[CERT-daily] Tageszusammenfassung - 06.03.2020

Fri Mar 6 18:15:41 CET 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 05-03-2020 18:00 − Freitag 06-03-2020 18:00
Handler:     Stephan Richter
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ PwndLocker Ransomware Gets Pwned: Decryption Now Available ∗∗∗
---------------------------------------------
Emsisoft has discovered a way to decrypt files encrypted by the new PwndLocker Ransomware so that victims can recover their files without paying a ransom.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/pwndlocker-ransomware-gets-pwned-decryption-now-available/


∗∗∗ Emotet Actively Using Upgraded WiFi Spreader to Infect Victims ∗∗∗
---------------------------------------------
Emotets authors have upgraded the malwares Wi-Fi spreader by making it a fully-fledged module and adding new functionality as shown by multiple samples that were recently delivered to infected devices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/emotet-actively-using-upgraded-wifi-spreader-to-infect-victims/


∗∗∗ Security: Das Intel-ME-Chaos kommt ∗∗∗
---------------------------------------------
Bis zum Chaos sei es nur eine Frage der Zeit, schreiben die ME-Hacker. Intel versucht, das zu verschweigen, und kann das Security-Theater eigentlich auch gleich sein lassen.
---------------------------------------------
https://www.golem.de/news/security-das-intel-me-chaos-kommt-2003-147099-rss.html


∗∗∗ Lets Encrypt: OK, maybe nuking three million HTTPS certs at once was a tad ambitious. Lets take time out ∗∗∗
---------------------------------------------
Lets Encrypt has halted its plans to cancel all three million flawed web security certificates – after fearing the super-revocation may effectively break a chunk of the internet for netizens.
---------------------------------------------
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/05/lets_encrypt_halts/


∗∗∗ NCSC Releases Advisory on Securing Internet-Connected Cameras ∗∗∗
---------------------------------------------
The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an advisory on securing internet-connected cameras such as smart security cameras and baby monitors. An attacker could gain access to unsecured, or poorly secured, internet-connected cameras to obtain live feeds or images.The following steps can help consumers secure their devices.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2020/03/05/ncsc-releases-advisory-securing-internet-connected-cameras


∗∗∗ A Safe Excel Sheet Not So Safe ∗∗∗
---------------------------------------------
I discovered a nice sample yesterday. This excel sheet was found in a mail flagged as “suspicious” by a security appliance. The recipient asked to release the mail from the quarantine because “it was sent from a known contact”. Before releasing such a mail from the quarantine, the process in place is to have a quick look at the file to ensure that it is safe to be released.
---------------------------------------------
https://isc.sans.edu/forums/diary/A+Safe+Excel+Sheet+Not+So+Safe/25868/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ WAGO I/O-CHECK ∗∗∗
---------------------------------------------
This advisory contains mitigations for information exposure through sent data, buffer access with incorrect length value, missing authentication for critical function, and classic buffer overflow vulnerabilities in the WAGO I/O CHECK software.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-065-01


∗∗∗ Critical Zoho Zero-Day Flaw Disclosed ∗∗∗
---------------------------------------------
A Zoho zero day vulnerability and proof of concept (PoC) exploit code was disclosed on Twitter.
---------------------------------------------
https://threatpost.com/critical-zoho-zero-day-flaw-disclosed/153484/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, opensc, opensmtpd, and weechat), Debian (jackson-databind and pdfresurrect), Fedora (sudo), openSUSE (openfortivpn and squid), Red Hat (virt:8.1 and virt-devel:8.1), Scientific Linux (http-parser and xerces-c), and SUSE (gd, kernel, postgresql10, and tomcat).
---------------------------------------------
https://lwn.net/Articles/814035/


∗∗∗ Synology-SA-20:02 ppp ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of DiskStation Manager (DSM) or Synology Router Manager (SRM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_02


∗∗∗ Security Bulletin: Rational Integration Tester HTTP/TCP Proxy component in Rational Test Virtualization Server and Rational Test Workbench affected by Netty vulnerabilities (CVE-2020-7238, CVE-2019-16869, CVE-2019-20445, CVE-2019-20444) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-rational-integration-tester-http-tcp-proxy-component-in-rational-test-virtualization-server-and-rational-test-workbench-affected-by-netty-vulnerabilities-cve-2020-7238-cve-2019-16/


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2019 – Includes Oracle Oct 2019 CPU minus CVE-2019-2949 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2019-includes-oracle-oct-2019-cpu-minus-cve-2019-2949-2/


∗∗∗ Security Bulletin: Vulnerability in Curl used in OS image for RedHat Enterprise Linux for Cloud Pak System (CVE-2018-16842) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-curl-used-in-os-image-for-redhat-enterprise-linux-for-cloud-pak-system-cve-2018-16842/


∗∗∗ Multiple Vulnerabilities Patched in RegistrationMagic Plugin ∗∗∗
---------------------------------------------
https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily