Tageszusammenfassung - 24.09.2020

End-of-Day report

Timeframe: Mittwoch 23-09-2020 18:00 - Donnerstag 24-09-2020 18:00 Handler: Stephan Richter Co-Handler: n/a

News

Security-Checkliste Passwörter & Accounts

Passwörter sind ein notwendiges Übel. Mit den folgenden Tipps haben Sie so wenig Passwortstress wie nötig, ohne an der Sicherheit zu sparen.

https://heise.de/-4886755


Vorsicht vor Raiffeisen Phishing SMS

Momentan werden massenhaft betrügerische Phishing SMS im Namen der Raiffeisen Bank verschickt. Angeblich sollte eine PushTAN Registrierung abgeschlossen werden. Die verlinkte Website sieht der echten dabei zum Verwechseln ähnlich. Achtung: Hier dürfen keinesfalls die eigenen Online Banking Daten eingegeben werden. Diese landen direkt in den Händen Krimineller.

https://www.watchlist-internet.at/news/vorsicht-vor-raiffeisen-phishing-sms/


Android-Malware Alien stiehlt Geld

Ein Android-Trojaner namens Alien ist seit Anfang des Jahres aktiv und wird als Malware-as-a-Service (MaaS) in unterirdischen Hackerforen angeboten. Ziel sind Banking- und Finanz-Apps auch in Deutschland

https://www.zdnet.de/88382932/android-malware-alien-stiehlt-geld/


Supply Chain bietet Angriffspunkte

Hacker nutzen zunehmend die Lieferketten im Ökosystem von Unternehmen, um ihre Angriffe vorzutragen. Kleinere Lieferanten mit schwachen Sicherheitsstrukturen bieten Einstiegspunkte für Attacken.

https://www.zdnet.de/88382938/supply-chain-bietet-angriffspunkte/


Protecting Against PowerShell Attacks: 5 Key Steps

Admins are already busy maintaining all systems running onsite and remotely, so the extra demand to protect against fileless threats can be overwhelming for manual security operations and inexperienced IT professionals. There are, however, five basic steps you can take to help mitigate the threat

https://www.beyondtrust.com/blog/entry/protecting-against-powershell-attacks-is-easier-than-you-think


AgeLocker ransomware targets QNAP NAS devices, steals data

QNAP NAS devices are being targeted in attacks by the AgeLocker ransomware, which encrypts the devices data, and in some cases, steal files from the victim.

https://www.bleepingcomputer.com/news/security/agelocker-ransomware-targets-qnap-nas-devices-steals-data/


Malicious One-Liner Using Hastebin

Short scripts that deliver malware to a website are nothing new, but during a recent investigation we found a script using hastebin[.]com, which is a domain we see used infrequently. The script was found writing malicious contents into an image directory on a compromised website, allowing an attacker to execute other malicious commands.

https://blog.sucuri.net/2020/09/malicious-one-liner-using-hastebin.html


[SANS ISC] Party in Ibiza with PowerShell

I published the following diary on isc.sans.edu: "Party in Ibiza with PowerShell": Today, I would like to talk about PowerShell ISE or "Integration Scripting Environment". This tool is installed by default on all Windows computers (besides the classic PowerShell interpreter). From a malware analysis point of view, ISE offers a key feature: [...]

https://blog.rootshell.be/2020/09/24/sans-isc-party-in-ibiza-with-powershell/


Fuzzing Image Parsing in Windows, Part One: Color Profiles

Image parsing and rendering are basic features of any modern operating system (OS). Image parsing is an easily accessible attack surface, and a vulnerability that may lead to remote code execution or information disclosure in such a feature is valuable to attackers.

https://www.fireeye.com/blog/threat-research/2020/09/fuzzing-image-parsing-in-windows-color-profiles.html

Vulnerabilities

Jetzt patchen! Attacken auf Zerologon-Lücke in Windows Server

Microsoft warnt vor Attacken auf eine kritische Sicherheitslücke in verschiedenen Windows-Server-Versionen. Auch Samba ist betroffen.

https://heise.de/-4910854


Security updates for Thursday

Security updates have been issued by Fedora (firefox, libproxy, mbedtls, samba, and zeromq), openSUSE (chromium and virtualbox), Red Hat (firefox and kernel), SUSE (cifs-utils, conmon, fuse-overlayfs, libcontainers-common, podman, libcdio, python-pip, samba, and wavpack), and Ubuntu (rdflib).

https://lwn.net/Articles/832405/


Synology-SA-20:22 SRM

A vulnerability allows remote authenticated users to bypass security constraints via a susceptible version of Synology Router Manager (SRM).

https://www.synology.com/en-global/support/security/Synology_SA_20_22


Wireshark: Mehrere Schwachstellen ermöglichen Denial of Service

http://www.cert-bund.de/advisoryshort/CB-K20-0922


Security Bulletin: Multiple vulnerabilities in Apache Struts affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-0233, CVE-2019-0230)

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-struts-affect-tivoli-netcool-omnibus-webgui-cve-2019-0233-cve-2019-0230/


Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management

https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-10/


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor and IBM Spectrum Conductor with Spark

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark-3/


Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Manager previously known as IBM Security Privilege Manager

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-security-verify-privilege-manager-previously-known-as-ibm-security-privilege-manager/


Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management

https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-7/


Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management

https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-9/


Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management

https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-6/


Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Vault previously known as IBM Security Secret Server

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-security-verify-privilege-vault-previously-known-as-ibm-security-secret-server/


Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management

https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-8/


Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application and IHS server

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-tivoli-monitoring-embedded-websphere-application-and-ihs-server-2/