End-of-Day report
Timeframe: Donnerstag 24-09-2020 18:00 - Freitag 25-09-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Datenleck: Airbnb gibt Gastgebern Zugriff auf fremde Postfächer
Hosts berichten, dass ihnen die Nachrichten anderer Airbnb-Hosts angezeigt werden - bis hin zur PIN, mit der sich die Tür öffnen lässt.
https://www.golem.de/news/datenleck-airbnb-gibt-gastgebern-zugriff-auf-fremde-postfaecher-2009-151125-rss.html
Sodinokibi Ransomware 101: Origin, Victims, Prevention Strategies
Cyberattacks have become a part of our reality, but have you ever wondered what might happen if your company gets targeted? You probably imagine that you would lose some money and a great deal of time, maybe fire an employee or too, lose a few clients and have your reputation tainted or eventually even deal [...]
https://heimdalsecurity.com/blog/sodinokibi-ransomware-101/
Ghost in action: the Specter botnet
On August 20, 2020, 360Netlab Threat Detect System captured a suspicious ELF file (22523419f0404d628d02876e69458fbe.css) with 0 VT detection. When we took a close look, we see a new botnet that targets AVTECH IP Camera / NVR / DVR devices, and it has flexible configuration, highly modular / plugin, and uses TLS, [...]
https://blog.netlab.360.com/ghost-in-action-the-specter-botnet/
Securing Exchange Online [Guest Diary], (Fri, Sep 25th)
[...] The base configuration of Exchange Online is set to allow quick onboarding of customers with minimal barriers to the smooth migration of email into the service. The configuration does require tweaks to in order to make it more secure. I aim to cover some of the more effective tweaks in this document and point the reader to the right documentation to secure their Exchange tenant.
https://isc.sans.edu/diary/rss/26600
Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers
As the pandemic continues to accelerate the shift towards working from home, a slew of digital threats have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks. Now according to network security platform provider SAM Seamless Network, over 200,000 businesses that have deployed the Fortigate VPN solution to enable employees to [...]
https://thehackernews.com/2020/09/fortigate-vpn-security.html
Studie: Angreifer wollen ins Homeoffice - millionenfach über RDP-Verbindungen
In Corona-Zeiten haben Forscher einen signifikanten Anstieg von Attacken auf Remote-Verbindungen registriert. Mit den richtigen Tipps schützt man sich.
https://heise.de/-4912452
Security-Updatepaket für Ciscos Netzwerkbetriebssysteme IOS und IOS XE
Admins aufgepasst: Vor dem Start ins Wochenende warten noch Updates für IOS und IOS XE, die insgesamt 34 Schwachstellen mit hoher Risikoeinstufung schließen.
https://heise.de/-4912352
Handling Incidents in ICS - Getting to the Root of the Problem
For most organizations, having an incident response plan is a regulatory or even legal requirement these days. Unfortunately just having [...]
https://www.dragos.com/blog/industry-news/handling-incidents-in-ics-getting-to-the-root-of-the-problem/
Vulnerabilities
macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave
This document describes the security content of macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave.
https://support.apple.com/kb/HT211849
iCloud for Windows 11.4
This document describes the security content of iCloud for Windows 11.4.
https://support.apple.com/kb/HT211846
iCloud for Windows 7.21
This document describes the security content of iCloud for Windows 7.21.
https://support.apple.com/kb/HT211847
Cisco Security Advisories
Cisco hat 42 Security Advisories mit folgenden "Security Impact Ratings" veröffentlicht:
High: 29
Medium: 13
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2020%2F09%2F24&firstPublishedEndDate=2020%2F09%2F25&limit=50
Security updates for Friday
Security updates have been issued by Debian (rails), openSUSE (chromium, jasper, ovmf, roundcubemail, samba, and singularity), Oracle (firefox), SUSE (bcm43xx-firmware, firefox, libqt5-qtbase, qemu, and tiff), and Ubuntu (aptdaemon, atftp, awl, packagekit, and spip).
https://lwn.net/Articles/832509/
Security Bulletin: IBM InfoSphere Information Server is vulnerable to Cross-frame scripting
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-vulnerable-to-cross-frame-scripting/
Security Bulletin: Security Vulnerabilities in IBM® Java SDK July 2020 CPU plus CVE-2020-2590 and CVE-2020-2601 affect multiple IBM Continuous Engineering products based on IBM Jazz Technology
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-july-2020-cpu-plus-cve-2020-2590-and-cve-2020-2601-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology/
Security Bulletin: A vulnerability in IBM Java Runtime affect IBM Spectrum Conductor and IBM Spectrum Conductor with Spark
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark-2/
Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4643)
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-an-information-exposure-vulnerability-cve-2020-4643-2/
Security Bulletin: A vulnerability in IBM Java Runtime affect IBM Spectrum Conductor and IBM Spectrum Conductor with Spark
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark/
Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4531
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4531/