[CERT-daily] Tageszusammenfassung - 24.03.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 23-03-2020 18:00 − Dienstag 24-03-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Hackers Hijack Routers’ DNS to Spread Malicious COVID-19 Apps ∗∗∗
---------------------------------------------
A new cyber attack is hijacking routers DNS settings so that web browsers display alerts for a fake COVID-19 information app from the World Health Organization that is the Vidar information-stealing malware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/


∗∗∗ Unknown Hackers Use New Milum RAT in WildPressure Campaign ∗∗∗
---------------------------------------------
A new piece of malware that shows no similarities with samples used in known campaigns is currently used to attack computers in various organizations. Researchers named the threat Milum and dubbed the operation WildPressure.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/unknown-hackers-use-new-milum-rat-in-wildpressure-campaign/


∗∗∗ Tekya Malware Threatens Millions of Android Users via Google Play ∗∗∗
---------------------------------------------
The ad-fraud malware lurks in dozens of childrens and utilities apps.
---------------------------------------------
https://threatpost.com/tekya-malware-android-google-play/154064/


∗∗∗ Memcached has a crash-me bug, but hey, only about 83,000 public-facing servers appear to be running it ∗∗∗
---------------------------------------------
Yes, you may have detected some sarcasm An annoying security flaw been disclosed and promptly fixed in the fairly popular memcached distributed data-caching software.
---------------------------------------------
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/24/memcached_denial_of_service/


∗∗∗ Betrügerische Raiffeisen-E-Mails im Umlauf ∗∗∗
---------------------------------------------
Aktuell erhalten Raiffeisen-KundInnen eine Benachrichtigung, dass die smsTAN deaktiviert wird und ELBA-NutzerInnen z. B. auf pushTAN umsteigen können. Für weitere Informationen zur Umstellung werden sie aufgefordert, sich ins Online Banking einzuloggen. Seien Sie bei E-Mails der Raiffeisen Bank zum Thema smsTAN und pushTAN besonders vorsichtig und kontrollieren Sie sorgfältig, ob die Aufforderung tatsächlich von der Raiffeisen Bank stammt. Es sind auch betrügerische [...]
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-raiffeisen-e-mails-im-umlauf/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Notfallpatch für Adobe Creative Cloud Application ∗∗∗
---------------------------------------------
Eine kritische Sicherheitslücke in Creative Cloud Application von Adobe macht Windows-Computer angreifbar.
---------------------------------------------
https://heise.de/-4689478


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (tomcat8), Fedora (chromium and okular), openSUSE (texlive-filesystem), Oracle (tomcat6), Scientific Linux (libvncserver, thunderbird, and tomcat6), Slackware (gd), SUSE (cloud-init, postgresql10, python36, and strongswan), and Ubuntu (ibus and vim).
---------------------------------------------
https://lwn.net/Articles/815882/


∗∗∗ Kritische Sicherheitslücke in Microsoft Windows (Adobe Type Manager Library) - Workarounds verfügbar ∗∗∗
---------------------------------------------
Microsoft hat außerhalb des monatlichen Patch-Zyklus ein Security Advisory für eine kritische Sicherheitslücke in der Adobe Type Manager Library veröffentlicht. Laut Microsoft und CERT/CC wird die Schwachstelle bereits aktiv ausgenutzt, [...]
---------------------------------------------
https://cert.at/de/warnungen/2020/3/kritische-sicherheitslucke-in-microsoft-windows-adobe-type-manager-library-workarounds-verfugbar


∗∗∗ systemd-journald vulnerability CVE-2019-3815 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K22040951


∗∗∗ Apache vulnerability CVE-2020-8840 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K15320518


∗∗∗ Paessler PRTG: Schwachstelle ermöglicht nicht spezifizierten Angriff ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0256


∗∗∗ Kubernetes: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0253


∗∗∗ Security Bulletin: IBM Tivoli Netcool Impact is affected by an Arbitrary Script Injection vulnerability (CVE-2019-4681) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-arbitrary-script-injection-vulnerability-cve-2019-4681/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-netcool-impact-2/


∗∗∗ Security Bulletin: IBM Content Navigator is vulnerable to a session management vulnerability. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-vulnerable-to-a-session-management-vulnerability/


∗∗∗ Security Bulletin: IBM Content Navigator includes the host IP address in an HTTP response. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-includes-the-host-ip-address-in-an-http-response/


∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Netcool Impact (CVE-2019-2989) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-tivoli-netcool-impact-cve-2019-2989/


∗∗∗ Security Bulletin: IBM API Connect is impacted by weak cryptographic algorithms (CVE-2019-4553) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-weak-cryptographic-algorithms-cve-2019-4553/


∗∗∗ Security Bulletin: IBM API Connect is potentially impacted by vulnerabilities in MySQL ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-potentially-impacted-by-vulnerabilities-in-mysql/


∗∗∗ Security Bulletin: IBM API Connect's Developer Portal is impacted by a denial of service vulnerability in MySQL (CVE-2019-2805) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-developer-portal-is-impacted-by-a-denial-of-service-vulnerability-in-mysql-cve-2019-2805/


∗∗∗ Security Bulletin: IBM API Connect is impacted by an unspecified vulnerability in Java(CVE-2019-2989) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-an-unspecified-vulnerability-in-javacve-2019-2989/


∗∗∗ Security Bulletin: A security vulnerability has been disclosed in Expat, which is installed as part of IBM Tivoli Network Manager (CVE-2019-15903). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-disclosed-in-expat-which-is-installed-as-part-of-ibm-tivoli-network-manager-cve-2019-15903/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily