphere Application Server Liberty

 

https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-liberty/

Security Bulletin: Vulnerabilities in Node.js affect IBM Spectrum Control (CVE-2020-8172, CVE-2020-8174, CVE-2020-11080)

 

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-control-cve-2020-8172-cve-2020-8174-cve-2020-11080/

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure and denial of service (CVE-2020-4414)

 

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-and-denial-of-service-cve-2020-4414-2/

Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Spectrum Control (CVE-2020-2654, CVE-2020-2781, CVE-2020-2800)

 

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-sdk-affect-ibm-spectrum-control-cve-2020-2654-cve-2020-2781-cve-2020-2800/

Security Bulletin: IBM MQ for HPE NonStop Server is affected by vulnerability CVE-2020-4375

 

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4375/

Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4589)

 

https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4589-3/

August 20, 2020 TNS-2020-06 [R1] Nessus 8.11.1 Fixes One Vulnerability

 

http://www.tenable.com/security/tns-2020-06