[CERT-daily] Tageszusammenfassung - 23.09.2019

Daily end-of-shift report team at cert.at
Mon Sep 23 18:06:06 CEST 2019 

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 20-09-2019 18:00 − Montag 23-09-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Zunahme von erfolgreichen Cyber-Angriffen mit Emotet – BSI rät zu Schutzmaßnahmen ∗∗∗
---------------------------------------------
Cyber-Angriffe mit der Schadsoftware Emotet haben in den vergangenen Tagen erhebliche Schäden in der deutschen Wirtschaft, aber auch bei Behörden und Organisationen verursacht. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) warnt daher erneut eindringlich vor dieser Schadsoftware und gibt ausführliche Hinweise zum Schutz vor Emotet. Auch Privatanwender stehen im Fokus der Angreifer.
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Emotet-Warnung_230919.html


∗∗∗ Meet Stop Ransomware: The Most Active Ransomware Nobody Talks About ∗∗∗
---------------------------------------------
Have you ever heard of the STOP Ransomware? Probably not, as few write about it, most researchers dont cover it, and for the most part it targets consumers through cracked software, adware bundles, and shady sites.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/meet-stop-ransomware-the-most-active-ransomware-nobody-talks-about/


∗∗∗ What you should know about Ryuk ransomware ∗∗∗
---------------------------------------------
The ransomware called Ryuk has established ransomware as a lucrative enterprise product. This sentence may sound provocative, as it is treating cybercriminals like businesspeople, but this is what Ryuk is about - making money. This strain of ransomware is estimated by Crowdstrike to have made the gang behind it over $3.7 million USD since [...]
---------------------------------------------
https://resources.infosecinstitute.com/what-you-should-know-about-ryuk-ransomware/


∗∗∗ Hello! My name is Dtrack ∗∗∗
---------------------------------------------
When we first discovered ATMDtrack, we thought we were just looking at another ATM malware family. Now we can add another family to the Lazarus group’s arsenal: ATMDtrack and Dtrack.
---------------------------------------------
https://securelist.com/my-name-is-dtrack/93338/


∗∗∗ YARA XOR Strings: an Update, (Sun, Sep 22nd) ∗∗∗
---------------------------------------------
Almost a year ago, I reported on a new feature in YARA version 3.8.0: YARA XOR Strings. The new YARA xor keyword allows for the search of strings that are XOR-encoded with a one-byte key.
---------------------------------------------
https://isc.sans.edu/diary/rss/25346


∗∗∗ Bereit für NISG & NISV? – Anforderungen an den Umgang mit Sicherheitsvorfällen ∗∗∗
---------------------------------------------
Es ist so weit - Österreich hat mit dem Beschluss der Netz- und Informationssystemsicherheitsverordnung (NISV) nun konkrete Netzwerk- und Informationssicherheitsanforderungen für Anbietern wesentlicher Dienste i.S.d. Netz- und Informationssystemsicherheitsgesetz (NISG) festgelegt.
---------------------------------------------
https://www.sec-consult.com/blog/2019/09/bereit-fuer-nisg-nisv-anforderungen-an-den-umgang-mit-sicherheitsvorfaellen/


∗∗∗ Dear network operators, please use the existing tools to fix security ∗∗∗
---------------------------------------------
The internets security and stability would be significantly improved if network operators implemented protocols that were already written into technical standards and if vendors provided better tools for fixing security.
---------------------------------------------
https://www.zdnet.com/article/dear-network-operators-please-use-the-existing-tools-to-fix-security/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitsupdates: Jira Server und Data Center vor Schadcode-Attacken gefährdet ∗∗∗
---------------------------------------------
Verschiedene Software von Jira ist über kritische Sicherheitslücken attackierbar. Angreifer könnten die Kontrolle über Server übernehmen.
---------------------------------------------
https://heise.de/-4536050


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (expat, php-pecl-http, and php7.0), Fedora (ImageMagick, jackson-annotations, jackson-bom, jackson-core, jackson-databind, and rubygem-rmagick), Mageia (chromium-browser-stable, ibus, kernel, samba, and thunderbird), openSUSE (chromium), Oracle (dovecot and kernel), Red Hat (dbus, kernel, kernel-alt, and kpatch-patch), Scientific Linux (dovecot and kernel), and SUSE (expat, ibus, kernel, kernel-source-rt, nmap, openssl, and webkit2gtk3).
---------------------------------------------
https://lwn.net/Articles/800377/


∗∗∗ Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190921-01-debug-en


∗∗∗ Security Advisory - Race Condition Vulnerability on Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190911-01-smartphone-en


∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager stores password in clear text (CVE-2019-4566) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-key-lifecycle-manager-stores-password-in-clear-text-cve-2019-4566/


∗∗∗ IBM Security Bulletin: Apache Commons Compress vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-12402) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-commons-compress-vulnerability-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-12402/


∗∗∗ IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-node-js-vulnerabilities-affect-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-9511-cve-2019-9512-cve-2019-9513-cve-2019-9514-cve-2019-9515-cve/


∗∗∗ IBM Security Bulletin: Clickjacking vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4285) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-clickjacking-vulnerability-in-websphere-application-server-liberty-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-4285/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-2684, CVE-2019-4473, CVE-2019-11771) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-2684-cve-2019-4473-cve-2019-11771/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list