[CERT-daily] Tageszusammenfassung - 28.02.2020

Daily end-of-shift report team at cert.at
Fri Feb 28 18:06:59 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 27-02-2020 18:00 − Freitag 28-02-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Nemty Ransomware Actively Distributed via Love Letter Spam ∗∗∗
---------------------------------------------
Security researchers have spotted an ongoing malspam campaign using emails disguised as messages from secret lovers to deliver Nemty Ransomware payloads on the computers of potential victims.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/nemty-ransomware-actively-distributed-via-love-letter-spam/


∗∗∗ Site Takeover Campaign Exploits Multiple Zero-Day Vulnerabilities ∗∗∗
---------------------------------------------
Early yesterday, the Flexible Checkout Fields for WooCommerce plugin received a critical update to patch a zero-day vulnerability which allowed attackers to modify the plugin’s settings. As our Threat Intelligence team researched the scope of this attack campaign, we discovered three additional zero-day vulnerabilities in popular WordPress plugins that are being exploited as a part of this [...]
---------------------------------------------
https://www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-multiple-zero-day-vulnerabilities/


∗∗∗ Ghostcat bug impacts all Apache Tomcat versions released in the last 13 years ∗∗∗
---------------------------------------------
Ghostcat vulnerability can allow hackers to read configuration files or plant backdoors on Tomcat servers.
---------------------------------------------
https://www.zdnet.com/article/ghostcat-bug-impacts-all-apache-tomcat-versions-released-in-the-last-13-years/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (java-1.7.0-openjdk and ppp), Debian (libimobiledevice, libusbmuxd, and pure-ftpd), Fedora (caddy, firejail, golang-github-gorilla-websocket, golang-vitess, hugo, mingw-libpng, php, and proftpd), openSUSE (chromium, enigmail, ipmitool, libsolv, libzypp, zypper, weechat, and yast2-rmt), Oracle (java-1.7.0-openjdk and ppp), Red Hat (java-1.7.0-openjdk and ppp), Scientific Linux (java-1.7.0-openjdk and ppp), and SUSE (java-1_8_0-ibm, kernel, mariadb, [...]
---------------------------------------------
https://lwn.net/Articles/813543/


∗∗∗ HPESBST03980 rev.1 - HPE StoreFabric C-series Switches with Cisco Prime Data Center Network Manager (DCNM), Remote Authentication Bypass ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03980en_us


∗∗∗ wpdefault - Backdoor Plugin ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/10096


∗∗∗ Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-2989, CVE-2020-2593 and CVE-2019-4732 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-sdk-affect-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-2989-cve-2020-2593-and-cve-2019-4732/


∗∗∗ Security Bulletin: Apache Log4j vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-17571) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-17571/


∗∗∗ Security Bulletin: Man in the middle vulnerability CVE-2014-3603 affects Websphere Liberty and OpenLiberty used by MobileFirst Platform Foundation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-man-in-the-middle-vulnerability-cve-2014-3603-affects-websphere-liberty-and-openliberty-used-by-mobilefirst-platform-foundation/


∗∗∗ Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-node-js-vulnerabilities-affect-ibm-spectrum-control-formerly-tivoli-storage-productivity-center/


∗∗∗ Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in TCP (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management-module-ii-imm2-is-affected-by-vulnerabilities-in-tcp-cve-2019-11477-cve-2019-11478-cve-2019-11479/


∗∗∗ Security Bulletin: WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4663 and CVE-2019-4720) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-vulnerabilities-affect-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-4663-and-cve-2019-4720/


∗∗∗ Security Bulletin: Node.js handlebars vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-node-js-handlebars-vulnerabilities-affect-ibm-spectrum-control-formerly-tivoli-storage-productivity-center/


∗∗∗ Security Bulletin: MobileFirst Platform Foundation is affected by WebSphere Application Server Liberty is affected by Apache Commons Compress vulnerability (CVE-2019-12402) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-mobilefirst-platform-foundation-is-affected-by-websphere-application-server-liberty-is-affected-by-apache-commons-compress-vulnerability-cve-2019-12402/


∗∗∗ Security Bulletin: Information disclosure vulnerability in WebSphere Application Server which is shipped with Jazz for Service Management (CVE-2019-4477) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-which-is-shipped-with-jazz-for-service-management-cve-2019-4477/


∗∗∗ Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-siteprotector-system-is-affected-by-apache-http-server-vulnerabilities-2/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list