End-of-Day report
Timeframe: Mittwoch 26-08-2020 18:00 - Donnerstag 27-08-2020 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
News
Revamped Qbot Trojan Packs New Punch: Hijacks Email Threads
New version of trojan is spreading fast and already has claimed 100,000 victims globally, Check Point has discovered.
https://threatpost.com/revamped-qbot-trojan-packs-new-punch-hijacks-email-threads/
Security.txt - one small file for an admin, one giant help to a security researcher, (Thu, Aug 27th)
The draft standard "A File Format to Aid in Security Vulnerability Disclosure" covers the creation of a file called "security.txt" in the /.well-known/ path on a web server, or in its root, which contains information relevant to the security of the server.
https://isc.sans.edu/diary/rss/26510
Cybercrime: Trickbot droht nun ebenfalls mit Veröffentlichung
Die mit Emotet verbundene Trickbot-Bande setzt eine neue Ransomware ein und betreibt jetzt auch eine eigene Leak-Plattform.
https://heise.de/-4879948
Mysteriöse Popup-Meldungen verunsichern Android-Nutzer
"Test" - das ist der lapidare Inhalt von Push-Nachrichten, die derzeit offenbar in großem Umfang auf Android-Handys auf-poppen.
https://heise.de/-4880604
Microsoft Warns of New Anubis Info-Stealer Distributed in the Wild
Microsoft warned on Thursday that a recently uncovered piece of malware designed to help cybercriminals steal information from infected systems is now actively distributed in the wild.
https://www.securityweek.com/microsoft-warns-new-anubis-info-stealer-distributed-wild
Cetus: Cryptojacking Worm Targeting Docker Daemons
Cetus is a new and improved Docker cryptojacking worm mining for Monero, discovered in a Docker daemon honeypot.
https://unit42.paloaltonetworks.com/cetus-cryptojacking-worm/
Vulnerabilities
Foxit Studio Photo für Windows: Neue Version gegen Schwachstellen abgesichert
Version 3.6.6.928 der Bildbearbeitungssoftware Foxit Studio Photo schließt zwei Schwachstellen, deren Ausnutzung eine Nutzerinteraktion erfordert hätte.
https://heise.de/-4879609
Angreifer könnten F5 BIG-IP Application Security Manager lahmlegen
F5 hat wichtige Sicherheitsupdates für verschiedene BIG-IP Appliances veröffentlicht.
https://heise.de/-4880348
Sicherheitsupdates: Cisco sichert Netzwerksoftware NX-OS gegen DoS-Attacken ab
Aufgrund von mehreren Sicherheitslücken könnten Angreifer verschiedene Switch-Modelle von Cisco attackieren.
https://heise.de/-4880654
Security updates for Thursday
Security updates have been issued by Debian (firefox-esr and nginx), Fedora (firefox, firejail, and lua), Gentoo (chromium, docker, firefox and thunderbird, net-snmp, postgresql, and wireshark), openSUSE (chromium, claws-mail, dovecot23, libreoffice, and python3), Oracle (kernel), Scientific Linux (firefox), SUSE (apache2, graphviz, and libxslt), and Ubuntu (firefox, libmysofa, and squid3).
https://lwn.net/Articles/829690/
Vulnerabilities Expose Popular DVB-T2 Set-Top Boxes to Botnets: Researchers
Avast security researchers have identified vulnerabilities in DVB-T2 devices that could allow attackers to ensnare them in botnets.
https://www.securityweek.com/vulnerabilities-expose-popular-dvb-t2-set-top-boxes-botnets-researchers
Mozilla Thunderbird: Mehrere Schwachstellen
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/08/warnmeldung_tw-t20-0157.html
Security Bulletin: Vulnerability in Netty 4.1.x before 4.1.46 affects IBM Operations Analytics Predictive Insights (CVE-2020-11612)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-netty-4-1-x-before-4-1-46-affects-ibm-operations-analytics-predictive-insights-cve-2020-11612/
Security Bulletin: CVE-2020-2654 in IBM® Runtime Environment Java- affects TXSeries for Multiplatforms
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-in-ibm-runtime-environment-java-affects-txseries-for-multiplatforms/
Security Bulletin: IBM Security Guardium Insights is affected by IBM SDK, Java Technology Edition Quarterly CPU - Apr 2020 vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-ibm-sdk-java-technology-edition-quarterly-cpu-apr-2020-vulnerabilities/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-itcam-for-soa-3/
Security Bulletin: WebSphere Application Server ND is vulnerable to cross-site scripting (CVE-2020-4575)
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-nd-is-vulnerable-to-cross-site-scripting-cve-2020-4575/
Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-multiple-vulnerabilities/
Security Bulletin: Openstack Keystone vulnerabilities affects IBM Spectrum Scale (CVE-2020-12689)
https://www.ibm.com/blogs/psirt/security-bulletin-openstack-keystone-vulnerabilities-affects-ibm-spectrum-scale-cve-2020-12689/
Security Bulletin: A vulnerability in IBM® Java- Runtime Environment affects IBM CICS TX on Cloud
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-environment-affects-ibm-cics-tx-on-cloud/