[CERT-daily] Tageszusammenfassung - 26.03.2020

Daily end-of-shift report team at cert.at
Thu Mar 26 18:16:51 CET 2020 

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 25-03-2020 18:00 − Donnerstag 26-03-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Angespannter Arbeitsmarkt sorgt für betrügerische Job-Angebote ∗∗∗
---------------------------------------------
Aufgrund der durch das Coronavirus bedingten Arbeitsmarktsituation, suchen viele InternetuserInnen momentan online nach Jobs oder einer zusätzlichen Verdienstmöglichkeit. Dies nützen Kriminelle gezielt aus, indem Sie betrügerische Job-Angebote im Internet inserieren. Die Fake-Berufe können zu Geldwäsche führen, Pyramidensysteme sein oder zu gefährlichen Investments verleiten.
---------------------------------------------
https://www.watchlist-internet.at/news/angespannter-arbeitsmarkt-sorgt-fuer-betruegerische-job-angebote/


∗∗∗ WordPress Malware Distributed via Pirated Coronavirus Plugins ∗∗∗
---------------------------------------------
The threat actors behind the WordPress WP-VCD malware have started to distribute modified versions of Coronavirus plugins that inject a backdoor into a web site.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/wordpress-malware-distributed-via-pirated-coronavirus-plugins/


∗∗∗ Malware spotlight: Nemty ∗∗∗
---------------------------------------------
If the last five years or so have proven anything, it is that ransomware is here to stay as a threat in the cybersecurity wild. This should not be used as rationale to simply ignore the deluge of new types of malware that are discovered weekly, as the recently discovered malware family Nemty has [...]
---------------------------------------------
https://resources.infosecinstitute.com/malware-spotlight-nemty/


∗∗∗ As Zoom Booms Incidents of ‘ZoomBombing’ Become a Growing Nuisance ∗∗∗
---------------------------------------------
Numerous instances of online conferences being disrupted by pornographic images, hate speech or even threats can be mitigated using some platform tools.
---------------------------------------------
https://threatpost.com/as-zoom-booms-incidents-of-zoombombing-become-a-growing-nuisance/154187/


∗∗∗ Alternative ways for security professionals and IT to achieve modern security controls in today’s unique remote work scenarios ∗∗∗
---------------------------------------------
Increased remote work has many organizations rethinking network and security strategies. In this post we share guidance on how to manage security in this changing environment.
---------------------------------------------
https://www.microsoft.com/security/blog/2020/03/26/alternative-security-professionals-it-achieve-modern-security-controls-todays-unique-remote-work-scenarios/


∗∗∗ Assemble the Cookies ∗∗∗
---------------------------------------------
When we investigate compromised websites, it’s not unusual to find malicious files that have been obfuscated through forms of encoding or encryption — however, these are not the only methods that attackers use to obfuscate code. Obfuscation via Predefined PHP Variables Here’s an example of obfuscation that doesn’t use encoding or encryption in any way: [...]
---------------------------------------------
https://blog.sucuri.net/2020/03/assemble-the-cookies.html


∗∗∗ Apple iOS users served mobile malware in Poisoned News campaign ∗∗∗
---------------------------------------------
As we all devour online news sources in the current climate, cyberattackers are waiting to spring.
---------------------------------------------
https://www.zdnet.com/article/apple-ios-users-served-mobile-malware-in-operation-poisoned-news-campaign/


∗∗∗ 4G networks vulnerable to denial of service attacks, subscriber tracking ∗∗∗
---------------------------------------------
Don’t think you’re protected on upcoming 5G networks, either.
---------------------------------------------
https://www.zdnet.com/article/100-of-4g-networks-vulnerable-to-denial-of-service-attacks-researchers-claim/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox, icu, kernel-rt, libvncserver, python-imaging, python-pip, python-virtualenv, thunderbird, tomcat, tomcat6, and zsh), Debian (icu and okular), Fedora (libxslt and php), Gentoo (bluez, chromium, pure-ftpd, samba, tor, weechat, xen, and zsh), Oracle (libvncserver), Red Hat (ipmitool and zsh), and SUSE (python-cffi, python-cryptography and python-cffi, python-cryptography, python-xattr).
---------------------------------------------
https://lwn.net/Articles/816039/


∗∗∗ Svg Image - Critical - Cross site scripting - SA-CONTRIB-2020-008 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-008


∗∗∗ Security Advisory - Use-after-free Vulnerability in Some Huawei Smart Phone ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200325-01-smartphone-en


∗∗∗ Vulnerabilities Patched in IMPress for IDX Broker ∗∗∗
---------------------------------------------
https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-impress-for-idx-broker/


∗∗∗ Red Hat OpenShift: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0264


∗∗∗ Security Bulletin: Security: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for ACH Services (CVE-2019-4732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-a-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-ach-services-cve-2019-4732/


∗∗∗ Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM)(CVE-2019-12418, CVE-2019-17563) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-open-source-apache-tomcat-vulnerabilities-affect-ibm-tivoli-application-dependency-discovery-manager-taddmcve-2019-12418-cve-2019-17563/


∗∗∗ Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2019-4304) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-websphere-application-server-liberty-shipped-with-ibm-tivoli-netcool-impact-cve-2019-4304/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects Rational Business Developer ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-rational-business-developer/


∗∗∗ Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-privilege-escalation-vulnerability-in-websphere-application-server-cve-2020-4276/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list