[CERT-daily] Tageszusammenfassung - 27.09.2019

Fri Sep 27 18:10:15 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 26-09-2019 18:00 − Freitag 27-09-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Adobe and Google Open Redirects Abused by Phishing Campaigns ∗∗∗
---------------------------------------------
Google and Adobe open redirects are being used by phishing campaigns in order to add legitimacy to the URLs used in the spam emails.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/adobe-and-google-open-redirects-abused-by-phishing-campaigns/


∗∗∗ Digital Canaries in a Coal Mine: Detecting Enumeration with DNS and AD ∗∗∗
---------------------------------------------
A fundamental part of any network is the Domain Name Service (DNS). Adversaries will likely want to enumerate computers in Active Directory and connect to them, and at some point, they will likely interact with DNS doing so. A simple example is attempting to access a remote share and the resulting DNS query.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/digital-canaries-in-a-coal-mine-detecting-enumeration-with-dns-and-ad/


∗∗∗ Researchers Disclose Another SIM Card Attack Possibly Impacting Millions ∗∗∗
---------------------------------------------
A new variant of a recently disclosed SIM card attack method could expose millions of mobile phones to remote hacking, researchers have warned.
---------------------------------------------
https://www.securityweek.com/researchers-disclose-another-sim-card-attack-possibly-impacting-millions


∗∗∗ So schützen Sie sich effektiv vor Schadsoftware! ∗∗∗
---------------------------------------------
Auf dubiosen Websites, in betrügerischen E-Mails oder in scheinbar harmlosen Chat-Nachrichten kann sich Schadsoftware verstecken. Diese verseuchten Dateien dürfen nicht ausgeführt werden, da sie ansonsten das Smartphone, den Computer oder das Netzwerk infizieren. Kriminelle können so beispielsweise sensible Daten auslesen und stehlen, Rechenleistung abzweigen oder ganze Systeme lahmlegen bis eine Kaution bezahlt wird.
---------------------------------------------
https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-effektiv-vor-schadsoftware/


∗∗∗ Microsoft: New Nodersok malware has infected thousands of PCs ∗∗∗
---------------------------------------------
New Nodersok malware installs Node.js to turn systems into proxies, perform click-fraud.
---------------------------------------------
https://www.zdnet.com/article/microsoft-new-nodersok-malware-has-infected-thousands-of-pcs/


∗∗∗ Hit by ransomware? Victims of these four types of file-encrypting malware can now retrieve their files for free ∗∗∗
---------------------------------------------
Cybersecurity researchers crack the codes of FortuneCrypt, Yatron, WannaCryFake and Avest ransomware, allowing victims to get their files back without paying cyber criminals.
---------------------------------------------
https://www.zdnet.com/article/hit-by-ransomware-victims-of-these-four-types-of-file-encrypting-malware-can-now-retrieve-their-files-for-free/


∗∗∗ New WhiteShadow downloader uses Microsoft SQL to retrieve malware ∗∗∗
---------------------------------------------
https://www.proofpoint.com/us/threat-insight/post/new-whiteshadow-downloader-uses-microsoft-sql-retrieve-malware


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Apple Releases Security Updates ∗∗∗
---------------------------------------------
Original release date: September 27, 2019Apple has released security updates to address a vulnerability in multiple products. A remote attacker could exploit this vulnerability to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, and [...]
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/09/27/apple-releases-security-updates


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (dcmtk), openSUSE (rust), Red Hat (redhat-virtualization-host), and SUSE (ghostscript, nghttp2, and u-boot).
---------------------------------------------
https://lwn.net/Articles/800699/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-node-js-affect-ibm-i-3/


∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerabilities Affect IBM Sterling File Gateway (CVE-2019-4423, CVE-2019-4280) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosure-vulnerabilities-affect-ibm-sterling-file-gateway-cve-2019-4423-cve-2019-4280-2/


∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerabilities Affect IBM Sterling File Gateway (CVE-2019-4423, CVE-2019-4280) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosure-vulnerabilities-affect-ibm-sterling-file-gateway-cve-2019-4423-cve-2019-4280/


∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 KVM Switch Firmware (CVE-2018-0734, CVE-2018-0737, CVE-2018-0739) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-openssl-affect-gcm16-gcm32-kvm-switch-firmware-cve-2018-0734-cve-2018-0737-cve-2018-0739/


∗∗∗ HPESBGN03957 rev.1 - HPE Oneview for VMware vCenter, Remote Cross-Site Scripting ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03957en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily