[CERT-daily] Tageszusammenfassung - 21.11.2019

Thu Nov 21 18:15:34 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 20-11-2019 18:00 − Donnerstag 21-11-2019 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Millions of Sites Exposed by Flaw in Jetpack WordPress Plugin ∗∗∗
---------------------------------------------
Admins and owners of WordPress websites are urged to immediately apply the Jetpack 7.9.1 critical security update to prevent potential attacks that could abuse a vulnerability present since Jetpack 5.1.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/millions-of-sites-exposed-by-flaw-in-jetpack-wordpress-plugin/


∗∗∗ New RIPlace Bypass Evades Windows 10, AV Ransomware Protection ∗∗∗
---------------------------------------------
A new ransomware bypass technique called RIPlace requires only a few lines of code to bypass ransomware protection features built into many security products and Windows 10.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-riplace-bypass-evades-windows-10-av-ransomware-protection/


∗∗∗ Gnip Banking Trojan Shows Ongoing, Aggressive Development ∗∗∗
---------------------------------------------
The mobile malware, which incorporates Anubis source code, could evolve into a fully fledged spyware in the future.
---------------------------------------------
https://threatpost.com/gnip-banking-trojan-aggressive-development/150521/


∗∗∗ Linux Webmin Servers Under Attack by Roboto P2P Botnet ∗∗∗
---------------------------------------------
A newly-discovered peer-to-peer (P2P) botnet has been found targeting a remote code execution vulnerability in Linux Webmin servers.
---------------------------------------------
https://threatpost.com/linux-webmin-servers-attack-p2p-botnet/150513/


∗∗∗ Security baseline (FINAL) for Windows 10 v1909 and Windows Server v1909 ∗∗∗
---------------------------------------------
Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 version 1909 (a.k.a., “19H2”), and for Windows Server version 1909. Note that Windows Server version 1909 is Server Core only and does not offer a Desktop Experience (a.k.a., “full”) server installation option.
---------------------------------------------
https://techcommunity.microsoft.com/t5/Microsoft-Security-Baselines/Security-baseline-FINAL-for-Windows-10-v1909-and-Windows-Server/ba-p/1023093


∗∗∗ Explained: juice jacking ∗∗∗
---------------------------------------------
Juice jacking is a type of cyberattack that uses a USB charging port to steal data or infect phones with malware. Learn how it works and ways to protect against it.
---------------------------------------------
https://blog.malwarebytes.com/explained/2019/11/explained-juice-jacking/


∗∗∗ Video: Identitätsdiebstahl bei Umfragejob ∗∗∗
---------------------------------------------
Auf diversen Job-Portalen stoßen Sie momentan auf Ausschreibungen zu Umfragejobs. Schon bei der Registrierung verlangt man Ihre Ausweiskopie. Melden Sie sich hier nicht an! Kriminelle stehlen Ihre Daten und tarnen die Eröffnung eines Bankkontos in Ihrem Namen als bezahlte Umfrage.
---------------------------------------------
https://www.watchlist-internet.at/news/video-identitaetsdiebstahl-bei-umfragejob/


∗∗∗ DePriMon downloader uses novel ways to infect your PC with ColoredLambert malware ∗∗∗
---------------------------------------------
It is believed the downloader is using techniques not seen before in the wild.
---------------------------------------------
https://www.zdnet.com/article/deprimon-downloader-uses-novel-ways-to-infect-your-pc-with-coloredlambert-malware/


∗∗∗ New SectopRAT Trojan creates hidden second desktop to control browser sessions ∗∗∗
---------------------------------------------
The Trojan makes sure the second desktop is hidden from sight.
---------------------------------------------
https://www.zdnet.com/article/new-sectoprat-malware-creates-hidden-second-desktop-to-control-browser-sessions/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Microsoft Releases Outlook for Android Security Update ∗∗∗
---------------------------------------------
Original release date: November 21, 2019Microsoft has released an update to address a vulnerability in Outlook for Android. An attacker could exploit this vulnerability to take control of an affected system.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/11/21/microsoft-releases-outlook-android-security-update


