May 2020 - rwth-security - lists.rwth-aachen.de

New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps
by Bernd Kohler 26 May '20

26 May '20

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps" betroffen alle Geräte mit Android < Android Q / 10 VG Bernd [0] https://thehackernews.com/2020/05/stranhogg-android-vulnerability.html -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de

1 0

Abusing Microsoft Outlook 365 to Capture NTLM
by Bernd Kohler 25 May '20

25 May '20

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Abusing Microsoft Outlook 365 to Capture NTLM" VG Bernd [0] https://www.hackingarticles.in/abusing-microsoft-outlook-365-to-capture-ntl… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de

1 0

Windows Sandbox
by Bernd Kohler 22 May '20

22 May '20

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] und [1] FYI "Running dodgy programs safely with Windows Sandbox" "Simple Windows Sandbox Configuration" VG Bernd [0] https://scotthelme.co.uk/running-dodgy-programs-safely-with-windows-sandbox/ [1] https://github.com/FireFart/sandbox -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de

1 0

Researchers Disclosed 5 Windows Zero-Day Bugs That Allow Hackers to Escalate System Privileges
by Bernd Kohler 22 May '20

22 May '20

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Researchers Disclosed 5 Windows Zero-Day Bugs That Allow Hackers to Escalate System Privileges" CVE-2020-0916 CVE-2020-0986 CVE-2020-0915 ".marked as most dangerous among the five, because, they were rated 7.0 on the CVSS score ..." "... All these vulnerabilities were discovered in the host process splwow64.exe ..." "... Specialists informed Microsoft of their findings in December 2019, and the company intended to release a patch as part of May “Tuesday of corrections” in 2020 but did not manage to do this. Only beta versions of fixes were presented to experts ..." VG Bernd [0] https://cybersecuritynews.com/5-windows-zero-day-bugs/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de

1 0

Ragnar Locker ransomware deploys virtual machine to dodge security
by Bernd Kohler 22 May '20

22 May '20

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Ragnar Locker ransomware deploys virtual machine to dodge security" --> "... deploying as a full virtual machine on each targeted device to hide the ransomware from view ..." VG Bernd [0] https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-v… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de

1 0

Drupal Releases Security Updates
by Bernd Kohler 22 May '20

22 May '20

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Drupal Releases Security Updates" VG Bernd [0] https://www.us-cert.gov/ncas/current-activity/2020/05/21/drupal-releases-se… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de

1 0

Hacker shares 40 million Wishbone user records for free
by Bernd Kohler 22 May '20

22 May '20

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Hacker shares 40 million Wishbone user records for free" "... Wishbone is a popular app for iOS and Android that allows users to create comparisons between two images that people can then vote on... " VG Bernd [0] https://www.bleepingcomputer.com/news/security/hacker-shares-40-million-wis… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de

1 0

Google rolls out new Enhanced Safe Browsing security feature
by Bernd Kohler 19 May '20

19 May '20

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Google rolls out new Enhanced Safe Browsing security feature" '... users will now be able to get real-time protection when browsing the web and downloading files ... users will now be able to get real-time protection when browsing the web and downloading files ... does come with a small sacrifice in privacy as "Chrome will also send a small sample of pages and suspicious downloads to help discover new threats against you and other Chrome users." ...' VG Bernd [0] https://www.bleepingcomputer.com/news/google/google-rolls-out-new-enhanced-… -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de

1 1

Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks
by Bernd Kohler 18 May '20

18 May '20

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks" "... It is possible for an unauthenticated, adjacent attacker to impersonate a previously paired/bonded device and successfully authenticate without knowing the link key. This could allow an attacker to gain full access to the paired device by performing a Bluetooth Impersonation Attack (BIAS) ..." VG Bernd [0] https://kb.cert.org/vuls/id/647177/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de

1 0

RDP Attackers - 7 days
by Bernd Kohler 18 May '20

18 May '20

Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "RDP Attackers - 7 days" 37.9% at @microsoft 7.7% at @Hostkey NL 4.5% at @NFOrce_BV NL Die Liste der IP's gibt es auf [1] VG Bernd [0] https://otx.alienvault.com/pulse/5ec299d5fa1d212d78eb1a0e [1] https://gist.github.com/techhelplist/d57267a2f44c425a6a133a798ae20126 -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de www.itc.rwth-aachen.de

1 0