[CERT-daily] Tageszusammenfassung - 17.01.2020

Fri Jan 17 18:07:55 CET 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 16-01-2020 18:00 − Freitag 17-01-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection ∗∗∗
---------------------------------------------
The TrickBot Trojan has received an update that adds a UAC bypass targeting the Windows 10 operating system so that it infects users without displaying any visible prompts.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/trickbot-now-uses-a-windows-10-uac-bypass-to-evade-detection/


∗∗∗ Dutch Govt Suggests Turning Off Citrix ADC Devices, Mitigations May Fail ∗∗∗
---------------------------------------------
Mitigation recommendations for CVE-2019-19781, a currently unpatched critical flaw affecting Citrix Application Delivery Controller (ADC) and Citrix Gateway, do not have the expected effect on all product versions.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/dutch-govt-suggests-turning-off-citrix-adc-devices-mitigations-may-fail/


∗∗∗ FTCODE Ransomware - New Version Includes Stealing Capabilities ∗∗∗
---------------------------------------------
Recently, the Zscaler ThreatLabZ team came across PowerShell-based ransomware called “FTCODE,” which targets Italian-language users. An earlier version of FTCODE ransomware was being downloaded using a document file that contained malicious macros. In the recent campaign, the ransomware is being downloaded using VBScript.
---------------------------------------------
https://www.zscaler.com/blogs/research/ftcode-ransomware--new-version-includes-stealing-capabilities


∗∗∗ 404 Exploit Not Found: Vigilante Deploying Mitigation for CitrixNetScaler Vulnerability While Maintaining Backdoor ∗∗∗
---------------------------------------------
As noted in Rough Patch: I Promise Itll Be 200 OK, our FireEye Mandiant Incident Response team has been hard at work responding to intrusions stemming from the exploitation of CVE-2019-19781. After analyzing dozens of successful exploitation attempts against Citrix ADCs that did not have the Citrix mitigation steps implemented, we’ve recognized multiple groups of post-exploitation activity. Within these, something caught our eye: one particular threat actor that’s been deploying a [...]
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html


∗∗∗ Hinweise auf mögliche Verwundbarkeiten der Medizin-Telematik ∗∗∗
---------------------------------------------
Open-Source-Bibliotheken, die im Telematik-Konnektor von T-Systems zum Einsatz kommen, weisen hunderte bekannter Sicherheitslücken auf.
---------------------------------------------
https://heise.de/-4635791


∗∗∗ WeLeakInfo, the site which sold access to passwords stolen in data breaches, is brought down by the FBI ∗∗∗
---------------------------------------------
Law enforcement agencies have seized control of the domain of WeLeakInfo, a website offering cheap access to billions of personal credentials stolen from approximately 10,000 data breaches.
---------------------------------------------
https://www.grahamcluley.com/weleakinfo-seized/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Schneider Electric Modicon Controllers ∗∗∗
---------------------------------------------
This advisory contains mitigations for several improper check for unusual or exceptional conditions vulnerabilities in Schneider Electric Modicon PLC controllers.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-016-01


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium), Fedora (gnulib, ImageMagick, jetty, ocsinventory-agent, phpMyAdmin, python-django, rubygem-rmagick, thunderbird, and xar), Mageia (e2fsprogs, kernel, and libjpeg), openSUSE (icingaweb2), Oracle (git, java-11-openjdk, and thunderbird), Red Hat (.NET Core), Scientific Linux (git, java-11-openjdk, and thunderbird), SUSE (fontforge and LibreOffice), and Ubuntu (kamailio and thunderbird).
---------------------------------------------
https://lwn.net/Articles/809916/


∗∗∗ HPESBNS03981 rev.1 - HPE ViewPoint on NonStop, Local Disclosure of Sensitive Information ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03981en_us


∗∗∗ HPESBNS03976 rev.1 - HPE NonStop using Sudo ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us


∗∗∗ Pivotal Spring Framework: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0057


∗∗∗ Trend Micro Produkte: Mehrere Schwachstellen ermöglichen Erlangen von Administratorrechten ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0055


∗∗∗ Linux Kernel: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0058

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily