End-of-Day report
Timeframe: Mittwoch 09-09-2020 18:00 - Donnerstag 10-09-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
ProLock ransomware increases payment demand and victim count
Using standard tactics, the operators of ProLock ransomware were able to deploy a large number of attacks over the past six months, averaging close to one target every day.
https://www.bleepingcomputer.com/news/security/prolock-ransomware-increases-payment-demand-and-victim-count/
An overview of targeted attacks and APTs on Linux
Perhaps unsurprisingly, a lot has been written about targeted attacks on Windows systems. Windows is, due to its popularity, the platform for which we discover most APT attack tools. At the same time, there-s a widely held opinion that Linux [...]
https://securelist.com/an-overview-of-targeted-attacks-and-apts-on-linux/98440/
Zeppelin Ransomware Returns with New Trojan on Board
The malware has popped up in a targeted campaign and a new infection routine.
https://threatpost.com/zeppelin-ransomware-returns-trojan/159092/
O365 Phishing Attack Used Real-Time Validation against Active Directory
A phishing attack used real-time validation against an organization-s Active Directory in order to steal users- Office 365 credentials. According to Armorblox, the phishing attack targeted an executive working at an American brand that was named one of the world-s Top 50 most innovative companies for 2019 on a Friday evening. The email used spoofing [...]
https://www.tripwire.com/state-of-security/security-data-protection/o365-phishing-attack-used-real-time-validation-against-active-directory/
BLURtooth Vulnerability Can Allow Bluetooth MITM Attacks
A security vulnerability in the Cross-Transport Key Derivation (CTKD) of devices supporting both Bluetooth BR/EDR and LE could allow an attacker to overwrite encryption keys, researchers have discovered.
https://www.securityweek.com/blurtooth-vulnerability-can-allow-bluetooth-mitm-attacks
Fake Gewinnspiel mit Cineplexx-Gutschein lockt in Abo-Falle
Auf Facebook wird über Anzeigen und den Facebook-Messenger ein Gewinnspiel beworben. Sie wurden angeblich, ausgewählt Gutscheine für Cineplexx-Kinos zu erhalten. Dafür sollen Sie 2 Euro für die Versandkosten mit Ihrer Kreditkarte bezahlen. Achtung: Das Gewinnspiel ist fake, die Gutscheine gibt es nicht und Sie landen in einer Abo-Falle! Cineplexx selbst hat nichts mit diesen Gewinnspielen zu tun.
https://www.watchlist-internet.at/news/fake-gewinnspiel-mit-cineplexx-gutschein-lockt-in-abo-falle/
New CDRThief malware targets VoIP softswitches to steal call detail records
Malware targets only two very specific softswitches (software switches): Linknat VOS2009 and VOS3000.
https://www.zdnet.com/article/new-cdrthief-malware-targets-voip-softswitches-to-steal-call-detail-records/
Ransomware-Attacken vervielfacht
Die Zahl der Ransomware-Angriffe ist im ersten Halbjahr im Vergleich zum Vorjahr um 715% gestiegen. Die Lösegelderpresser werden immer gefährlicher und sorgen für hohe Schäden.
https://www.zdnet.de/88382645/ransomware-attacken-vervielfacht/
Recent Dridex activity, (Thu, Sep 10th)
For the past month or so, I hadn't had any luck finding active malspam campaigns pushing Dridex malware. That changed starting this week, and I've since found several examples. Today's diary reviews an infection from Wednesday September 9th, 2020.
https://isc.sans.edu/diary/rss/26550
Vulnerabilities
Security updates for Thursday
Security updates have been issued by Arch Linux (ark, gnupg, go, opendmarc, and python-django), Debian (libxml2), Gentoo (chromium), Oracle (librepo and thunderbird), Red Hat (dovecot and httpd:2.4), SUSE (avahi, kernel, and openldap2), and Ubuntu (xorg-server).
https://lwn.net/Articles/831178/
Palo Alto Networks Patches Serious DoS, Code Execution Flaws in PAN-OS
Palo Alto Networks this week announced that it has patched critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall software. read more
https://www.securityweek.com/palo-alto-networks-patches-serious-dos-code-execution-flaws-pan-os
PEPPERL+FUCHS/VMT Bildverarbeitungssysteme GmbH: VMT MSS and VMT IS - Several vulnerabilities in products utilizing WIBU SYSTEMS CodeMeter components
https://cert.vde.com/de-de/advisories/vde-2020-034
PILZ: Multiple products prone to WIBU CodeMeter vulnerabilities
https://cert.vde.com/de-de/advisories/vde-2020-033
avahi: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
http://www.cert-bund.de/advisoryshort/CB-K20-0892
Ruby on Rails: Schwachstelle ermöglicht Cross-Site Scripting
http://www.cert-bund.de/advisoryshort/CB-K20-0891
Security Advisory - Information Leak Vulnerability in Huawei Smartphone
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200909-04-smartphone-en
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise/
Security Bulletin: Vulnerability in jackson-databind shipped with IBM Cloud Pak System
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jackson-databind-shipped-with-ibm-cloud-pak-system/
Security Bulletin: WebSphere Application Server Admin Console is vulnerable to cross-site scripting (CVE-2020-4578)
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-admin-console-is-vulnerable-to-cross-site-scripting-cve-2020-4578/
Security Bulletin: Vulnerabilities in IBM HTTP Server affects IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-http-server-affects-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise/
Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-http-server-affect-ibm-i/
Security Bulletin: Vulnerability in IBM Java SDK affect IBM Cloud Orchestrator (CVE-2020-2654)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-affect-ibm-cloud-orchestrator-cve-2020-2654/