[CERT-daily] Tageszusammenfassung - 07.05.2020

Thu May 7 19:27:31 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 06-05-2020 18:00 − Donnerstag 07-05-2020 18:00
Handler:     n/a
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Gefährliche Schadsoftware-Mail im Namen von A1 ∗∗∗
---------------------------------------------
Nehmen Sie sich vor einer gefälschten A1-Mail mit dem Betreff *Wichtige Mitteilung* in Acht. Es handelt sich um eine Nachricht, die von Kriminellen verschickt wird, die Schadsoftware auf Ihrem Smartphone installieren wollen. Wenn Sie den Aufforderungen nachkommen, können die VerbrecherInnen sensible Daten von Ihrem Mobiltelefon stehlen.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaehrliche-schadsoftware-mail-im-namen-von-a1/


∗∗∗ Large scale Snake Ransomware campaign targets healthcare, more ∗∗∗
---------------------------------------------
The operators of the Snake Ransomware have launched a worldwide campaign of cyberattacks that have infected numerous businesses and at least one health care organization over the last few days.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/large-scale-snake-ransomware-campaign-targets-healthcare-more/


∗∗∗ Cisco Webex phishing uses fake cert errors to steal credentials ∗∗∗
---------------------------------------------
A highly convincing series of phishing attacks are using fake certificate error warnings with graphics and formatting lifted from Cisco Webex emails to steal users account credentials.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cisco-webex-phishing-uses-fake-cert-errors-to-steal-credentials/


∗∗∗ Keep your IR on the Ball ∗∗∗
---------------------------------------------
Even with the myriad of security tools we have at our disposal today, cybercriminals are still able to penetrate our networks. Is it really necessary to have a Cyber Incident Response Plan in place?
---------------------------------------------
https://www.domaintools.com/resources/blog/keep-your-ir-on-the-ball


∗∗∗ How a favicon delivered a web credit card skimmer to victims ∗∗∗
---------------------------------------------
Cyber crooks deploying web credit card skimmers on compromised Magento websites have a new trick up their sleeve: favicons that “turn” malicious when victims visit a checkout page.
---------------------------------------------
https://www.helpnetsecurity.com/2020/05/07/favicons-card-skimmers/


∗∗∗ Combined Attack on Elementor Pro and Ultimate Addons for Elementor Puts 1 Million Sites at Risk ∗∗∗
---------------------------------------------
On May 6, 2020, our Threat Intelligence team received reports of active exploitation of vulnerabilities in two related plugins, Elementor Pro and Ultimate Addons for Elementor. We have reviewed the log files of compromised sites to confirm this activity. As this is an active attack, we wanted to alert you so that you can take [...]
---------------------------------------------
https://www.wordfence.com/blog/2020/05/combined-attack-on-elementor-pro-and-ultimate-addons-for-elementor-puts-1-million-sites-at-risk/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB20-24) ∗∗∗
---------------------------------------------
A prenotification security advisory (APSB20-24) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, May 12, 2020. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well as the Adobe PSIRT Blog.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1869


∗∗∗ Cisco Security Advisories ∗∗∗
---------------------------------------------
Cisco has released 34 Security Advisories for multiple products on 2020-05-06. 
12 rated "High" 
22 rated "Medium"
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2020%2F05%2F06&firstPublishedEndDate=2020%2F05%2F07&limit=50


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr, keystone, mailman, and tomcat9), Fedora (ceph, firefox, java-1.8.0-openjdk, libldb, nss, samba, seamonkey, and suricata), Oracle (kernel), Scientific Linux (firefox and squid), SUSE (libvirt, php7, slirp4netns, and webkit2gtk3), and Ubuntu (linux-firmware and openldap).
---------------------------------------------
https://lwn.net/Articles/819761/


∗∗∗ For six years Samsung smartphone users have been at risk from critical security bug. Patch now ∗∗∗
---------------------------------------------
Samsung has released a security update for its popular Android smartphones which includes a critical fix for a vulnerability that affects all devices sold by the manufacturer since 2014.
---------------------------------------------
https://www.tripwire.com/state-of-security/security-data-protection/six-years-samsung-smartphone-users-risk-critical-security-bug-patch-now/


∗∗∗ Joomla: Schwachstelle ermöglicht SQL-Injection ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0425


∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0424


∗∗∗ [webapps] Draytek VigorAP 1000C - Persistent Cross-Site Scripting ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/48436


∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics Subscription ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-spss-statistics-subscription-2/


∗∗∗ Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-ibm-sdk-java-technology-edition-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in Node.js affects IBM App Connect Enterprise V11 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-node-js-affects-ibm-app-connect-enterprise-v11/


∗∗∗ Security Bulletin: Vulnerability CVE-2020-8492 in Python affects IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2020-8492-in-python-affects-ibm-i/


∗∗∗ Security Bulletin: Vulnerability CVE-2019-18348 in Python affects IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2019-18348-in-python-affects-ibm-i/


∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-2/


∗∗∗ Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-2949-may-affect-ibm-sdk-java-technology-edition/


∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics Subscription ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-spss-statistics-subscription/


∗∗∗ Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssh-affects-ibm-integrated-analytics-system/


∗∗∗ Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2019-1551 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-for-hp-nonstop-server-is-affected-by-openssl-vulnerability-cve-2019-1551/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily