[CERT-daily] Tageszusammenfassung - 15.05.2020

Fri May 15 18:24:48 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 14-05-2020 18:00 − Freitag 15-05-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ ProLock Ransomware teams up with QakBot trojan for network access ∗∗∗
---------------------------------------------
ProLock is a relatively new malware on the ransomware scene but has quickly attracted attention by targeting businesses and local governments and demanding huge ransoms for file decryption.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/prolock-ransomware-teams-up-with-qakbot-trojan-for-network-access/


∗∗∗ RATicate drops info stealing malware and RATs on industrial targets ∗∗∗
---------------------------------------------
Security researchers from Sophos have identified a hacking group that abused NSIS installers to deploy remote access tools (RATs) and information-stealing malware in attacks targeting industrial companies.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/raticate-drops-info-stealing-malware-and-rats-on-industrial-targets/


∗∗∗ Angriffe auf Hochleistungsrechner: Waren es Krypto-Miner? ∗∗∗
---------------------------------------------
Zahlreiche Hochleistungsrechenzentren sind nach Angriffen vom Netz. Hinweise deuten auf Krypto-Mining, doch für den Chef des LRZ greift das zu kurz.
---------------------------------------------
https://heise.de/-4722488


∗∗∗ The Unattributable "db8151dd" Data Breach ∗∗∗
---------------------------------------------
I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer. Its about a data breach with almost 90GB of personal information in it across tens of millions of records - including mine. Heres what I know: [...]
---------------------------------------------
https://www.troyhunt.com/the-unattributable-db8151dd-data-breach/


∗∗∗ Erpressungsmails mit echtem Passwort im Umlauf ∗∗∗
---------------------------------------------
In letzter Zeit häufen sich Beschwerden von Internet-NutzerInnen zu Erpressungsmails. Die Erpresser geben dabei an, ein Masturbationsvideo von den Betroffenen zu besitzen und fordern dazu auf einen bestimmten Betrag in Form von Bitcoins zu bezahlen. Die AdressatInnen sind von dieser Masche besonders verunsichert, da die Hacker ein echtes Passwort als scheinbaren Beweis kennen. Doch es besteht kein Grund zur Sorge. Die Erpresser haben weder ihren Computer gehackt, noch belastendes Material [...]
---------------------------------------------
https://www.watchlist-internet.at/news/erpressungsmails-mit-echtem-passwort-im-umlauf/


∗∗∗ Mirai and Hoaxcalls Botnets Target Legacy Symantec Web Gateways ∗∗∗
---------------------------------------------
New Hoaxcalls and Mirai botnet campaigns found targeting end-of-life Symantec Secure Web Gateways via Remote Code Execution vulnerability.The post Mirai and Hoaxcalls Botnets Target Legacy Symantec Web Gateways appeared first on Unit42.
---------------------------------------------
https://unit42.paloaltonetworks.com/hoaxcalls-mirai-target-legacy-symantec-web-gateways/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (apt, inetutils, and log4net), Fedora (kernel, mailman, and viewvc), Gentoo (chromium, freerdp, libmicrodns, live, openslp, python, vlc, and xen), Oracle (.NET Core, container-tools:1.0, and kernel), Red Hat (kernel-rt), Scientific Linux (kernel), SUSE (kernel, libvirt, python-PyYAML, and syslog-ng), and Ubuntu (json-c).
---------------------------------------------
https://lwn.net/Articles/820634/


∗∗∗ Vulnerabilities in SoftPAC Virtual Controller Expose OT Networks to Attacks ∗∗∗
---------------------------------------------
Vulnerabilities discovered by a researcher at industrial cybersecurity firm Claroty in Opto 22’s SoftPAC virtual programmable automation controller (PAC) expose operational technology (OT) networks to attacks.
---------------------------------------------
https://www.securityweek.com/vulnerabilities-softpac-virtual-controller-expose-ot-networks-attacks


∗∗∗ Cisco Firepower Threat Defense Software Generic Routing Encapsulation Tunnel IPv6 Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-2-sS2h7aWe


∗∗∗ Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-dos-4v5nmWtZ


∗∗∗ Cisco Firepower Threat Defense Software VPN System Logging Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-Rdpe34sd8


∗∗∗ Cisco MDS 9000 Series Switches Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-mds-ovrld-dos


∗∗∗ Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-N2vQZASR


∗∗∗ Security Bulletin: Vulnerability in embedded IBM Websphere Application Server Liberty affects IBM Watson Compare and Comply for IBM Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-embedded-ibm-websphere-application-server-liberty-affects-ibm-watson-compare-and-comply-for-ibm-cloud-pak-for-data-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server April 2020 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-april-2020-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-service-registry-and-repository-and-websphere-service-registry-and-repository-studio-april-2020-cpu-plus-deferred-cve/


∗∗∗ Security Bulletin: Multiple vulnerabilities have been identified in OpenSSL, a product which ships with IBM Tivoli Nework Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-openssl-a-product-which-ships-with-ibm-tivoli-nework-manager/


∗∗∗ Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting that affects Liberty for Java for IBM Cloud (CVE-2020-4303, CVE-2020-4304) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-is-vulnerable-to-cross-site-scripting-that-affects-liberty-for-java-for-ibm-cloud-cve-2020-4303-cve-2020-4304/


∗∗∗ PostgreSQL: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0471

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily