[CERT-daily] Tageszusammenfassung - 10.12.2019

Daily end-of-shift report team at cert.at
Tue Dec 10 19:11:47 CET 2019 

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 09-12-2019 18:00 − Dienstag 10-12-2019 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Snatch Ransomware Reboots to Windows Safe Mode to Bypass AV Tools ∗∗∗
---------------------------------------------
Researchers discovered a new Snatch ransomware strain that will reboot computers it infects into Safe Mode to disable any resident security solutions and immediately starts encrypting files once the system loads.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/snatch-ransomware-reboots-to-windows-safe-mode-to-bypass-av-tools/


∗∗∗ Dont pay off Ryuk ransomware, warn infoseccers: Its creators borked the decryptor ∗∗∗
---------------------------------------------
Oracle DBs particularly vulnerable to fake decryptions, say researchers If youre an Oracle database user and are tempted to pay off a Ryuk ransomware infection to get your files back, for pitys sake, dont. The criminals behind it have broken their own decryptor, meaning nobody will be able to unlock files scrambled by the malicious software.
---------------------------------------------
https://go.theregister.co.uk/feed/www.theregister.co.uk/2019/12/10/ryuk_decryptor_broken_latest_strain/


∗∗∗ Was Sie beim Onlineshoppen beachten müssen ∗∗∗
---------------------------------------------
Nicht mehr lang, dann ist wieder Weihnachten. Für die einen die besinnlichste Zeit im Jahr, für die anderen der pure Stress - vor allem wenn viele Geschenke besorgt werden müssen. Onlineshoppen ist da eine bequeme Lösung. Doch Onlineshoppen birgt auch einige Gefahren.
---------------------------------------------
https://www.watchlist-internet.at/news/was-sie-beim-onlineshoppen-beachten-muessen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Acrobat and Reader (APSB19-55), Adobe Photoshop (APSB19-56), Brackets (APSB19-57) and Adobe ColdFusion (APSB19-58). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided "AS IS" with no warranties and confers no rights.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1813


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr, jruby, and squid3), Fedora (librabbitmq, libuv, and xpdf), openSUSE (calamares and opera), Oracle (kernel and nss), Red Hat (httpd24-httpd, kernel, kernel-alt, kpatch-patch, nss-softokn, sudo, and thunderbird), SUSE (apache2-mod_perl, java-1_8_0-openjdk, and postgresql), and Ubuntu (eglibc, firefox, and samba).
---------------------------------------------
https://lwn.net/Articles/806957/


∗∗∗ SAP Security Patch Day – December 2019 ∗∗∗
---------------------------------------------
Page edited by Aditi Kulkarni   This post by SAP Product Security Response Team shares information on Patch Day Security Notes that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.On 10th of December 2019, SAP Security Patch Day saw the release of 5 Security Notes. There are 2 updates to previously released Patch [...]
---------------------------------------------
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397


∗∗∗ Security Bulletin: Multiple Vulnerabilities in MongoDB affects IBM Watson Studio Local ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-mongodb-affects-ibm-watson-studio-local/


∗∗∗ Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2019-4663) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-is-vulnerable-to-cross-site-scripting-cve-2019-4663/


∗∗∗ Security Bulletin: Vulnerabilities addressed in IBM Cloud Pak System (CVE-2019-4521, CVE-2019-4095) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-addressed-in-ibm-cloud-pak-system-cve-2019-4521-cve-2019-4095/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in HAProxy affects IBM Watson Studio Local ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-haproxy-affects-ibm-watson-studio-local/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server October 2019 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-october-2019-cpu/


∗∗∗ Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-affect-ibm-websphere-application-server-in-ibm-cloud/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in python affects IBM Watson Studio Local ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-python-affects-ibm-watson-studio-local/


∗∗∗ Security Bulletin: IBM Integration Bus Hyper visor Edition V9.0 require customer action for security vulnerabilities in Red Hat Linux ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-hyper-visor-edition-v9-0-require-customer-action-for-security-vulnerabilities-in-red-hat-linux/


∗∗∗ IBM Security Bulletin: PowerVC is impacted by an OpenStack Neutron vulnerability related to security group rules (CVE-2019-10876) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-powervc-is-impacted-by-an-openstack-neutron-vulnerability-related-to-security-group-rules-cve-2019-10876/


∗∗∗ IBM Security Bulletin: PowerVC is impacted by an OpenStack Neutron denial of service vulnerability (CVE-2018-14635) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-powervc-is-impacted-by-an-openstack-neutron-denial-of-service-vulnerability-cve-2018-14635/


∗∗∗ SSA-451445 (Last Update: 2019-12-10): Multiple Vulnerabilities in SPPA-T3000 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf


∗∗∗ SSA-273799 (Last Update: 2019-12-10): Vulnerability in SIMATIC products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf


∗∗∗ SSA-525454 (Last Update: 2019-12-10): Vulnerabilities in XHQ Operations Intelligence ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf


∗∗∗ SSA-418979 (Last Update: 2019-12-10): Vulnerabilities in EN100 Ethernet Communication Module ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf


∗∗∗ SSA-761617 (Last Update: 2019-12-10): Multiple Vulnerabilities in SiNVR Video Management Solution ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf


∗∗∗ SSA-344983 (Last Update: 2019-12-10): Vulnerability in WPA2 Key Handling affecting SCALANCE W700 and SCALANCE W1700 Devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf


∗∗∗ SSA-618620 (Last Update: 2019-12-10): Vulnerabilities in Boot Loader (U-Boot) of RUGGEDCOM ROS Devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-618620.pdf


∗∗∗ Samba: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1048

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list