[CERT-daily] Tageszusammenfassung - 27.04.2020

Mon Apr 27 19:43:04 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 24-04-2020 18:00 − Montag 27-04-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ BazarBackdoor: TrickBot gang’s new stealthy network-hacking malware ∗∗∗
---------------------------------------------
A new phishing campaign is delivering a new stealthy backdoor from the developers of TrickBot that is used to compromise and gain full access to corporate networks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/bazarbackdoor-trickbot-gang-s-new-stealthy-network-hacking-malware/


∗∗∗ Asnarök malware exploits firewall zero-day to steal credentials ∗∗∗
---------------------------------------------
Some Sophos firewall products were attacked with a new Trojan malware, dubbed Asnarök by researchers cyber-security firm Sophos, to steal usernames and hashed passwords starting with April 22 according to an official timeline.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/asnar-k-malware-exploits-firewall-zero-day-to-steal-credentials/


∗∗∗ Shade Ransomware shuts down, releases 750K decryption keys ∗∗∗
---------------------------------------------
The operators behind the Shade Ransomware (Troldesh) have shut down their operations, released over 750,000 decryption keys, and apologized for the harm they caused their victims.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/shade-ransomware-shuts-down-releases-750k-decryption-keys/


∗∗∗ Eight Common OT / Industrial Firewall Mistakes ∗∗∗
---------------------------------------------
Firewalls are easy to misconfigure. While the security consequences of such errors may be acceptable for some firewalls, the accumulated risks of misconfigured firewalls in a defense-in-depth OT network architecture are generally unacceptable.
---------------------------------------------
https://threatpost.com/waterfall-eight-common-ot-industrial-firewall-mistakes/155061/


∗∗∗ Understanding the basics of API security ∗∗∗
---------------------------------------------
This is the first of a series of articles that introduces and explains application programming interfaces (API) security threats, challenges, and solutions for participants in software development, operations, and protection.
---------------------------------------------
https://www.helpnetsecurity.com/2020/04/27/basics-api-security/


∗∗∗ GDPR.EU has er… a data leakage issue ∗∗∗
---------------------------------------------
The web site GDPR.EU is an advice site ‘operated by Proton Technologies AG, co-funded by … the EU Horizon Framework’. It’s full of useful advice for organisations that need to [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/gdpr-eu-has-er-a-data-leakage-issue/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Hacker nutzen Zero-Day-Lücke in Sophos-Firewall aus ∗∗∗
---------------------------------------------
Unbekannte stehlen Dateien mit Anmeldedaten von Firewall-Administratoren und lokalen Nutzern. Sophos findet keinen Hinweis auf einen Missbrauch dieser Daten. Inzwischen steht ein Notfall-Update für die Schwachstelle zur Verfügung.
---------------------------------------------
https://www.zdnet.de/88379086/hacker-nutzen-zero-day-luecke-in-sophos-firewall-aus/


∗∗∗ Duplicated Vulnerabilities in WordPress Plugins ∗∗∗
---------------------------------------------
During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post. With a bit of research, we came to the following conclusion: Many of these plugins came from the same source — and contained the same vulnerabilities.
---------------------------------------------
https://blog.sucuri.net/2020/04/duplicated-vulnerabilities-in-wordpress-plugins.html


∗∗∗ Authentication bypass in FortiMail and FortiVoiceEntreprise ∗∗∗
---------------------------------------------
An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-20-045


∗∗∗ High Severity Vulnerability Patched in Real-Time Find and Replace Plugin ∗∗∗
---------------------------------------------
On April 22, 2020, our Threat Intelligence team discovered a vulnerability in Real-Time Find and Replace, a WordPress plugin installed on over 100,000 sites. This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an action, like clicking on a link in [...]
---------------------------------------------
https://www.wordfence.com/blog/2020/04/high-severity-vulnerability-patched-in-real-time-find-and-replace-plugin/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium), Debian (eog, jsch, libgsf, mailman, ncmpc, openjdk-11, php5, python-reportlab, radicale, and rzip), Fedora (ansible, dolphin-emu, git, gnuchess, liblas, openvpn, php, qt5-qtbase, rubygem-rake, snakeyaml, webkit2gtk3, and wireshark), Mageia (chromium-browser-stable, git, java-1.8.0-openjdk, kernel, kernel-linus, mp3gain, and virtualbox), openSUSE (crawl, cups, freeradius-server, kubernetes, and otrs), SUSE (apache2, kernel, pam_radius, [...]
---------------------------------------------
https://lwn.net/Articles/818763/


∗∗∗ JSA11021 - 2020-04 Out of Cycle Security Advisory: Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11021&actp=RSS


∗∗∗ HPESBHF03945 rev.1 - HPE Servers using Supplemental Update / Online ROM Flash Component for Linux, Local Execution of Arbitrary Code. ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03945en_us


∗∗∗ OTRS: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0372


∗∗∗ ILIAS: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0370


∗∗∗ Postfix: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0376


∗∗∗ Security Bulletin: IBM Integration Bus affected by multiple Apache Tomcat (core only) vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-affected-by-multiple-apache-tomcat-core-only-vulnerabilities/


∗∗∗ Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilties ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilties-3/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Websphere Message Broker V8. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-websphere-message-broker-v8-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Oct 2019 CPU (CVE-2019-2964, CVE-2019-2989 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-oct-2019-cpu-cve-2019-2964-cve-2019-2989-2/


∗∗∗ Security Bulletin: There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7, Version 8, that is used by IBM Workload Scheduler. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-version-7-version-8-that-is-used-by-ibm-workload-scheduler-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-workload-scheduler/


∗∗∗ Security Bulletin: There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7, Version 8, that is used by IBM Workload Scheduler. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-version-7-version-8-that-is-used-by-ibm-workload-scheduler/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily