[CERT-daily] Tageszusammenfassung - 20.04.2020

Daily end-of-shift report team at cert.at
Mon Apr 20 18:16:53 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 17-04-2020 18:00 − Montag 20-04-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Microsoft helped stop a botnet controlled via an LED light console ∗∗∗
---------------------------------------------
Microsoft says that its Digital Crimes Unit (DCU) discovered and helped take down a botnet of 400,000 compromised devices controlled with the help of an LED light control console.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-helped-stop-a-botnet-controlled-via-an-led-light-console/


∗∗∗ KPOT Analysis: Obtaining the Decrypted KPOT EXE, (Sun, Apr 19th) ∗∗∗
---------------------------------------------
https://isc.sans.edu/diary/rss/26014


∗∗∗ KPOT AutoIt Script: Analysis, (Mon, Apr 20th) ∗∗∗
---------------------------------------------
https://isc.sans.edu/diary/rss/26012


∗∗∗ Finding Zoom Meeting Details in the Wild ∗∗∗
---------------------------------------------
The popular web conference platform Zoom has been in the storm for a few weeks. With the COVID19 pandemic, more and more people are working from home and the demand for web conference tools has been growing.
---------------------------------------------
https://blog.rootshell.be/2020/04/18/finding-zoom-meeting-details-in-the-wild/


∗∗∗ Clipboard hijacking malware found in 725 Ruby libraries ∗∗∗
---------------------------------------------
Security researchers from ReversingLabs say theyve discovered 725 Ruby libraries uploaded on the official RubyGems repository that contained malware meant to hijack users clipboards. The malicious packages were uploaded on RubyGems between February 16 and 25 by two accounts [...]
---------------------------------------------
https://www.zdnet.com/article/clipboard-hijacking-malware-found-in-725-ruby-libraries/


∗∗∗ PayPal über Google Pay: Lücke von Februar anscheinend klammheimlich behoben ∗∗∗
---------------------------------------------
Die Lücke, die unautorisierte PayPal-Abbuchungen via Google Pay erlaubte, wurde anscheinend – erst kürzlich – von PayPal gefixt.
---------------------------------------------
https://heise.de/-4704339


∗∗∗ Warten auf Patches: Schwachstellen in Nagios XI gefährden Netzwerke ∗∗∗
---------------------------------------------
Die Monitoring-Software für komplexe IT-Infrastrukturen Nagios XI ist verwundbar. Abhilfe gibt es noch nicht.
---------------------------------------------
https://heise.de/-4704444


∗∗∗ Several Botnets Using Zero-Day Vulnerability to Target Fiber Routers ∗∗∗
---------------------------------------------
Multiple botnets are targeting a zero-day vulnerability in fiber routers in an attempt to ensnare them and leverage their power for malicious purposes, security researchers warn.
---------------------------------------------
https://www.securityweek.com/several-botnets-using-zero-day-vulnerability-target-fiber-routers


∗∗∗ In eigener Sache: CERT.at/nic.at sucht Verstärkung (Research Engineer Internet, Vollzeit) ∗∗∗
---------------------------------------------
Unser Research- & Developmentteam sucht für ein Projekt mit CERT.at und Security-Bezug eine/n Research Engineer (m/w, Vollzeit mit 38,5 Stunden) zum ehestmöglichen Einstieg. Dienstort ist Wien. Details finden sich auf der nic.at Jobs-Seite.
---------------------------------------------
https://cert.at/de/blog/2020/4/in-eigener-sache-certatnicat-sucht-verstarkung-research-engineer-internet-vollzeit



=====================
=  Vulnerabilities  =
=====================

∗∗∗ CVE-2019-9506 Encryption Key Negotiation of Bluetooth Vulnerability ∗∗∗
---------------------------------------------
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-19-224


∗∗∗ Kritische Sicherheitslücke in mehreren Xilinx-FPGAs ∗∗∗
---------------------------------------------
Bei Xilinx-FPGAs der Serie 7 (Spartan-7, Artix-7, Kintex-7, Virtex-7) und Virtex-6 lässt sich die Verschlüsselung der Bitstream-Konfigurationsdaten aushebeln.
---------------------------------------------
https://heise.de/-4706002


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (openvpn), Debian (awl, file-roller, jackson-databind, and shiro), Fedora (chromium, git, and libssh), Mageia (php, python-bleach, and webkit2), openSUSE (chromium, gstreamer-rtsp-server, and mp3gain), Oracle (thunderbird and tigervnc), SUSE (thunderbird), and Ubuntu (file-roller and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/817987/


∗∗∗ Prestashop 1.7.6.4 XSS / CSRF / Remote Code Execution ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2020040108


∗∗∗ Toshiba Electronic Devices & Storage software registers unquoted service paths ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN13467854/


∗∗∗ Security Bulletin: Information disclosure vulnerability in WebSphere Application Server shipped with Jazz for Service Management (CVE-2019-4441) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-shipped-with-jazz-for-service-management-cve-2019-4441/


∗∗∗ Security Bulletin: Windows DLL injection vulnerability with IBM Java Affects SPSS Modeler ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-windows-dll-injection-vulnerability-with-ibm-java-affects-spss-modeler-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in Nimbus-JOSE-JWT affect IBM Spectrum Symphony ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-nimbus-jose-jwt-affect-ibm-spectrum-symphony/


∗∗∗ Squid: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0347


∗∗∗ Citrix Hypervisor Multiple Security Updates ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX270837

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list