[CERT-daily] Tageszusammenfassung - 24.01.2020

Daily end-of-shift report team at cert.at
Fri Jan 24 18:13:25 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 23-01-2020 18:00 − Freitag 24-01-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ TrickBot Now Steals Windows Active Directory Credentials ∗∗∗
---------------------------------------------
A new module for the TrickBot trojan has been discovered that targets the Active Directory database stored on compromised Windows domain controllers.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/trickbot-now-steals-windows-active-directory-credentials/


∗∗∗ NSA Releases Guidance on Mitigating Cloud Vulnerabilities ∗∗∗
---------------------------------------------
The National Security Agency (NSA) has released an information sheet with guidance on mitigating cloud vulnerabilities. NSA identifies cloud security components and discusses threat actors, cloud vulnerabilities, and potential mitigation measures. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and users to review NSAs guidance on Mitigating Cloud Vulnerabilities and CISA’s page on APTs Targeting IT Service [...]
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2020/01/24/nsa-releases-guidance-mitigating-cloud-vulnerabilities


∗∗∗ Kaspersky: Shlayer-Trojaner und Adware häufigste Bedrohungen für Mac-Nutzer ∗∗∗
---------------------------------------------
Shlayer wird auch über Links auf großen Seiten wie YouTube und Wikipedia verbreitet, warnt die Sicherheitsfirma. Der Trojaner schleuste bislang nur Adware ein.
---------------------------------------------
https://heise.de/-4645548


∗∗∗ Hackers target unpatched Citrix servers to deploy ransomware ∗∗∗
---------------------------------------------
REvil ransomware gang has been spotted abusing Citrix bug to infect victims.
---------------------------------------------
https://www.zdnet.com/article/hackers-target-unpatched-citrix-servers-to-deploy-ransomware/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200124-webex-unauthjoin


∗∗∗ Fixes now available for Citrix ADC, Citrix Gateway versions 12.1 and 13.0 ∗∗∗
---------------------------------------------
Today, we released permanent fixes to address the CVE-2019-19781 vulnerability for Citrix Application Delivery Controller (ADC) and Citrix Gateway versions 12.1 and 13.0. These fixes are available to download for ADC and Gateway.
---------------------------------------------
https://www.citrix.com/blogs/2020/01/23/fixes-now-available-for-citrix-adc-citrix-gateway-versions-12-1-and-13-0/


∗∗∗ MDhex: Angreifer könnten medizinische Geräte von GE Healthcare kontrollieren ∗∗∗
---------------------------------------------
Aufgrund von unsicheren Standardeinstellungen und veralteter Software mit Sicherheitslücken ist die Überwachung von Patienten gefährdet.
---------------------------------------------
https://heise.de/-4645197


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (git and python-apt), Oracle (openslp), Red Hat (chromium-browser and ghostscript), SUSE (samba, slurm, and tomcat), and Ubuntu (clamav, gnutls28, and python-apt).
---------------------------------------------
https://lwn.net/Articles/810459/


∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2020-0001 ∗∗∗
---------------------------------------------
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2019-8835  Versions affected: WebKitGTK before 2.26.3 and WPE WebKit before 2.26.3. Credit to Anonymous working with Trend Micro’s Zero Day Initiative, Mike Zhang of Pangu Team. Impact: Processing maliciously crafted web content may lead toarbitrary code execution.
---------------------------------------------
https://webkitgtk.org/security/WSA-2020-0001.html


∗∗∗ wpCentral < 1.4.8 - Privilege Escalation ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/10045


∗∗∗ Security Bulletin: IBM MQ for HP NonStop Server is affected by multiple OpenSSL vulnerabilities (CVE-2019-1547,CVE-2019-1549, CVE-2019-1563) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-server-is-affected-by-multiple-openssl-vulnerabilities-cve-2019-1547cve-2019-1549-cve-2019-1563/


∗∗∗ Security Bulletin: IBM MQ Appliance affected by NSS and libgcrypt vulnerabilities (CVE-2018-12404 and CVE-2018-0495) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-affected-by-nss-and-libgcrypt-vulnerabilities-cve-2018-12404-and-cve-2018-0495/


∗∗∗ Security Bulletin: IBM MQ Appliance is affected by an MIT Kerberos 5 vulnerability (CVE-2017-11462) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-mit-kerberos-5-vulnerability-cve-2017-11462/


∗∗∗ Security Bulletin: IBM MQ Appliance is affected by an unauthorised access vulnerability (CVE-2019-4621) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-unauthorised-access-vulnerability-cve-2019-4621/


∗∗∗ Security Bulletin: IBM MQ Appliance could allow a local attacker to bypass security restrictions (CVE-2019-4620) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-allow-a-local-attacker-to-bypass-security-restrictions-cve-2019-4620/


∗∗∗ Security Bulletin: IBM MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2019-1552 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-server-is-affected-by-openssl-vulnerability-cve-2019-1552/


∗∗∗ Security Bulletin: CVE-2019-2989 vulnerabilitiy in IBM Java Runtime affects IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-2989-vulnerabilitiy-in-ibm-java-runtime-affects-ibm-process-designer-used-in-ibm-business-automation-workflow-and-ibm-business-process-manager/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list