Tageszusammenfassung - 15.09.2020
End-of-Day report
Timeframe: Montag 14-09-2020 18:00 - Dienstag 15-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan RichterNews
Windows 10 'Finger' command can be abused to download or steal files
The list of native executables in Windows that can download or run malicious code keeps growing as another one has been reported recently.Sicherheitslücke: Mit acht Nullen zum Active-Directory-Admin
Die Sicherheitslücke Zerologon nutzt einen Fehler in Netlogon aus und involviert die Zahl Null auf kreative Weise - um Passwörter zu ändern.Erfolgreiche Angriffskampagne trifft Online-Shops auf Basis von Magento 1
Der Support für Version 1.x der Onlineshop-Software Magento endete im Juni 2020. Eine aktuelle "Magecart"-Angriffskampagne zielt nun auf veraltete Shops.Shitrix-Nachwehen: Citrix-Systeme mit unbemerkten Backdoors
Auf Citrix ADC und Netscaler Gateways sind offenbar über die Shitrix-Lücke Anfang des Jahres Backdoors installiert worden, durch die Ransomware gelangen kann.Erpressungs-E-Mails: Kriminelle hätten Beweise, dass Sie fremdgehen
Werden Sie per E-Mail erpresst? Behauptet der Erpresser, einen Virus auf Ihrem Smartphone installiert zu haben, der Ihre Aktivitäten überwacht? Hat er angeblich Beweismaterial, dass Sie beim Fremdgehen zeigt? Fordert man für Stillschweigen die Überweisung von Bitcoins? Dann: Machen Sie sich keine Sorgen! Es handelt sich um ein betrügerisches E-Mail, das aktuell massenhaft versendet wird!Network Attack Trends: Attackers Leveraging High Severity and Critical Exploits
We captured global network traffic from firewalls around the world and then analyzed the data to examine the latest network attack trends.https://unit42.paloaltonetworks.com/network-attack-trends/
MITRE releases emulation plan for FIN6 hacking group, more to follow
New MITRE project to provide free emulation plans that mimic major threat actors in order to train and help defenders.https://www.zdnet.com/article/mitre-releases-emulation-plan-for-fin6-hacking-group-more-to-follow/
Hackers are getting more hands-on with their attacks. Thats not a good sign
Both nation-state backed hackers and cyber criminals asking trying to take advantage of the rise in remote working, and getting more sophisticated in their approach.Vulnerabilities
MFA Bypass Bugs Opened Microsoft 365 to Attack
Vulnerabilities 'that have existed for years' in WS-Trust could be exploited to attack other services such as Azure and Visual Studio.https://threatpost.com/flaws-in-microsoft-365s-mfa-access-cloud-apps/159240/
VMware VMSA-2020-0020 (Sep 14)
VMware Workstation, Fusion and Horizon Client updates address multiple security vulnerabilities (CVE-2020-3980, CVE-2020-3986, CVE-2020-3987, CVE-2020-3988, CVE-2020-3989, CVE-2020-3990)https://www.vmware.com/security/advisories/VMSA-2020-0020.html
Notfallpatch für Adobe Media Encoder verfügbar
Angreifer könnten Media Encoder von Adobe attackieren und Informationen leaken.Vulnerability Spotlight: Memory corruption in Google PDFium
Google Chromes PDFium feature could be exploited by an adversary to corrupt memory and potentially execute remote code. Chrome is a popular, free web browser available on all operating systems. PDFium allows users to open PDFs inside Chrome. We recently discovered a bug that would allow an adversary to send a malicious web page to a user, and then cause out-of-bounds memory access.https://blog.talosintelligence.com/2020/09/vuln-spotlight-google-pdfium-sept-2020.html
Security updates for Tuesday
Security updates have been issued by CentOS (dovecot), Debian (gnome-shell and teeworlds), Mageia (libetpan and zeromq), openSUSE (libxml2), Red Hat (chromium-browser and librepo), SUSE (compat-openssl098, firefox, kernel, openssl, and shim), and Ubuntu (gupnp).https://lwn.net/Articles/831592/
Synology-SA-20:20 Photo Station
Multiple vulnerabilities allow remote attackers to execute arbitrary code via a susceptible version of Photo Station.https://www.synology.com/en-global/support/security/Synology_SA_20_20