∗∗∗ New security release versions of BIND are available: 9.11.13, 9.14.8 and 9.15.6 ∗∗∗
---------------------------------------------
New security releases of BIND are available which contain fixes for the CVEs disclosed today.
---------------------------------------------
https://lists.isc.org/pipermail/bind-announce/2019-November/001143.html


∗∗∗ Apache Solr Bug Gets Bumped Up to High Severity ∗∗∗
---------------------------------------------
The vulnerability (CVE-2019-12409) was first reported in July and patched in August. ... Since the bug was initially discovered, researchers have reevaluated the threat and escalated its severity to high-risk.
---------------------------------------------
https://threatpost.com/apache-solr-bug-gets-bumped-up-to-high-severity/150484/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (oniguruma and thunderbird-enigmail), openSUSE (chromium, ghostscript, and slurm), Oracle (kernel), Red Hat (kpatch-patch), Slackware (bind), SUSE (python-ecdsa), and Ubuntu (bind9 and mariadb).
---------------------------------------------
https://lwn.net/Articles/805281/


∗∗∗ Security Bulletin: Inadequate account lockout in Cloud Pak System (CVE-2019-4096) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-inadequate-account-lockout-in-cloud-pak-system-cve-2019-4096/


∗∗∗ Security Bulletin: Vulnerabilities in WAS Liberty affect IBM Spectrum LSF Suite, Spectrum LSF Suite for HPA and Spectrum LSF Application Center ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-was-liberty-affect-ibm-spectrum-lsf-suite-spectrum-lsf-suite-for-hpa-and-spectrum-lsf-application-center/


∗∗∗ Security Bulletin: Bypass Client-Side Validation vulnerability in Cloud Pak System (CVE-2019-4240) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-bypass-client-side-validation-vulnerability-in-cloud-pak-system-cve-2019-4240/


∗∗∗ Security Bulletin: A vulnerability in Apache Solr (lucene) affects IBM Operations Analytics – Log Analysis (CVE-2019-4243) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-solr-lucene-affects-ibm-operations-analytics-log-analysis-cve-2019-4243/


∗∗∗ Security Bulletin: Clickjacking vulnerability in IBM Operations Analytics – Log Analysis (CVE-2019-4215) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-clickjacking-vulnerability-in-ibm-operations-analytics-log-analysis-cve-2019-4215/


∗∗∗ Security Bulletin: IBM Operations Analytics – Log Analysis is vulnerable to potential Host Header Injection (CVE-2019-4216) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operations-analytics-log-analysis-is-vulnerable-to-potential-host-header-injection-cve-2019-4216/


∗∗∗ Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoil Federated Identity Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-websphere-application-server-shipped-with-tivoil-federated-identity-manager/


∗∗∗ Security Bulletin: XStream as used by IBM QRadar SIEM is vulnerable to os command injection (CVE-2019-10173) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-xstream-as-used-by-ibm-qradar-siem-is-vulnerable-to-os-command-injection-cve-2019-10173/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center on AIX (CVE-2019-4473, CVE-2019-11771) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-operations-center-on-aix-cve-2019-4473-cve-2019-11771/


∗∗∗ IBM Security Bulletin: A Vulnerability in Apache PDFBox Affects Transformation Extender ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-apache-pdfbox-affects-transformation-extender/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (CVE-2019-4473, CVE-2019-11771) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-tivoli-netcool-omnibus-cve-2019-4473-cve-2019-11771/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems (July2019 updates) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-os-images-for-red-hat-linux-systems-july2019-updates/


∗∗∗ Security Bulletin: IBM Cognos Controller 2019Q4 Security Updater: Multiple Security Vulnerabilities have been identified in IBM Cognos Controller ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-controller-2019q4-security-updater-multiple-security-vulnerabilities-have-been-identified-in-ibm-cognos-controller/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily