End-of-Day report
Timeframe: Donnerstag 03-09-2020 18:00 - Freitag 04-09-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
FBI: Thousands of orgs targeted by RDoS extortion campaign
The FBI warns US companies that thousands of organizations around the world, from various industry sectors, have been threatened with DDoS attacks within six days unless they pay a Bitcoin ransom.
https://www.bleepingcomputer.com/news/security/fbi-thousands-of-orgs-targeted-by-rdos-extortion-campaign/
Phishing adds overlay on official company page to steal logins
A phishing campaign deployed recently at various businesses uses the companys home page to disguise the attack and trick potential victims into providing login credentials.
https://www.bleepingcomputer.com/news/security/phishing-adds-overlay-on-official-company-page-to-steal-logins/
A blast from the past - XXEncoded VB6.0 Trojan, (Fri, Sep 4th)
While going over what my e-mail malware quarantine caught during this week, I found a message which made me feel rather nostalgic. Among the usual maldocs, ZIPs and ACEs, there was also an e mail carrying an XXE file in its attachment.
https://isc.sans.edu/diary/rss/26538
Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2020-17496
We provide an analysis of CVE-2020-17496, proof of concept code to demonstrate the vulnerability and information on attacks we have observed.
https://unit42.paloaltonetworks.com/cve-2020-17496/
Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa
We observed a variant of the Thanos ransomware that attempted to overwrite the master boot record, a more destructive approach than previous versions.
https://unit42.paloaltonetworks.com/thanos-ransomware/
Firefox will add a new drive-by-download protection
Firefox will block automatic downloads initiated from sandboxed iframes -- the technology usually used for web embeds.
https://www.zdnet.com/article/firefox-will-add-a-new-drive-by-download-protection/
Vulnerabilities
Security updates for Friday
Security updates have been issued by Fedora (curl, dovecot, geary, httpd, lua, mysql-connector-java, and squid), Mageia (lua and lua5.3, sane, and squid), Oracle (dovecot), Scientific Linux (dovecot), SUSE (java-1_7_1-ibm, kernel, php5, and xorg-x11-server), and Ubuntu (firefox).
https://lwn.net/Articles/830632/
Security Bulletin: IBM InfoSphere Metadata Asset Manager is vulnerable to stored cross-site scripting and server-side request forgery.
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-metadata-asset-manager-is-vulnerable-to-stored-cross-site-scripting-and-server-side-request-forgery/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Apr 2020 CPU
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-apr-2020-cpu-2/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Oct 2019 CPU (CVE-2019-2964, CVE-2019-2989 )
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-oct-2019-cpu-cve-2019-2964-cve-2019-2989-3/
Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Netcool Agile Service Manager (CVE-2020-2654)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-netcool-agile-service-manager-cve-2020-2654/
Security Bulletin: Improper DLL loading vulnerability affecting Aspera Connect 3.9.9 and earlier
https://www.ibm.com/blogs/psirt/security-bulletin-improper-dll-loading-vulnerability-affecting-aspera-connect-3-9-9-and-earlier/