[CERT-daily] Tageszusammenfassung - 30.03.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 27-03-2020 18:00 − Montag 30-03-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Sicherheitsupdates: BIG-IP Appliances von F5 angreifbar ∗∗∗
---------------------------------------------
Die Entwickler von F5 haben mehrere Sicherheitslücken in verschiedenen Produkten geschlossen.
---------------------------------------------
https://heise.de/-4693455


∗∗∗ A mysterious hacker group is eavesdropping on corporate email and FTP traffic ∗∗∗
---------------------------------------------
Hacker group uses zero-day in DrayTek Vigor enterprise routers and VPN gateways to record network traffic.
---------------------------------------------
https://www.zdnet.com/article/a-mysterious-hacker-group-is-eavesdropping-on-corporate-ftp-and-email-traffic/


∗∗∗ Source code of Dharma ransomware pops up for sale on hacking forums ∗∗∗
---------------------------------------------
The source code of one of todays most profitable and advanced ransomware strains is up for sale on two Russian-language hacking forums.
---------------------------------------------
https://www.zdnet.com/article/source-code-of-dharma-ransomware-pops-up-for-sale-on-hacking-forums/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (php-horde-form and tika), Fedora (dcraw and libmodsecurity), Gentoo (libidn2 and screen), openSUSE (cloud-init, cni, cni-plugins, conmon, fuse-overlayfs, podman, opera, phpMyAdmin, python-mysql-connector-python, ruby2.5, strongswan, and tor), Oracle (ipmitool), Scientific Linux (ipmitool), SUSE (spamassassin and tomcat), and Ubuntu (twisted and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/816267/


∗∗∗ Synology-SA-20:04 Drupal ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to inject arbitrary web script or HTML via a susceptible version of Drupal.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_04_Drupal


∗∗∗ D-LINK Router: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0272

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily