End-of-Day report
Timeframe: Montag 31-08-2020 18:00 - Dienstag 01-09-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Hackers are backdooring QNAP NAS devices with 3-year old RCE bug
Hackers are scanning for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions, trying to exploit a remote code execution (RCE) vulnerability addressed by QNAP in a previous release.
https://www.bleepingcomputer.com/news/security/hackers-are-backdooring-qnap-nas-devices-with-3-year-old-rce-bug/
DLL Fixer leads to Cyrat Ransomware
A new ransomware uses an unusual symmetric encryption method named "Fernet". It is Python based and appends .CYRAT to encrypted files.
https://feeds.feedblitz.com/~/634890360/0/gdatasecurityblog-en~DLL-Fixer-leads-to-Cyrat-Ransomware
Notarisierte Mac-Malware: Apple beglaubigte offenbar mehrfach Trojaner
Apples Notarisierungsdienst soll Mac-Nutzer vor Malware schützen. Nun beglaubigte der Hersteller auch den notorischen Schädling "Shlayer".
https://heise.de/-4882770
New web skimmer steals credit card data, sends to crooks via Telegram
Criminals steal payment data from online shoppers by abusing the Telegram instant messaging API, inserting credit card skimming code.
https://blog.malwarebytes.com/web-threats/2020/09/web-skimmer-steals-credit-card-data-via-telegram/
Quarterly Report: Incident Response trends in Summer 2020
By David Liebenberg and Caitlin Huey. For the fifth quarter in a row, Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape. Infections involved a wide variety of malware families including Ryuk, Maze, LockBit, and Netwalker, among others. In a continuation of trends observed in last quarter-s report, these ransomware attacks have relied much less on commodity trojans such as Emotet and Trickbot.
https://blog.talosintelligence.com/2020/09/CTIR-quarterly-trends-Q4-2020.html
Gratis iPhone 11 oder Samsung Galaxy S20 durch Hofer-Umfrage?
Kriminelle geben sich als Hofer aus und versenden wahllos E-Mails, in denen behauptet wird, Ihre E-Mail- bzw. IP-Adresse sei ausgewählt worden. Sie sollen daher an einer kurzen Umfrage teilnehmen und dadurch ein kostenloses iPhone 11 oder Samsung Galaxy S20 erhalten. Vorsicht: Die E-Mail stammt nicht von Hofer, Sie erhalten kein Smartphone geschenkt und Sie landen in einer teuren Abo-Falle!
https://www.watchlist-internet.at/news/gratis-iphone-11-oder-samsung-galaxy-s20-durch-hofer-umfrage/
Cybersquatting: Attackers Mimicking Domains of Major Brands Including Facebook, Apple, Amazon and Netflix to Scam Consumers
Our researchers analyzed data on cybersquatting to learn which domains attackers most often mimic and other key details of the practice.
https://unit42.paloaltonetworks.com/cybersquatting/
"Accessible Ubiquiti Service Discovery": Erster Datenfeed in der Taxonomie "Intrusions"
Ubiquiti Geräte benutzen ein Discovery Protokoll, um sich gegenseitig automatisch zu erkennen. Während das innerhalb des eigenen Netzwerks nützlich sein kann, machen fehlerhaft konfigurierte Geräte eine Vielzahl an Daten über sich öffentlich abrufbar. Als wäre dieses Problem nicht genug, gab es in älteren Firmware-Versionen eine Schwachstelle, die eine automatisierte Übernahme der betroffenen Systeme ermöglicht(e).
https://cert.at/de/blog/2020/9/accessible-ubiquiti-service-discovery-erster-datenfeed-in-der-taxonomie-intrusions
Vulnerabilities
Sicherheitsupdates: Schutzsoftware von Trend Micro kann PCs gefährden
Es gibt wichtige Sicherheitspatches für Trend Micro Apex One und OfficeScan XG.
https://heise.de/-4883268
Security updates for Tuesday
Security updates have been issued by Debian (apache2 and libx11), Fedora (batik, ecj, eclipse, eclipse-cdt, eclipse-ecf, eclipse-emf, eclipse-gef, eclipse-m2e-core, eclipse-mpc, eclipse-mylyn, eclipse-remote, eclipse-webtools, firefox, httpd, jetty, lucene, selinux-policy, and univocity-parsers), Mageia (hylafax+), openSUSE (ark and chromium), Red Hat (virt:8.2 and virt-devel:8.2), SUSE (freeradius-server, freerdp, php7, php72, php74, and xorg-x11-server), and Ubuntu (freerdp2, keystone, [...]
https://lwn.net/Articles/830278/
QNAP NAS: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-0857
Security Bulletin: Vulnerability in IBM Java SDK affect IBM Cloud Manager with OpenStack (CVE-2019-2949)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-affect-ibm-cloud-manager-with-openstack-cve-2019-2949/
Security Bulletin: Vulnerabilities in Faster-XML jackson-databind affects IBM Operations Analytics Predictive Insights
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affects-ibm-operations-analytics-predictive-insights/
Security Bulletin: Vulnerabilities in Faster-XML jackson-databind affect IBM Operations Analytics Predictive Insights
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-operations-analytics-predictive-insights-4/
Security Bulletin: IBM® Java- SDK Technology Edition, Oct 2019, affects IBM Security Identity Manager Virtual Appliance
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-technology-edition-oct-2019-affects-ibm-security-identity-manager-virtual-appliance/
Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java- Technology Edition for Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-ibm-sdk-java-technology-edition-for-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoin-4/
Security Bulletin: Vulnerabilities in Faster-XML jackson affect IBM Operations Analytics Predictive Insights (CVE-2019-14060, CVE-2019-14661, CVE-2019-14662)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-affect-ibm-operations-analytics-predictive-insights-cve-2019-14060-cve-2019-14661-cve-2019-14662/
Security Bulletin: Multiple Security Vulnerabilities in Apache Struts Affect IBM Sterling File Gateway (CVE-2019-0233, CVE-2019-0230)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-apache-struts-affect-ibm-sterling-file-gateway-cve-2019-0233-cve-2019-0230/
Security Bulletin: Vulnerability in Bash affects IBM Spectrum Protect Plus (CVE-2019-9924)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bash-affects-ibm-spectrum-protect-plus-cve-2019-9924-4/
Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Apache Thrift (CVE-2019-0205)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-apache-thrift-cve-2019-0205/
Security Bulletin: A vulnerability in IBM WebSphere Application Server(Liberty profile) affects IBM Operations Analytics Predictive Insights (CVE-2020-4329)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-serverliberty-profile-affects-ibm-operations-analytics-predictive-insights-cve-2020-4329/