[CERT-daily] Tageszusammenfassung - 04.05.2020

Daily end-of-shift report team at cert.at
Mon May 4 18:31:09 CEST 2020 

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 30-04-2020 18:00 − Montag 04-05-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ New phishing campaign packs an info-stealer, ransomware punch ∗∗∗
---------------------------------------------
A new phishing campaign is distributing a double-punch of a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-phishing-campaign-packs-an-info-stealer-ransomware-punch/


∗∗∗ Jetzt patchen! Angreifer attackieren Oracle WebLogic Server ∗∗∗
---------------------------------------------
Derzeit haben es Angreifer unter anderem auf eine kritische Sicherheitslücke in Oracle WebLogic Server abgesehen.
---------------------------------------------
https://heise.de/-4713619


∗∗∗ Power Supply Can Turn Into Speaker for Data Exfiltration Over Air Gap ∗∗∗
---------------------------------------------
A researcher has demonstrated that threat actors could exfiltrate data from an air-gapped device over an acoustic channel even if the targeted machine does not have any speakers, by abusing the power supply.
---------------------------------------------
https://www.securityweek.com/power-supply-can-turn-speaker-data-exfiltration-over-air-gap


∗∗∗ Vorsicht vor gefährlichen VPN-Diensten ∗∗∗
---------------------------------------------
VPN-Dienste sind momentan gefragt wie nie zuvor. „Virtuelle private Netzwerke“ erhalten besonders durch verstärktes Home-Office Zulauf. Sie ermöglichen beispielsweise sicheren Zugriff auf Firmennetzwerke von zu Hause aus. Doch Vorsicht: Die hohe Nachfrage wird von Kriminellen ausgenützt. Sie kopieren Websites echter VPN-Dienste und laden gefährliche Schadsoftware auf die Systeme ihrer Opfer!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-gefaehrlichen-vpn-diensten/


∗∗∗ CursedChrome turns your browser into a hackers proxy ∗∗∗
---------------------------------------------
CursedChrome shows how hackers can take full control over your Chrome browser using just one extension.
---------------------------------------------
https://www.zdnet.com/article/cursedchrome-turns-your-browser-into-a-hackers-proxy/


∗∗∗ Angriffe auf Salt, LineageOS, Ghost und Digicert ∗∗∗
---------------------------------------------
Hacker nutzen Schwachstellen aus, um Systeme zu attackieren. Im Blickpunkt stehen aktuell der SaltStack, das Handy-Betriebssystem LineageOS, die Bloggerplattform Ghost und der Zertifizierungsanbieter Digicert.
---------------------------------------------
https://www.zdnet.de/88379335/angriffe-auf-salt-lineageos-ghost-und-digicert/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (git, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, python-twisted-web, and thunderbird), Debian (dom4j, miniupnpc, otrs2, pound, ruby2.1, vlc, w3m, and yodl), Fedora (git, java-latest-openjdk, mingw-libxml2, php-horde-horde, pxz, sqliteodbc, and xen), Gentoo (cacti, django, fontforge, and libu2f-host), openSUSE (cacti, cacti-spine, chromium, python-typed-ast, and salt), Red Hat (gnutls and kernel), SUSE (kernel), and Ubuntu (edk2).
---------------------------------------------
https://lwn.net/Articles/819200/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (mailman, openldap, pound, tomcat8, and trafficserver), Fedora (chromium, java-11-openjdk, kernel, openvpn, pxz, and rubygem-json), openSUSE (apache2, bouncycastle, chromium, git, python-typed-ast, resource-agents, ruby2.5, samba, squid, webkit2gtk3, and xen), Slackware (seamonkey), SUSE (LibVNCServer and permissions), and Ubuntu (mysql-5.7, mysql-8.0).
---------------------------------------------
https://lwn.net/Articles/819394/


∗∗∗ TP-Link Patches Multiple Vulnerabilities in NC Cloud Cameras ∗∗∗
---------------------------------------------
TP-Link has released firmware updates to address several vulnerabilities in its NC series cloud cameras, including bugs that could lead to the remote execution of arbitrary commands.
---------------------------------------------
https://www.securityweek.com/tp-link-patches-multiple-vulnerabilities-nc-cloud-cameras


∗∗∗ Synology-SA-20:11 SRM ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to conduct denial-of-service attacks via a susceptible version of SRM.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_11


∗∗∗ Synology-SA-20:10 WordPress ∗∗∗
---------------------------------------------
Multiple vulnerabilities allow remote attackers to inject arbitrary web script or HTML via a susceptible version of WordPress.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_10


∗∗∗ Security Bulletin: Vulnerability in Xerces-C (CVE-2018-1311) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-xerces-c-cve-2018-1311/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-host-on-demand/


∗∗∗ Security Bulletin: OpenSSL disclosed vulnerability affects MessageGatweay (CVE-2020-1967) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-disclosed-vulnerability-affects-messagegatweay-cve-2020-1967/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect for Enterprise Resource Planning on Windows (CVE-2019-4732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-ibm-spectrum-protect-for-enterprise-resource-planning-on-windows-cve-2019-4732-3/


∗∗∗ Security Bulletin: Windows DLL injection vulnerability in IBM Java Runtime affects Collaboration and Deployment Services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-windows-dll-injection-vulnerability-in-ibm-java-runtime-affects-collaboration-and-deployment-services-2/


∗∗∗ Security Bulletin: IBM MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2019-1551 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-server-is-affected-by-openssl-vulnerability-cve-2019-1551/


∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-server-affects-ibm-spectrum-scale/


∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-spectrum-scale-cve-2020-2654/


∗∗∗ Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0409

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list