End-of-Day report
Timeframe: Dienstag 15-09-2020 18:00 - Mittwoch 16-09-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Malware greift Microsoft Datenbanken an
Eine neue Malware-Gang hat sich in den letzten Monaten einen Namen gemacht, indem sie sich in die Datenbank Microsoft SQL Server (MSSQL) gehackt und einen Crypto-Miner installiert hat.
https://www.zdnet.de/88382758/malware-greift-microsoft-datenbanken-an/
Netflix-KundInnen aufgepasst: Betrügerische E-Mails im Umlauf!
Derzeit häufen sich Meldungen über betrügerische E-Mails, die angeblich von Netflix stammen. In diesen E-Mails werden die Opfer darum gebeten, ihre Zahlungsinformationen zu aktualisieren, da es Probleme mit der Rechnung gäbe. Die Mails stammen jedoch nicht von Netflix, sondern von Kriminellen, die versuchen an die Kreditkartendaten der EmpfängerInnen zu kommen.
https://www.watchlist-internet.at/news/netflix-kundinnen-aufgepasst-betruegerische-e-mails-im-umlauf/
This security awareness training email is actually a phishing scam
-A creative phishing campaign uses an email template that pretends to be a reminder to complete security awareness training from a well-known security company.
https://www.bleepingcomputer.com/news/security/this-security-awareness-training-email-is-actually-a-phishing-scam/
DNS security best practices: Preventing DNS hijacking, poisoning and redirection
The importance of DNS The Domain Name System (DNS) is one of the fundamental protocols of the Internet. It provides a lookup service that converts domain names (like google.com) into IP addresses (like 192.168.0.0). While DNS has always been an important protocol, the growing use of cloud-based services has made it even more so.
https://resources.infosecinstitute.com/dns-security-best-practices-preventing-dns-hijacking-poisoning-and-redirection/
Do Vulnerabilities Ever Get Old? Recent "Mirai" Variant Scanning for 20 Year Old Amanda Version?, (Wed, Sep 16th)
We always say how network security is changing every day. Take a long lunch, and you may miss a critical exploit. But sometimes, time appears to stand still. We just passed 1.6 Billion seconds in the Unix Epoch. Back when the Unix timestamp still had 9 digits, in the late 90s also known as "pre Y2K", one of the servers you may have used for backups was Amanda (Advanced Maryland Automatic Network Disk Archiver). Still active and alive today, back then Amanda V 2.3 was current.
https://isc.sans.edu/diary/rss/26572
The Hacker Motive: What Attackers Are Doing with Your Hacked Site
Yesterday, September 15, 2020, the Wordfence Live team covered The Hacker Motive: What Attackers Are Doing with Your Hacked Site. This companion blog post reviews the motives we discussed live during Wordfence Live and dives deeper into the minds of attackers.
https://www.wordfence.com/blog/2020/09/the-hacker-motive-what-attackers-are-doing-with-your-hacked-site/
Billions of devices vulnerable to new BLESA Bluetooth security flaw
New BLESA attack goes after the often ignored Bluetooth reconnection process, unlike previous vulnerabilities, most found in the pairing operation.
https://www.zdnet.com/article/billions-of-devices-vulnerable-to-new-blesa-bluetooth-security-flaw/
Vulnerabilities
Cisco Content Security Management Appliance and Cisco Web Security Appliance Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Content Security Management Appliance (SMA) and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP
Schadcode-Lücken in Nitro Pro PDF geschlossen
Es sind wichtige Sicherheitsupdates für die PDF-Anwendung Nitro Pro erschienen.
https://heise.de/-4902752
IBM: Sicherheitsupdates für zahlreiche Produkte verfügbar
Seit Anfang voriger Woche hat IBM eine ganze Reihe von Lücken aus seinem Produktportfolio beseitigt - darunter einige mit hohem bis kritischem Schweregrad.
https://heise.de/-4902825
Security updates for Wednesday
Security updates have been issued by Fedora (libssh, python35, and xen), Oracle (kernel), Red Hat (librepo and mysql:8.0), SUSE (perl-DBI), and Ubuntu (Apache Log4j, Apache XML-RPC, bsdiff, libdbi-perl, luajit, milkytracker, OpenJPEG, ruby-loofah, and ruby-websocket-extensions).
https://lwn.net/Articles/831654/
Flaws in Philips Patient Monitoring Products Can Lead to Patient Data Exposure
Multiple vulnerabilities identified in Philips patient monitoring solutions could provide attackers with unauthorized access to patient data. read more
https://www.securityweek.com/flaws-philips-patient-monitoring-products-can-lead-patient-data-exposure
Security Advisory - Use-after-free Vulnerability in Some Huawei Smart Phone
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200916-01-smartphone-en
Trend Micro ServerProtect for Linux: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten
http://www.cert-bund.de/advisoryshort/CB-K20-0905
Node.js: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-0904