[CERT-daily] Tageszusammenfassung - 30.09.2020

Wed Sep 30 18:33:58 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 29-09-2020 18:00 − Mittwoch 30-09-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Fake software crack sites used to push Exorcist 2.0 Ransomware ∗∗∗
---------------------------------------------
The threat actors behind the Exorcist 2.0 ransomware are using malicious advertising to redirect victims to fake software crack sites that distribute their malware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fake-software-crack-sites-used-to-push-exorcist-20-ransomware/


∗∗∗ Over 247K Exchange servers unpatched for actively exploited flaw ∗∗∗
---------------------------------------------
More than 247,000 Microsoft Exchange servers are yet to be patched against the CVE-2020-0688 post-auth remote code execution (RCE) vulnerability impacting all Exchange Server versions under support.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/over-247k-exchange-servers-unpatched-for-actively-exploited-flaw/


∗∗∗ Microsoft Digital Defense Report 2020: Cyber Threat Sophistication on the Rise ∗∗∗
---------------------------------------------
A new report from Microsoft shows it is clear that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to identify.
---------------------------------------------
https://www.microsoft.com/security/blog/2020/09/29/microsoft-digital-defense-report-2020-cyber-threat-sophistication-rise/


∗∗∗ Its 2020 so not only is your mouse config tool a Node.JS Electron app, its also pwnable by an evil webpage ∗∗∗
---------------------------------------------
Malicious JavaScript can inject commands to execute 
Earlier this year, peripheral maker Kensington patched its desktop software to close a vulnerability that could have been exploited by malicious websites to quietly hijack victims computers.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2020/09/30/kensingtonworks_mouse_flaw/


∗∗∗ LodaRAT Update: Alive and Well ∗∗∗
---------------------------------------------
By Chris Neal. During our continuous monitoring of LodaRAT, Cisco Talos observed changes in the threat that add new functionality. Multiple new versions of LodaRAT have been spotted being used in the wild. These new versions of LodaRAT abandoned their previous obfuscation techniques. Direct interaction with the threat actor was observed during analysis, indicating the actor is actively monitoring infected hosts.
---------------------------------------------
https://blog.talosintelligence.com/2020/09/lodarat-update-alive-and-well.html


∗∗∗ Achtung! Vermeintliche Gutschein-Codes führen in Abo-Falle ∗∗∗
---------------------------------------------
Derzeit tauchen vermehrt gefälschte Gutschein-Codes für verschiedene Anbieter wie Netflix, Steam, Playstation, Google Play oder Amazon auf. Zu finden sind diese Codes in Kommentaren unter verschiedensten YouTube-Videos. Doch anstatt den versprochenen 50 Euro, tappen die Opfer in die Abo-Falle.
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-vermeintliche-gutschein-codes-fuehren-in-abo-falle/


∗∗∗ This worm phishing campaign is a game-changer in password theft, account takeovers ∗∗∗
---------------------------------------------
The security incident highlights the need for multi-factor authentication in the enterprise.
---------------------------------------------
https://www.zdnet.com/article/this-worm-phishing-campaign-is-a-game-changer-in-password-theft-account-takeovers/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Jetzt patchen! Cisco liefert Sicherheitsupdates für Router nach ∗∗∗
---------------------------------------------
Admins sollten professionelle Router von Cisco aus Sicherheitsgründe auf den aktuellen Stand bringen. Angreifer nutzen die Lücken derzeit aus.
---------------------------------------------
https://heise.de/-4916417


∗∗∗ FYI: If youre running HP Device Manager, anyone on your network can get admin on your server via backdoor ∗∗∗
---------------------------------------------
Hidden database account discovered, patches finally available as well as mitigations HP Device Manager, software that allows IT administrators to manage HP Thin Client devices, comes with a backdoor database user account that undermines network security, a UK-based consultant has warned.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2020/09/30/hp_device_manager_backdoor_database_account/


∗∗∗ Huawei Security Advisories ∗∗∗
---------------------------------------------
Huawei hat 16 Security Advisories für verschiedene Produkte veröffentlicht.
---------------------------------------------
https://www.huawei.com/en/psirt/all-bulletins


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, firefox, libvirt, and podman), Debian (firefox-esr and nss), Gentoo (bitcoind, chromium, cifs-utils, gpsd, libuv, and xen), Mageia (firefox, gnutls, mediawiki, samba, and Thunderbird), openSUSE (brotli and cifs-utils), Red Hat (audiofile, bluez, cloud-init, cpio, cups, curl, dbus, dnsmasq, e2fsprogs, evince and poppler, exiv2, expat, firefox, fontforge, freeradius, freerdp, glib2 and ibus, glibc, httpd, hunspell, ipa, kernel, kernel-rt, [...]
---------------------------------------------
https://lwn.net/Articles/833120/


∗∗∗ Vulnerabilities in Bosch PRAESIDEO and PRAESENSA ∗∗∗
---------------------------------------------
BOSCH-SA-538331-BT: Two security vulnerabilities have been uncovered in the web based management interface of the PRAESIDEO Network Controller and the PRAESENSA System Controller. The vulnerabilities will allow a Cross-Site Request Forgery (CSRF) attack and a Cross-site Scripting (XSS) attack. For PRAESIDEO a third vulnerability will allow a replay attack with which authentication can be bypassed. This last vulnerability is present in the web server of the PRAESIDEO Network Controller.
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-538331-bt.html


∗∗∗ Advisory: Multiple Vulnerabilities in SiteManager and GateManager ∗∗∗
---------------------------------------------
https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf


∗∗∗ Advisory: Multiple Vulnerabilities in GateManager ∗∗∗
---------------------------------------------
https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183756-de-original-1.0.pdf


∗∗∗ Red Hat Enterprise Linux: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-0939


∗∗∗ Red Hat Enterprise Linux: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-0940


∗∗∗ Red Hat Enterprise Linux/FreeRDP: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-0941


∗∗∗ Red Hat Enterprise Linux/WebKitGTK: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-0942


∗∗∗ Security Bulletin: Security vulnerability in WebSphere Liberty Server shipped with IBM Global Mailbox (CVE-2020-4329) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-websphere-liberty-server-shipped-with-ibm-global-mailbox-cve-2020-4329/


∗∗∗ Security Bulletin: Version 5.0.5 of Redis included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability (CVE-2020-14147) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-version-5-0-5-of-redis-included-in-ibm-netcool-operations-insight-1-6-1-x-has-a-security-vulnerability-cve-2020-14147/


∗∗∗ Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-websphere-application-server-affect-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-may-affect-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise/


∗∗∗ Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-middleware-software-affect-ibm-cloud-pak-for-automation-3/


∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4629) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-an-information-exposure-vulnerability-cve-2020-4629/


∗∗∗ Security Bulletin: Version 4.17.15 of Node.js module lodash included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-version-4-17-15-of-node-js-module-lodash-included-in-ibm-netcool-operations-insight-1-6-1-x-has-a-security-vulnerability/


∗∗∗ Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Commons Codec vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-apache-commons-codec-vulnerability/


∗∗∗ Security Bulletin: Vulnerability in Apache Commons Codec affects IBM Operations Analytics Predictive Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-commons-codec-affects-ibm-operations-analytics-predictive-insights/


∗∗∗ Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-manager-with-openstack-is-affected-by-a-openssl-vulnerability/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily