[CERT-daily] Tageszusammenfassung - 03.03.2020

Tue Mar 3 18:27:11 CET 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 02-03-2020 18:00 − Dienstag 03-03-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ New PwndLocker Ransomware Targeting U.S. Cities, Enterprises ∗∗∗
---------------------------------------------
Driven by the temptation of big ransom payments, a new ransomware called PwndLocker has started targeting the networks of businesses and local governments with ransom demands over $650,000.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-pwndlocker-ransomware-targeting-us-cities-enterprises/


∗∗∗ TLS: Lets Encrypt muss drei Millionen Zertifikate zurückziehen ∗∗∗
---------------------------------------------
Ein Fehler bei Lets Encrypt hat dazu geführt, dass der Check von CAA-DNS-Records nicht korrekt durchgeführt wurde. Die Zertifizierungsstelle zieht jetzt kurzfristig betroffene Zertifikate zurück, was für einige Probleme sorgen dürfte.
---------------------------------------------
https://www.golem.de/news/tls-let-s-encrypt-muss-drei-millionen-zertifikate-zurueckziehen-2003-146999-rss.html


∗∗∗ TrickBot Adds ActiveX Control, Hides Dropper in Images ∗∗∗
---------------------------------------------
The tricky trojan has evolved again, to stay a step ahead of defenders.
---------------------------------------------
https://threatpost.com/trickbot-activex-control-dropper/153370/


∗∗∗ 7 Tips for Protecting Your Website ∗∗∗
---------------------------------------------
For many people, website security is an intimidating topic. It seems like there’s an endless list of things necessary for protecting your website. And while resources like our Website Security Guide cut through much of the clutter of the threat landscape, some folks might need it simplified even further. Okay, we hear ya.
---------------------------------------------
https://blog.sucuri.net/2020/03/7-tips-for-protecting-your-website.html


∗∗∗ The Jan/Feb 2020 issue of our SWITCH Security Report is available! ∗∗∗
---------------------------------------------
Dear Reader! A new issue of our bi-monthly SWITCH Security Report is available! The topics covered in this report are: When backdoors become trapdoors: ‘Crypto Leaks’ hits Switzerland, Crypto Valley – and the entire ecosystem I, Robot, ZigBee and IoT [...]
---------------------------------------------
https://securityblog.switch.ch/2020/03/03/the-jan-feb-2020-issue-of-our-switch-security-report-is-available/


∗∗∗ Leverage ATT&CK for ICS to Secure Industrial Control Systems ∗∗∗
---------------------------------------------
[...] In security operations centers (SOCs), we have already realized the value that MITRE ATT&CK provides through its encyclopedia of mapped tactics, techniques and procedures (TTPs) based on real-world observations of adversaries. The knowledge base enables security teams to link adversarial TTPs when conducting a gap analysis and threat modeling.
---------------------------------------------
https://securityintelligence.com/posts/leverage-attck-for-ics-to-secure-industrial-control-systems/


∗∗∗ Jetzt patchen: Kritische Lücke "Ghostcat" in Apache-Tomcat-Versionen seit 6.0 ∗∗∗
---------------------------------------------
Für eine Lücke, die sich seit 13 Jahre lang in Apache Tomcat verbarg, sind mehrere Proofs-of-Concept verfügbar. Abgesicherte Versionen schließen sie.
---------------------------------------------
https://heise.de/-4673983


∗∗∗ The Case for Limiting Your Browser Extensions ∗∗∗
---------------------------------------------
Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code. An investigation determined it was injected by a browser extension installed on the computer of a Blue Shield employee whod edited the Web site in the past month.
---------------------------------------------
https://krebsonsecurity.com/2020/03/the-case-for-limiting-your-browser-extensions/


∗∗∗ Google Launches Free Fuzzer Benchmarking Service ∗∗∗
---------------------------------------------
Google this week announced the launch of FuzzBench, a free and open source service for evaluating fuzzers. The fully automated service was designed to allow for an easy but rigorous evaluation of fuzzing research, in an attempt to boost the adoption of fuzzing research – an important bug finding technique.
---------------------------------------------
https://www.securityweek.com/google-launches-free-fuzzer-benchmarking-service


∗∗∗ Corona-Virus: Fake-Shops verkaufen Atemschutzmasken ∗∗∗
---------------------------------------------
Atemschutzmasken werden aus Angst vor dem Corona-Virus aktuell vermehrt gekauft. Auch Organisationen haben Engpässe und suchen daher nach B2B-Online-HändlerInnen. Kriminelle nutzen die Angst der Bevölkerung und die steigende Nachfrage und bieten diverse medizinische Produkte in Fake-Shops an. Bis jetzt sind uns die Fake-Shops globalmasksuppliers.com, medicalsmilesgmbh.com und pharmacyfirstgmbh.com bekannt.
---------------------------------------------
https://www.watchlist-internet.at/news/corona-virus-fake-shops-verkaufen-atemschutzmasken/


∗∗∗ Malware-free attacks now most popular tactic amongst cybercriminals ∗∗∗
---------------------------------------------
Malware-free or fileless techniques accounted for 51% of attacks last year, compared to 40% the year before, as hackers turn to stolen credentials to breach corporate networks, reveals CrowdStrikes latest threat report.
---------------------------------------------
https://www.zdnet.com/article/malware-free-attacks-now-most-popular-tactic-amongst-cybercriminals/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Google-März-Patch: Android Sicherheitslücke wird seit einem Jahr ausgenutzt ∗∗∗
---------------------------------------------
Seit fast einem Jahr lassen sich auf vielen Mittelklasse-Smartphones mit Android leicht Root-Rechte erlangen. Schad-Apps nutzen diese bereits aus, dennoch gibt es kaum Hersteller, die einen Patch ausliefern. Nun will Google ihn selbst verteilen.
---------------------------------------------
https://www.golem.de/news/google-maerz-patch-android-sicherheitsluecke-wird-seit-einem-jahr-ausgenutzt-2003-147006-rss.html


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium and webkit2gtk), Debian (collabtive, dojo, firebird2.5, gst-plugins-base0.10, libapache2-mod-auth-openidc, openjdk-7, php5, python-bleach, and rrdtool), Fedora (kernel, kernel-headers, kernel-tools, mingw-openjpeg2, and openjpeg2), Mageia (hiredis, kernel, rsync, wireshark, and zsh), openSUSE (cacti, cacti-spine, libexif, proftpd, python-azure-agent, python3, and webkit2gtk3), Oracle (ppp), SUSE (permissions), and Ubuntu (libarchive).
---------------------------------------------
https://lwn.net/Articles/813684/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (linux-4.9, proftpd-dfsg, rrdtool, and zsh), Fedora (kernel), openSUSE (cacti, cacti-spine, mariadb, and ppp), Red Hat (kernel, qemu-kvm, qemu-kvm-ma, and ruby), Slackware (seamonkey), SUSE (kernel, libpng16, ovmf, python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer, and python36), and Ubuntu [...]
---------------------------------------------
https://lwn.net/Articles/813757/


∗∗∗ Security advisory 2020-03-03 ∗∗∗
---------------------------------------------
Insufficient data validation in yubikey-val
---------------------------------------------
https://www.yubico.com/support/security-advisories/ysa-2020-01/


∗∗∗ Security Bulletin: The Relationship admin page in Tivoli Netcool/OMNIbus WebGUI is vulnerable to Cross Site Scripting attack (CVE-2020-4198) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-the-relationship-admin-page-in-tivoli-netcool-omnibus-webgui-is-vulnerable-to-cross-site-scripting-attack-cve-2020-4198/


∗∗∗ Security Bulletin: Cacheable HTTPS Responses have been identified on multiple Tivoli Netcool/OMNIbus WebGUI admin pages (CVE-2020-4197) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cacheable-https-responses-have-been-identified-on-multiple-tivoli-netcool-omnibus-webgui-admin-pages-cve-2020-4197/


∗∗∗ Security Bulletin: Cross-Site Scripting (XSS) vulnerability have been identified on Tool Prompt Configuration page of Tivoli Netcool/OMNIbus WebGUI (CVE-2020-4196) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-xss-vulnerability-have-been-identified-on-tool-prompt-configuration-page-of-tivoli-netcool-omnibus-webgui-cve-2020-4196/


∗∗∗ Security Bulletin: IBM MobileFirst Platform Foundation susceptible to privilege escalation on Android ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mobilefirst-platform-foundation-susceptible-to-privilege-escalation-on-android/


∗∗∗ Security Bulletin: OpenSSL publicly disclosed vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily