[CERT-daily] Tageszusammenfassung - 19.11.2019

Tue Nov 19 18:31:35 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 18-11-2019 18:00 − Dienstag 19-11-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Linux, Windows Users Targeted With New ACBackdoor Malware ∗∗∗
---------------------------------------------
Researchers have discovered a new multi-platform backdoor that infects Windows and Linux systems allowing the attackers to run malicious code and binaries on the compromised machines.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/linux-windows-users-targeted-with-new-acbackdoor-malware/


∗∗∗ Buran Ransomware Infects PCs via Microsoft Excel Web Queries ∗∗∗
---------------------------------------------
A new spam campaign has been spotted distributing the Buran Ransomware through IQY file attachments. When opened, these Microsoft Excel Web Query attachments will execute a remote command that installs the ransomware onto a victims computer.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/


∗∗∗ Coin Stealer Found in Monero Linux Binaries From Official Site ∗∗∗
---------------------------------------------
The Monero Project is currently investigating a potential compromise of the official website after a coin stealer was found in the Linux 64-bit command line (CLI) Monero binaries downloaded from the download page.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/coin-stealer-found-in-monero-linux-binaries-from-official-site/


∗∗∗ Elasticsearch: Datenleak bei Conrad ∗∗∗
---------------------------------------------
Der Elektronikhändler Conrad meldet, dass ein Angreifer Zugang zu Kundendaten und Kontonummern gehabt habe. Grund dafür war eine ungesicherte Elasticsearch-Datenbank.
---------------------------------------------
https://www.golem.de/news/elasticsearch-datenleak-bei-conrad-1911-145091-rss.html


∗∗∗ Windows Debugging & Exploiting Part 2 - WinDBG 101 ∗∗∗
---------------------------------------------
Hello again! After our previous post about the environment setup, now it is time to cover the main tool of this project, the WinDBG.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/windows-debugging-exploiting-part-2-windbg-101/


∗∗∗ When Bank Communication is Indistinguishable from Phishing Attacks ∗∗∗
---------------------------------------------
You know how banks really, really want to avoid their customers falling victim to phishing scams? And how they put a heap of effort into education to warn folks about the hallmarks of phishing scams? And how banks are the shining beacons of light when it comes to demonstrating security [...]
---------------------------------------------
https://www.troyhunt.com/when-bank-communication-is-indistinguishable-from-phishing-attacks/


∗∗∗ Vulnerability in ABB Plant Historian Disclosed 5 Years After Discovery ∗∗∗
---------------------------------------------
It took Swiss-based industrial technology solutions provider ABB five years to inform customers of a critical vulnerability affecting one of its products, and the researcher who found it says this increased the chances of threat actors discovering and exploiting the security flaw.
---------------------------------------------
https://www.securityweek.com/vulnerability-abb-plant-historian-disclosed-5-years-after-discovery


∗∗∗ Vorsicht bei angeblichen Gewinnspielen von Magenta, A1, Drei oder Liwest ∗∗∗
---------------------------------------------
Aktuell verbreiten Kriminelle über unterschiedliche Kanäle Fake-Gewinnspiele. Sie werden entweder per E-Mail, SMS oder mittels Pop-Up im Browser benachrichtigt, dass Sie angeblich ein Smartphone gewonnen haben. Um den Gewinn zu erhalten, muss nur eine kurze Umfrage beantwortet und ein kleiner Geldbetrag für den Versand bezahlt werden. Vorsicht: Es handelt sich um eine Abo-Falle.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-bei-angeblichen-gewinnspielen-von-magenta-a1-drei-oder-liwest/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Schwere Sicherheitslücke in WhatsApp entdeckt ∗∗∗
---------------------------------------------
In WhatsApp wurde eine Schwachstelle gefunden, die es Angreifern ermöglicht, Dateien zu stehlen und Nachrichten auszulesen.
---------------------------------------------
https://futurezone.at/apps/schwere-sicherheitsluecke-in-whatsapp-entdeckt/400679165


∗∗∗ Lernplattform Moodle: Entwickler schließen kritische Schwachstellen ∗∗∗
---------------------------------------------
Moodle-Admins aufgepasst: Neue Versionen schließen mehrere, teils als "Serious" bewertete Lücken.
---------------------------------------------
https://heise.de/-4591094


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (python-psutil, slurm-llnl, symfony, and thunderbird), Fedora (gd and ghostscript), and SUSE (ceph, haproxy, java-11-openjdk, and ncurses).
---------------------------------------------
https://lwn.net/Articles/805149/


∗∗∗ Lexmark Services Monitor 2.27.4.0.39 Directory Traversal ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2019110124


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-2/


∗∗∗ Security Bulletin: Vulnerabilities in Curl affect PowerSC (CVE-2019-5435, CVE-2019-5436) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2019-5435-cve-2019-5436/


∗∗∗ HPESBHF03963 rev.1 - Certain HPE ProLiant Servers with Intel CSME, AMT, SPS, TXE, ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03963en_us


∗∗∗ HPESBHF03968 rev.1 - HPE Gen10 ProLiant, Apollo, and Synergy Servers using Intel CPU Transactional Synchronization Extensions (TSX) Asynchronous Abort (TAA), Local Disclosure of Information ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03968en_us


∗∗∗ HPESBHF03969 rev.1 - HPE ProLiant Gen10 Servers using certain Intel Xeon Scalable Processors, Voltage Modulation, Local Denial of Service ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03969en_us


∗∗∗ HPESBHF03971 rev.1 - HPE Servers using certain Intel Processors, SMM and TXT, Local Escalation of Privilege ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03971en_us


∗∗∗ HPESBST03964 rev.1 - HPE Nimble Storage, Multiple Remote Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03964en_us


∗∗∗ Google Chrome: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0998

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily