=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 26-05-2020 18:00 − Mittwoch 27-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Netgear-Router: Update-Prozess unsicher, Hersteller schweigt ∗∗∗
---------------------------------------------
Der Firmware-Updater einiger Netgear-Router wie dem Nighthawk R7000 ist offenbar unsicher. Dies hat das IoT-Lab der University of Applied Sciences Upper Austria (FH Oberösterreich) herausgefunden. Ob und wie der Hersteller auf das Problem reagiert ist indes völlig unklar – der Hersteller hüllt sich seit Wochen in Schweigen.
---------------------------------------------
https://heise.de/-4766025
∗∗∗ Micropatch Available for User-Mode Power Service Memory Corruption (CVE-2020-1015) ∗∗∗
---------------------------------------------
Windows 7 and Server 2008 R2 users without Extended Security Updates have just received a micropatch for CVE-2020-1015, a memory corruption vulnerability in User-Mode Power Service that could allow a local attacker to execute arbitrary code as Local System.This vulnerability was patched by Microsoft with April 2020 Updates, but Windows 7 and Server 2008 R2 users without Extended Security Updates remained vulnerable.
---------------------------------------------
https://blog.0patch.com/2020/05/micropatch-available-for-user-mode.html
∗∗∗ Vorsicht bei Privatverkauf: Betrug mit Speditionen boomt! ∗∗∗
---------------------------------------------
Der Weg über angebliche Speditionen ist eine beliebte Betrugsmasche beim Privatverkauf. Vor allem teure Waren, die auf Kleinanzeigenportale inseriert werden, locken BetrügerInnen an. Die vermeintlichen KäuferInnen erklären, dass sie im Ausland sind und daher der Kauf über eine Spedition abgewickelt werden soll. Hier gilt es vorsichtig zu sein, denn die Opfer werden aufgefordert das Geld für die Spedition zu überweisen. Das Unternehmen existiert jedoch gar
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-bei-privatverkauf-betrug-mi…
∗∗∗ New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD ∗∗∗
---------------------------------------------
Eighteen of the 26 bugs impact Linux. Eleven have been patched already.
---------------------------------------------
https://www.zdnet.com/article/new-fuzzing-tool-finds-26-usb-bugs-in-linux-w…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (drupal7 and unbound), Fedora (libEMF and transmission), Mageia (dojo, log4net, nginx, nodejs-set-value, sleuthkit, and transmission), Red Hat (rh-maven35-jackson-databind), SUSE (dpdk and mariadb-connector-c), and Ubuntu (thunderbird).
---------------------------------------------
https://lwn.net/Articles/821530/
∗∗∗ BOSCH-SA-363824-BT ∗∗∗
---------------------------------------------
Multiple Vulnerabilities in Bosch Recording Station (BRS)
---------------------------------------------
https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-sa-36…
∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-…
∗∗∗ Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-…
∗∗∗ Security Advisory - Denial of Service Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-…
∗∗∗ Security Advisory - Kr00k Vulnerability in Broadcom Wi-Fi chips ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-…
∗∗∗ Security Advisory - Stack Buffer Overflow Vulnerability in Several Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-…
∗∗∗ Security Advisory - Information Disclosure Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-…
∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-…
∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-…
∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-…
∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by cross-site scripting (CVE-2020-4358) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is…
∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by weak cryptographic algorithm (CVE-2020-4350) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is…
∗∗∗ Security Bulletin: User Credentials submitted using GET method ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-user-credentials-submitte…
∗∗∗ Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud Tiering(CVE-2020-7238) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-…
∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by weak crypto algorithm (CVE-2020-4349) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is…
∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by weak crypto algorithm (CVE-2020-4379) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is…
∗∗∗ Security Bulletin: Multiple vulnerabilities in netty affect IBM Spectrum Scale Transparent Cloud Tiering (CVE-2019-20445, CVE-2019-20444) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by verbose error message (CVE-2020-4357) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is…
∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affects IBM Virtualization Engine TS7700 – January 2020 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java…
∗∗∗ Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud Tiering(CVE-2020-7238) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 25-05-2020 18:00 − Dienstag 26-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Dumping COVID-19.jar with Java Instrumentation ∗∗∗
---------------------------------------------
There is a generic and easy way to unpack Java malware that is not well-known yet. For demonstration I use a recent JAR malware sample that jumps on the COVID-19 bandwagon.
---------------------------------------------
https://www.gdatasoftware.com/blog/2020/05/36083-dumping-covid-19jar-with-j…
∗∗∗ These Aren’t the Phish You’re Looking For ∗∗∗
---------------------------------------------
An Effective Technique for Avoiding Blacklists
---------------------------------------------
https://medium.com/@curtbraz/these-arent-the-phish-you-re-looking-for-7374c…
∗∗∗ Fünf Zero-Day-Lücken veröffentlicht – Microsoft will erst später patchen ∗∗∗
---------------------------------------------
Das Team der Zero Day Initiative hat Informationen zu fünf Sicherheitslücken veröffentlicht, nachdem Microsoft die gesetzte Frist nicht einhielt.
---------------------------------------------
https://heise.de/-4765191
∗∗∗ Projekt SiSyPHuS Win10: Ergebnisse der Analyse zu PowerShell ∗∗∗
---------------------------------------------
Im Rahmen der Sicherheitsanalyse von Windows 10 (Projekt SiSyPHuS Win10) hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) die Ergebnisse der Analyse zu PowerShell veröffentlicht.
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/SiSyPHuS_Powershe…
∗∗∗ ludwig-therese.net ist Fake ∗∗∗
---------------------------------------------
Auf der Suche nach einem Dirndl oder einer Lederhose? Viele KonsumentInnen gelangen momentan über betrügerische Werbeschaltungen auf Facebook und Instagram zum Fake-Shop ludwig-therese.net. ludwig-therese.net ist eine Kopie des seriösen Shops ludwig-therese.de. Wer bei ludwig-therese.net bestellt, erhält trotz Bezahlung keine Ware.
---------------------------------------------
https://www.watchlist-internet.at/news/ludwig-theresenet-ist-fake/
∗∗∗ RangeAmp attacks can take down websites and CDN servers ∗∗∗
---------------------------------------------
Twelve of thirteen CDN providers said they fixed or planned to fix the problem.
---------------------------------------------
https://www.zdnet.com/article/rangeamp-attacks-can-take-down-websites-and-c…
∗∗∗ Do Androids dream of equal security? ∗∗∗
---------------------------------------------
Several pieces of research published by F-Secure Labs demonstrate that region-specific default configurations and settings in some flagship Android devices are creating security problems that affect people in some countries but not others.
---------------------------------------------
https://blog.f-secure.com/android-security/
=====================
= Vulnerabilities =
=====================
∗∗∗ New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps ∗∗∗
---------------------------------------------
Remember Strandhogg? A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information. Late last year, at the time of its public disclosure, researchers also confirmed that some attackers were already exploiting the flaw in the [...]
---------------------------------------------
https://thehackernews.com/2020/05/stranhogg-android-vulnerability.html
∗∗∗ Apple Mail: iOS-Updates beseitigen offenbar schwere Lücke ∗∗∗
---------------------------------------------
Mit iOS 13.5 und 12.4.7 hat Apple Sicherheitsforschern zufolge Schwachstellen behoben, die eine Manipulation der E-Mail-Inbox ermöglichten.
---------------------------------------------
https://heise.de/-4764378
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (sqlite3), Fedora (libarchive and netdata), openSUSE (dom4j, dovecot23, gcc9, and memcached), Red Hat (devtoolset-9-gcc, httpd24-httpd and httpd24-mod_md, ipmitool, kernel, kpatch-patch, openvswitch, openvswitch2.11, openvswitch2.13, rh-haproxy18-haproxy, and ruby), and SUSE (freetds, jasper, libxslt, and sysstat).
---------------------------------------------
https://lwn.net/Articles/821441/
∗∗∗ FortiClient for Windows Insecure Temporary File vulnerability ∗∗∗
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-20-040
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 22-05-2020 18:00 − Montag 25-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Discord client turned into a password stealer by updated malware ∗∗∗
---------------------------------------------
A threat actor converted the AnarchyGrabber trojan into a new malware that steals passwords and user tokens, disables 2FA, and spreads malware to a victims friends.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/discord-client-turned-into-a…
∗∗∗ Portscan: Ebay.de scannt den Rechner auf offene Ports ∗∗∗
---------------------------------------------
Mit einem Javascript werden 14 Ports auf dem lokalen PC abgeklopft.
---------------------------------------------
https://www.golem.de/news/portscan-ebay-de-scannt-den-rechner-auf-offene-po…
∗∗∗ 70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs ∗∗∗
---------------------------------------------
A lack of awareness about where and how open-source libraries are being used is problematic, researchers say.
---------------------------------------------
https://threatpost.com/70-of-apps-open-source-bugs/156040/
∗∗∗ New activity of DoubleGuns‘ gang, control hundreds of thousands of bots via public cloud service ∗∗∗
---------------------------------------------
Recently, our DNS data based threat monitoning system DNSmon flagged a suspicious domain pro.csocools.com. The system estimates the scale of infection may well above hundreds of thousands of users. By analyzing the related samples and C2s,We traced its family back to the ShuangQiang(double gun) campaign, [...]
---------------------------------------------
https://blog.netlab.360.com/shuangqiang/
∗∗∗ AgentTesla Delivered via a Malicious PowerPoint Add-In, (Sat, May 23rd) ∗∗∗
---------------------------------------------
Attackers are always trying to find new ways to deliver malicious code to their victims. Microsoft Word and Excel are documents that can be easily weaponized by adding malicious VBA macros. Today, they are one of the most common techniques to compromise a computer. Especially because Microsoft implemented automatically executed macros when the document is opened. In Word, the macro must be named AutoOpen(). In Excel, the name must be Workbook_Open(). However, PowerPoint does not support this [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/26162
∗∗∗ Securing SSH: What To Do and What Not To Do ∗∗∗
---------------------------------------------
The SSH service is critical, ensuring its security is key. This blog will describe how best to secure the SSH service from threat actors.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/securing-ss…
∗∗∗ Thousands of enterprise systems infected by new Blue Mockingbird malware gang ∗∗∗
---------------------------------------------
Hackers are exploiting a dangerous and hard to patch vulnerability to go after enterprise servers.
---------------------------------------------
https://www.zdnet.com/article/thousands-of-enterprise-systems-infected-by-n…
∗∗∗ Insidious Android malware gives up all malicious features but one to gain stealth ∗∗∗
---------------------------------------------
ESET researchers detect a new way of misusing Accessibility Service, the Achilles’ heel of Android security
---------------------------------------------
https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-u…
=====================
= Vulnerabilities =
=====================
∗∗∗ Apples iPhone und iPad: Aktueller Jailbreak für iOS 13.5 nutzt Zero-Day-Lücke aus ∗∗∗
---------------------------------------------
Kurz nach der Veröffentlichung von iOS 13.5 ist ein Jailbreak erschienen. Damit wird das Sicherheitssystem in iOS und iPadOS ausgehebelt.
---------------------------------------------
https://www.golem.de/news/apples-iphone-und-ipad-aktueller-jailbreak-fuer-i…
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, dovecot, openconnect, and powerdns-recursor), Debian (cracklib2, feh, netqmail, ruby-rack, tomcat7, and transmission), Fedora (dovecot, kernel, log4net, openconnect, python-markdown2, and unbound), Mageia (ansible, clamav, dovecot, file-roller, glpi, kernel, kernel-linus, libntlm, microcode, nmap, pdns-recursor, unbound, viewvc, and wireshark), openSUSE (ant, autoyast2, dpdk, file, freetype2, gstreamer-plugins-base, imapfilter, libbsd, [...]
---------------------------------------------
https://lwn.net/Articles/821347/
∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on FOX615 Multiservice-Multiplexer ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=1KHW003578&Language…
∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on Relion 670, Relion 650, SAM600-IO Series ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=1MRG035816&Language…
∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on AFS66x ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=1MRG000001&Language…
∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on NSD570 Teleprotection Equipment ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=1KHW003577&Language…
∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on ETL600 Power Line Carrier System ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=1KHW003576&Language…
∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on REB500 ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=1KHL501885&Language…
∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on RTU500 series ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=1KGT090327&Language…
∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins…
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-ze ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vyatta-5600-vrouter-softw…
∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins…
∗∗∗ Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-…
∗∗∗ Grafana: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0495
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 20-05-2020 18:00 − Freitag 22-05-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Drahtlos-Standard: Bluetooth-Sicherheitslücke betrifft praktisch alle Geräte ∗∗∗
---------------------------------------------
Bluetooth erfordert beim Verbindungsaufbau keine beidseitige Authentifizierung. Der Angriff Bias funktioniert als Master und als Slave.
---------------------------------------------
https://www.golem.de/news/drahtlos-standard-bluetooth-sicherheitsluecke-bet…
∗∗∗ Sarwent Malware Continues to Evolve With Updated Command Functions ∗∗∗
---------------------------------------------
Sarwent has received little attention from researchers, but this backdoor malware is still being actively developed, with new commands and a focus on RDP.
---------------------------------------------
https://labs.sentinelone.com/sarwent-malware-updates-command-detonation/
∗∗∗ Shining a light on “Silent Night” Zloader/Zbot ∗∗∗
---------------------------------------------
The latest Malwarebytes Threat Intel report focuses on Silent Night, a new banking Trojan recently tracked as Zloader/Zbot.
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2020/05/the-silent-night-zloa…
∗∗∗ Vulnerability Spotlight: Memory corruption vulnerability in GNU Glibc leaves smart vehicles open to attack ∗∗∗
---------------------------------------------
Modern automobiles are complex machines, merging both mechanical and computer systems under one roof. As automobiles become more advanced, additional sensors and devices are added to help the vehicle understand its internal and external environments. These sensors provide drivers with real-time information, connect the vehicle to the global fleet network and, in some cases, actively use and interpret this telemetry data to drive the [...]
---------------------------------------------
https://blog.talosintelligence.com/2020/05/cve-2020-6096.html
∗∗∗ Bequemlichkeit vs. Sicherheit bei Smart‑Home Geräten ∗∗∗
---------------------------------------------
Trotz der wachsenden Akzeptanz von Smart-Home-Geräten, sollten wir unsere Privatsphäre und Sicherheit nicht der Bequemlichkeit opfern.
---------------------------------------------
https://www.welivesecurity.com/deutsch/2020/05/20/bequemlichkeit-vs-sicherh…
∗∗∗ Tools Used in GhostDNS Router Hijack Campaigns Dissected ∗∗∗
---------------------------------------------
The source code of the GhostDNS exploit kit (EK) has been obtained and analyzed by researchers. GhostDNS is used to compromise a wide range of routers to facilitate phishing -- perhaps more accurately, pharming -- for banking credentials. Target routers are mostly, but not solely, located in Latin America.
---------------------------------------------
https://www.securityweek.com/tools-used-ghostdns-router-hijack-campaigns-di…
∗∗∗ Ragnar Locker Ransomware Uses Virtual Machines for Evasion ∗∗∗
---------------------------------------------
The Ragnar Locker ransomware has been deploying a full virtual machine to ensure that it can evade detection, Sophos reveals.
---------------------------------------------
https://www.securityweek.com/ragnar-locker-ransomware-uses-virtual-machines…
∗∗∗ Free ImmuniWeb Tool Allows Organizations to Check Dark Web Exposure ∗∗∗
---------------------------------------------
Web security company ImmuniWeb this week announced a free tool that allows businesses and government organizations to check their dark web exposure.
---------------------------------------------
https://www.securityweek.com/free-immuniweb-tool-allows-organizations-check…
∗∗∗ Wahre Liebe oder Betrug? So finden Sie es heraus! ∗∗∗
---------------------------------------------
Egal ob auf Sozialen Netzwerken wie Facebook oder Instagram, auf Online-Partnerbörsen oder einfach per Mail - immer wieder melden uns LeserInnen sogenannte Love- oder Romance-Scammer. Durch Liebesbeteuerungen und Geschichten aus Ihrem Alltag erschleichen sich die BetrügerInnen das Vertrauen der Opfer. Tatsächlich geht es aber auch bei dieser Betrugsmasche nur um eines: Geld.
---------------------------------------------
https://www.watchlist-internet.at/news/wahre-liebe-oder-betrug-so-finden-si…
∗∗∗ Spectra: Neuartiger Angriff überwindet Trennung von WLAN und Bluetooth ∗∗∗
---------------------------------------------
Er richtet sich gegen Combo-Chips der Hersteller Broadcom und Cypress. Sie finden sich unter anderem in iPhones, MacBooks und Galaxy-S-Smartphones. Spectra nutzt Schwachstellen in einer Funktion, die einen schnellen Wechsel von einer Funktechnik zur anderen erlaubt.
---------------------------------------------
https://www.zdnet.de/88380022/spectra-neuartiger-angriff-ueberwindet-trennu…
=====================
= Vulnerabilities =
=====================
∗∗∗ Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003 ∗∗∗
---------------------------------------------
Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. The vulnerability is caused by insufficient validation of the destination query parameter in the drupal_goto() function.
---------------------------------------------
https://www.drupal.org/sa-core-2020-003
∗∗∗ Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002 ∗∗∗
---------------------------------------------
The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are [...] security issues in jQuery’s DOM manipulation methods, as in .html(), .append(), and the others.
---------------------------------------------
https://www.drupal.org/sa-core-2020-002
∗∗∗ Apple Security Update: Xcode 11.5 ∗∗∗
---------------------------------------------
Impact: A crafted git URL that contains a newline in it may cause credential information to be provided for the wrong host
---------------------------------------------
https://support.apple.com/en-us/HT211183
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (keycloak, qemu, and thunderbird), Debian (dovecot), Fedora (abcm2ps and oddjob), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, and kernel-rt), SUSE (ant, bind, and freetype2), and Ubuntu (bind9 and linux, linux-aws, linux-aws-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3,linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2 ).
---------------------------------------------
https://lwn.net/Articles/821093/
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox, ipmitool, kernel, squid, and thunderbird), Debian (pdns-recursor), Fedora (php and ruby), Red Hat (dotnet and dotnet3.1), SUSE (dom4j, dovecot23, memcached, and tomcat), and Ubuntu (clamav, libvirt, and qemu).
---------------------------------------------
https://lwn.net/Articles/821205/
∗∗∗ Hackers Can Target Rockwell Industrial Software With Malicious EDS Files ∗∗∗
---------------------------------------------
Rockwell Automation recently patched two vulnerabilities related to EDS files that can allow malicious actors to expand their access within a targeted organization’s OT network.
---------------------------------------------
https://www.securityweek.com/hackers-can-target-rockwell-industrial-softwar…
∗∗∗ 2020-05-21: SECURITY ABB Device Library Wizard Information Disclosure Vulnerability (2PAA121681) ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121681&Language…
∗∗∗ Cisco AMP for Endpoints Linux Connector and AMP for Endpoints Mac Connector Software Memory Buffer Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Unified Contact Center Express Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Prime Collaboration Provisioning Software SQL Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Prime Network Registrar DHCP Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco AMP for Endpoints Mac Connector Software File Scan Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/
∗∗∗ [webapps] PHPFusion 9.03.50 - Persistent Cross-Site Scripting ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/48497
∗∗∗ CVE-2004-0230 Blind Reset Attack Using the RST/SYN Bit ∗∗∗
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-16-039
∗∗∗ Linux kernel vulnerability CVE-2019-19059 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K06554372
∗∗∗ Linux kernel vulnerability CVE-2019-19062 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K84797753
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 19-05-2020 18:00 − Mittwoch 20-05-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Netwalker Fileless Ransomware Injected via Reflective Loading ∗∗∗
---------------------------------------------
Ransomware in itself poses a formidable threat for organizations. As a fileless threat, the risk is increased as it can more effectively evade detection. We discuss how Netwalker ransomware is deployed filelessly through reflective DLL injection.
---------------------------------------------
https://blog.trendmicro.com/trendlabs-security-intelligence/netwalker-filel…
∗∗∗ Studie: Kriminelle wollen nur Geld, Unternehmen stellen Daten selbst ins Feuer ∗∗∗
---------------------------------------------
Eine Analyse von knapp 4000 Cyber-Angriffen belegt, dass Passwortdiebstahl nach wie vor hoch im Kurs steht und Admins vor allem Cloud-Dienste nicht beherrschen.
---------------------------------------------
https://heise.de/-4725579
∗∗∗ 10 best practices for MSPs to secure their clients and themselves from ransomware ∗∗∗
---------------------------------------------
For MSPs, securing themselves from ransomware is just as much a practice in securing clients. See how to save data—and money—with these best practices.
---------------------------------------------
https://blog.malwarebytes.com/how-tos-2/2020/05/10-best-practices-for-msps-…
∗∗∗ The wolf is back... ∗∗∗
---------------------------------------------
Thai Android devices and users are being targeted by a modified version of DenDroid we are calling "WolfRAT," now targeting messaging apps like WhatsApp, Facebook Messenger and Line. We assess with high confidence that this modified version is operated by the infamous Wolf Research.This actor has shown a surprising level of amateur actions, including code overlaps, open-source project copy/paste, classes never being [...]
---------------------------------------------
https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html
∗∗∗ 3 Ways to Reduce Insider Cyberattacks on Industrial Control Systems ∗∗∗
---------------------------------------------
When power grids, water networks and gas utility systems are targeted by cyberattacks, systems that are essential to our everyday lives are affected. While the damage potential due to external [...]
---------------------------------------------
https://blog.se.com/cyber-security/2020/05/06/three-ways-to-reduce-insider-…
∗∗∗ The Elementor Attacks: How Creative Hackers Combined Vulnerabilities to Take Over WordPress Sites ∗∗∗
---------------------------------------------
On May 6, our Threat Intelligence team was alerted to a zero-day vulnerability present in Elementor Pro, a WordPress plugin installed on approximately 1 million sites. That vulnerability was being exploited in conjunction with another vulnerability found in Ultimate Addons for Elementor, a WordPress plugin installed on approximately 110,000 sites.
---------------------------------------------
https://www.wordfence.com/blog/2020/05/the-elementor-attacks-how-creative-h…
∗∗∗ SMS von Raiffeisen mit Link ist Fake ∗∗∗
---------------------------------------------
Momentan sind gefälschte Raiffeisen-SMS im Umlauf. Darin werden Sie aufgefordert, die PushTAN Registrierung abzuschließen. Dafür müssen Sie lediglich auf den angeführten Link klicken. Doch Vorsicht: Dieser Link führt nicht auf die echte Login-Seite, sondern auf eine Phishing-Seite.
---------------------------------------------
https://www.watchlist-internet.at/news/sms-von-raiffeisen-mit-link-ist-fake/
=====================
= Vulnerabilities =
=====================
∗∗∗ VMSA-2020-0010 ∗∗∗
---------------------------------------------
VMware Cloud Director updates address Code Injection Vulnerability (CVE-2020-3956)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2020-0010.html
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (bind9 and clamav), Fedora (kernel, moodle, and transmission), Oracle (kernel), Red Hat (ipmitool, kernel, ksh, and ruby), Slackware (bind and libexif), SUSE (dpdk, openconnect, python, and rpmlint), and Ubuntu (linux, linux-aws, linux-gcp, linux-kvm, linux-oracle, linux-riscv and linux-gke-5.0, linux-oem-osp1).
---------------------------------------------
https://lwn.net/Articles/820948/
∗∗∗ Researchers Divulge Details on Five Windows Zero Days ∗∗∗
---------------------------------------------
Zero Day Initiative Researchers Publish Five Windows Zero Days read more
---------------------------------------------
https://www.securityweek.com/researchers-divulge-details-five-windows-zero-…
∗∗∗ Security Advisory - Information Leakage Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200520-…
∗∗∗ Security Advisory - Use After Free Vulnerability in Several Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200520-…
∗∗∗ Security Bulletin: IBM Security Access Manager is vulnerable to a bypass security vulnerability (CVE-2020-4461) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-access-manag…
∗∗∗ Security Bulletin: A security vulnerability has been identified in SQLite shipped with IBM Watson Machine Learning Community Edition (WMLCE) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-…
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: A security vulnerability has been identified in the sqlite package shipped with IBM Watson Machine Learning Community Edition (WMLCE) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-…
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: CVE-2020-4260 SOME SECURE PROPERTIES CAN BE REVEALED VIA GENERIC PROCESSES ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-4260-some-secure…
∗∗∗ Security Bulletin: A security vulnerability has been identified in Pillow shipped with IBM Watson Machine Learning Community Edition (WMLCE) containers ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-…
∗∗∗ Security Bulletin: A security vulnerability has been identified in nanopb shipped with IBM Watson Machine Learning Community Edition (WMLCE) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-…
∗∗∗ Security Bulletin: A security vulnerability has been identified in FFMpeg shipped with IBM Watson Machine Learning Community Edition (WMLCE) containers ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-…
∗∗∗ Security Bulletin: Security vulnerabilities have been identified in BigFix Platform shipped with IBM License Metric Tool. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-…
∗∗∗ HPESBHF04004 rev.1 - HPE Superdome Flex Server Remote Management Controller (RMC), Local Elevation of Privilege ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n…
∗∗∗ HPESBST03991 rev.1 - HPE Nimble Storage, Remote Access to Sensitive Information ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n…
∗∗∗ HPESBST03992 rev.1 - HPE Nimble Storage, Remote Code Execution ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n…
∗∗∗ Adobe Creative Cloud: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0487
∗∗∗ Wireshark: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0485
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 18-05-2020 18:00 − Dienstag 19-05-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ NXNSAttack: Effizienter Angriff auf Nameserver ∗∗∗
---------------------------------------------
Eine neue Form von Denial-of-Service-Angriff nutzt die DNS-Architektur, um mit wenig Aufwand viel Serverlast und Traffic zu erzeugen.
---------------------------------------------
https://www.golem.de/news/nxnsattack-effizienter-angriff-auf-nameserver-200…
∗∗∗ Phishers are trying to bypass Office 365 MFA via rogue apps ∗∗∗
---------------------------------------------
Phishers are trying to bypass the multi-factor authentication (MFA) protection on users’ Office 365 accounts by tricking them into granting permissions to a rogue application. The app allows attackers to access and modify the contents of the victim’s account, but also to retain that access indefinitely, Cofense researchers warn.
---------------------------------------------
https://www.helpnetsecurity.com/2020/05/19/office-365-bypass-mfa/
∗∗∗ Hohe Kosten statt Krediten auf kreditvolks-online.com ∗∗∗
---------------------------------------------
Die betrügerische Website kreditvolks-online.com wirbt momentan mit günstigen Krediten um Kundschaft. Die Kriminellen hinter der Website missbrauchen dabei beispielsweise das Logo der Volksbank, der Bawag P.S.K., der Commerzbank oder der Deutsche Kreditbank AG, um Vertrauen zu stiften. Bevor angebliche Kredite ausgezahlt werden, müssen zahlreiche Gebühren bezahlt werden. Eine tatsächliche Auszahlung findet schlussendlich nie statt und alle Zahlungen sind verloren!
---------------------------------------------
https://www.watchlist-internet.at/news/hohe-kosten-statt-krediten-auf-kredi…
∗∗∗ FBI warns about attacks on Magento online stores via old plugin vulnerability ∗∗∗
---------------------------------------------
FBI says hackers have been planting card skimmers on online stores by exploiting a 2017 bug in the MAGMI plugin.
---------------------------------------------
https://www.zdnet.com/article/fbi-warns-about-attacks-on-magento-online-sto…
∗∗∗ Hundreds of thousands of QNAP devices vulnerable to remote takeover attacks ∗∗∗
---------------------------------------------
A firmware patch has been released last year, in November.
---------------------------------------------
https://www.zdnet.com/article/hundreds-of-thousands-of-qnap-devices-vulnera…
=====================
= Vulnerabilities =
=====================
∗∗∗ VU#534195: Bluetooth devices supporting LE and specific BR/EDR implementations are vulnerable to method confusion attacks ∗∗∗
---------------------------------------------
[...] It is possible for an unauthenticated, adjacent attacker to man-in-the-middle (MITM) attack the pairing process and force each victim device into a different Association Model, possibly granting the attacker the ability to initiate any Bluetooth operation on either attacked device.
---------------------------------------------
https://kb.cert.org/vuls/id/534195
∗∗∗ VU#647177: Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks ∗∗∗
---------------------------------------------
[...] It is possible for an unauthenticated, adjacent attacker to impersonate a previously paired/bonded device and successfully authenticate without knowing the link key. This could allow an attacker to gain full access to the paired device by performing a Bluetooth Impersonation Attack (BIAS).
---------------------------------------------
https://kb.cert.org/vuls/id/647177
∗∗∗ Sicherheitsupdate: Nitro PDF Pro könnte Daten leaken ∗∗∗
---------------------------------------------
Die Entwickler der PDF-Anwendung Nitro PDF Pro haben mehrere Sicherheitslücken geschlossen.
---------------------------------------------
https://heise.de/-4724062
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (dpdk and exim4), Fedora (openconnect, perl-Mojolicious, and php), Red Hat (kernel and kpatch-patch), Slackware (sane), and Ubuntu (bind9, dpdk, exim4, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-oem, linux-oracle, linux-snapdragon, and linux, linux-aws, linux-lts-xenial, linux-raspi2, linux-snapdragon).
---------------------------------------------
https://lwn.net/Articles/820859/
∗∗∗ F-Secure Linux Security: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/05/warn…
∗∗∗ LibreOffice: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/05/warn…
∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by a cross-site request forgery vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio…
∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Solr (lucene) affect IBM InfoSphere Information Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in WebSphere Application Server Liberty ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio…
∗∗∗ Security Bulletin: InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-infosphere-information-se…
∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by a cross-site scripting vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio…
∗∗∗ Security Bulletin: IBM Security Guardium is affected by an SQLite vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-…
∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged user to cause denial of service in kernal ( CVE-2020-4411) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-…
∗∗∗ Security Bulletin: IBM Security Guardium is affected by an SQLite vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-…
∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect B2B API of IBM Sterling B2B Integrator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera…
∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged user to cause denial of service( CVE-2020-4412) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-…
∗∗∗ Rowhammer hardware vulnerability CVE-2020-10255 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K60570139
∗∗∗ Adobe Creative Cloud: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0476
∗∗∗ Internet Systems Consortium BIND: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0474
∗∗∗ Dovecot: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0479
∗∗∗ Ruby on Rails: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0477
∗∗∗ MISP: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0480
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 15-05-2020 18:00 − Montag 18-05-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Disruption on the horizon ∗∗∗
---------------------------------------------
[...] As cyber security professionals we are often caught in the wake of disruptive changes as a result of technology adoption (i.e. Cloud), changes in operational paradigms (i.e. DevOps), or regulatory/compliance developments (i.e. GDPR, CCPA, etc.). Recognizing this, how can we proactively identify such changes before they start to impact our operations?
---------------------------------------------
https://cybersecurity.att.com/blogs/security-essentials/disruption-on-the-h…
∗∗∗ Antivirus & Multiple Detections, (Sun, May 17th) ∗∗∗
---------------------------------------------
"When a file contains more than one signature, for example EICAR and a real virus, what will the antivirus report?".
---------------------------------------------
https://isc.sans.edu/diary/rss/26134
∗∗∗ WordPress Malware Collects Sensitive WooCommerce Data ∗∗∗
---------------------------------------------
During a recent investigation, our team found malicious code that reveals how attackers are performing reconnaissance to identify if sites are actively using WooCommerce in a compromised hosting environment. These compromised websites are victims of the ongoing wave of exploits against vulnerable WordPress plugins.
---------------------------------------------
https://blog.sucuri.net/2020/05/wordpress-malware-collects-sensitive-woocom…
∗∗∗ Evading Detection with Excel 4.0 Macros and the BIFF8 XLS Format ∗∗∗
---------------------------------------------
Abusing legacy functionality built into the Microsoft Office suite is a tale as old as time. One functionality that is popular with red teamers and maldoc authors is using Excel 4.0 Macros to embed standard malicious behavior in Excel files and then execute phishing campaigns with these documents. These macros, which are fully documented online, can make web requests, execute shell commands, access win32 APIs, and have many other capabilities which are desirable to malware authors.
---------------------------------------------
https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/
∗∗∗ Mandrake Android Spyware Remained Undetected for 4 Years ∗∗∗
---------------------------------------------
Security researchers at Bitdefender have identified a highly sophisticated Android spyware platform that managed to remain undetected for four years.
---------------------------------------------
https://www.securityweek.com/mandrake-android-spyware-remained-undetected-4…
∗∗∗ Ethical dilemmas with responsible disclosure ∗∗∗
---------------------------------------------
We do a LOT of disclosures, probably starting one a day on average. Between us, we spend a man day or so per week just managing disclosures. It creates pain [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/ethical-dilemmas-with-respons…
∗∗∗ The ProLock ransomware doesn’t tell you one important thing about decrypting your files ∗∗∗
---------------------------------------------
Have your computers been hit by the ProLock ransomware? You might want to read this before you pay any money to the criminals behind the attack.
---------------------------------------------
https://www.grahamcluley.com/prolock-ransomware-decryption/
=====================
= Vulnerabilities =
=====================
∗∗∗ Critical WordPress plugin bug allows for automated takeovers ∗∗∗
---------------------------------------------
Attackers can exploit a critical vulnerability in the WP Product Review Lite plugin installed on over 40,000 WordPress sites to inject malicious code and potentially take over vulnerable websites.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/critical-wordpress-plugin-bu…
∗∗∗ PHOENIX CONTACT improper access control exists on FL NAT devices when using MAC-based port security (Update A) ∗∗∗
---------------------------------------------
[...] Update 2020-05-18: Firmware V2.90 is released and available for download.
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2019-020
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (apache-log4j1.2, exim4, libexif, and openconnect), Fedora (chromium, condor, java-1.8.0-openjdk, java-1.8.0-openjdk-aarch32, mingw-ilmbase, mingw-OpenEXR, sleuthkit, and squid), Mageia (jbig2dec, libreswan, netkit-telnet, ntp, and suricata), openSUSE (mailman and nextcloud), SUSE (autoyast2, file, git, gstreamer-plugins-base, libbsd, libvirt, libvpx, libxml2, mailman, and openexr), and Ubuntu (dovecot and json-c).
---------------------------------------------
https://lwn.net/Articles/820814/
∗∗∗ WebKitGTK 2.29.1 released! ∗∗∗
---------------------------------------------
This is the first development release leading toward 2.30 series.What’s new in the WebKitGTK 2.29.1 release? Stop using GTK theming to render form controls. Add API to disable GTK theming for scrollbars too. Fix several race conditions and threading issues in the media player. Add USER_AGENT_BRANDING build option. Add paste as plain text option to the context menu for rich editable content. Fix several crashes and rendering issues.
---------------------------------------------
https://webkitgtk.org/2020/05/18/webkitgtk2.29.1-released.html
∗∗∗ Cisco Firepower Detection Engine Secure Sockets Layer Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Security Bulletin: Vulnerabiliity in IBM Java shipped with IBM Transformation Extender Advanced (CVE-2018-12547) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabiliity-in-ibm-jav…
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java shipped with IBM Transformation Extender Advanced (CVE-2018-1656, CVE-2018-12539) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: Multiple IBM Runtime Environments Java Technology Edition vulnerabilities affect IBM Transformation Extender ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-runtime-envi…
∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect IBM Sterling B2B Integrator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera…
∗∗∗ Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-1938) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-open-source-apache-tomcat…
∗∗∗ Security Bulletin: Vulnerability CVE-2020-4345 in SQL affects IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2020-43…
∗∗∗ Security Bulletin: Security vulnerability in WAS Liberty used by IBM Transformation Extender Advanced (CVE-2017-1681) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in…
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java shipped with IBM Transformation Extender Advanced ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: vulnerabilities in in IBM® Runtime Environment Java™ Version 8 affect IBM WIoTP MessageGateway (CVE-2020-2805, CVE-2020-2803, CVE-2020-2781, CVE-2020-2755, CVE-2020-2754) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-in-ibm…
∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect B2B API of IBM Sterling B2B Integrator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera…
∗∗∗ Linux kernel vulnerability CVE-2019-20636 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K45501314
∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0472
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 14-05-2020 18:00 − Freitag 15-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ ProLock Ransomware teams up with QakBot trojan for network access ∗∗∗
---------------------------------------------
ProLock is a relatively new malware on the ransomware scene but has quickly attracted attention by targeting businesses and local governments and demanding huge ransoms for file decryption.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/prolock-ransomware-teams-up-…
∗∗∗ RATicate drops info stealing malware and RATs on industrial targets ∗∗∗
---------------------------------------------
Security researchers from Sophos have identified a hacking group that abused NSIS installers to deploy remote access tools (RATs) and information-stealing malware in attacks targeting industrial companies.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/raticate-drops-info-stealing…
∗∗∗ Angriffe auf Hochleistungsrechner: Waren es Krypto-Miner? ∗∗∗
---------------------------------------------
Zahlreiche Hochleistungsrechenzentren sind nach Angriffen vom Netz. Hinweise deuten auf Krypto-Mining, doch für den Chef des LRZ greift das zu kurz.
---------------------------------------------
https://heise.de/-4722488
∗∗∗ The Unattributable "db8151dd" Data Breach ∗∗∗
---------------------------------------------
I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer. Its about a data breach with almost 90GB of personal information in it across tens of millions of records - including mine. Heres what I know: [...]
---------------------------------------------
https://www.troyhunt.com/the-unattributable-db8151dd-data-breach/
∗∗∗ Erpressungsmails mit echtem Passwort im Umlauf ∗∗∗
---------------------------------------------
In letzter Zeit häufen sich Beschwerden von Internet-NutzerInnen zu Erpressungsmails. Die Erpresser geben dabei an, ein Masturbationsvideo von den Betroffenen zu besitzen und fordern dazu auf einen bestimmten Betrag in Form von Bitcoins zu bezahlen. Die AdressatInnen sind von dieser Masche besonders verunsichert, da die Hacker ein echtes Passwort als scheinbaren Beweis kennen. Doch es besteht kein Grund zur Sorge. Die Erpresser haben weder ihren Computer gehackt, noch belastendes Material [...]
---------------------------------------------
https://www.watchlist-internet.at/news/erpressungsmails-mit-echtem-passwort…
∗∗∗ Mirai and Hoaxcalls Botnets Target Legacy Symantec Web Gateways ∗∗∗
---------------------------------------------
New Hoaxcalls and Mirai botnet campaigns found targeting end-of-life Symantec Secure Web Gateways via Remote Code Execution vulnerability.The post Mirai and Hoaxcalls Botnets Target Legacy Symantec Web Gateways appeared first on Unit42.
---------------------------------------------
https://unit42.paloaltonetworks.com/hoaxcalls-mirai-target-legacy-symantec-…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (apt, inetutils, and log4net), Fedora (kernel, mailman, and viewvc), Gentoo (chromium, freerdp, libmicrodns, live, openslp, python, vlc, and xen), Oracle (.NET Core, container-tools:1.0, and kernel), Red Hat (kernel-rt), Scientific Linux (kernel), SUSE (kernel, libvirt, python-PyYAML, and syslog-ng), and Ubuntu (json-c).
---------------------------------------------
https://lwn.net/Articles/820634/
∗∗∗ Vulnerabilities in SoftPAC Virtual Controller Expose OT Networks to Attacks ∗∗∗
---------------------------------------------
Vulnerabilities discovered by a researcher at industrial cybersecurity firm Claroty in Opto 22’s SoftPAC virtual programmable automation controller (PAC) expose operational technology (OT) networks to attacks.
---------------------------------------------
https://www.securityweek.com/vulnerabilities-softpac-virtual-controller-exp…
∗∗∗ Cisco Firepower Threat Defense Software Generic Routing Encapsulation Tunnel IPv6 Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Firepower Threat Defense Software VPN System Logging Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco MDS 9000 Series Switches Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Security Bulletin: Vulnerability in embedded IBM Websphere Application Server Liberty affects IBM Watson Compare and Comply for IBM Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-embedded…
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server April 2020 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: Multiple vulnerabilities have been identified in OpenSSL, a product which ships with IBM Tivoli Nework Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting that affects Liberty for Java for IBM Cloud (CVE-2020-4303, CVE-2020-4304) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser…
∗∗∗ PostgreSQL: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0471
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 13-05-2020 18:00 − Donnerstag 14-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Dimitri Robl
=====================
= News =
=====================
∗∗∗ COMpfun authors spoof visa application with HTTP status-based Trojan ∗∗∗
---------------------------------------------
In autumn 2019 we published a story about how a COMpfun successor known as Reductor infected files on the fly to compromise TLS traffic. Later in November 2019 we revealed a new Trojan using the same code base as COMPFun.
---------------------------------------------
https://securelist.com/compfun-http-status-based-trojan/96874/
∗∗∗ Patch Tuesday Revisited - CVE-2020-1048 isnt as "Medium" as MS Would Have You Believe, (Thu, May 14th) ∗∗∗
---------------------------------------------
Looking at our patch Tuesday list, I looked a bit closer at CE-2020-1048 (Print Spooler Privilege Escalation) and Microsoft&#;x26;#;39;s ratings for that one. Microsoft rated this as:
---------------------------------------------
https://isc.sans.edu/diary/rss/26124
∗∗∗ Danger zone! Brit research supercomputer ARCHERs login nodes exploited in cyber-attack, admins reset passwords and SSH keys ∗∗∗
---------------------------------------------
Assault on TOP500-listed machine may have hit Euro HPC too, warn sysops Updated One of Britains most powerful academic supercomputers has fallen victim to a "security exploitation" of its login nodes, forcing the rewriting of all user passwords and SSH keys.…
---------------------------------------------
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/13/uk_arche…
∗∗∗ Vulnerability in Google WordPress Plugin Grants Attacker Search Console Access ∗∗∗
---------------------------------------------
On April 21st, our Threat Intelligence team discovered a vulnerability in Site Kit by Google, a WordPress plugin installed on over 300,000 sites. This flaw allows any authenticated user, regardless of capability, to become a Google Search Console owner for any site running the Site Kit by Google plugin. We filed a security issue report ...Read MoreThe post Vulnerability in Google WordPress Plugin Grants Attacker Search Console Access appeared first on Wordfence.
---------------------------------------------
https://www.wordfence.com/blog/2020/05/vulnerability-in-google-wordpress-pl…
=====================
= Vulnerabilities =
=====================
∗∗∗ reCAPTCHA v3 - Critical - Access bypass - SA-CONTRIB-2020-019 ∗∗∗
---------------------------------------------
Project: reCAPTCHA v3Date: 2020-May-13Security risk: Critical 18∕25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypassDescription: The reCaptcha v3 module enables you to protect your forms using the Google reCaptcha V3.If the reCaptcha v3 challenge succeeds, all the other form validations are bypassed. This makes it possible for attackers to submit invalid or incomplete forms.This vulnerability only affects forms that are protected by reCaptcha v3 and have
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-019
∗∗∗ Webform - Critical - Access bypass - SA-CONTRIB-2020-018 ∗∗∗
---------------------------------------------
Project: WebformDate: 2020-May-13Security risk: Critical 15∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: This webform module enables you to build a Term checkboxes element.The module doesnt sufficiently check term view access when rendering Term checkboxes elements. Unpublished terms will always appear in the Term checkboxes element.Solution: Install the latest version:If you use the Webform module for Drupal 8.x, upgrade to Webform
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-018
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (apt and libreswan), Fedora (glpi, grafana, java-latest-openjdk, mailman, and oddjob), Oracle (container-tools:2.0, container-tools:ol8, kernel, libreswan, squid:4, and thunderbird), SUSE (apache2, grafana, and python-paramiko), and Ubuntu (apt and libexif).
---------------------------------------------
https://lwn.net/Articles/820520/
∗∗∗ Security Bulletin: Multiple vulnerabilities have been Identified In WebSphere Liberty Server shipped with IBM Global Mailbox ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in IBM MQ Affect IBM Sterling B2B Integrator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera…
∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect IBM Sterling B2B Integrator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera…
∗∗∗ Security Bulletin: Multiple security vulnerabilities have been Identified In Jackson Databind library shipped with IBM Global Mailbox ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera…
∗∗∗ Security Bulletin: Information Disclosure Security Vulnerability Afftects IBM Stering B2B Integrator GPM Web App (CVE-2020-4299) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-se…
∗∗∗ Security Bulletin: Jackson-databind Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-20330) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-security…
∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jetty Affect IBM Sterling B2B Integrator (CVE-2018-12545, CVE-2019-10241) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera…
∗∗∗ Security Bulletin: Multiple memory corruption vulnerabilities in IBM i2 Analyst's Notebook and IBM i2 Analyst's Notebook Premium ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-memory-corruptio…
∗∗∗ Security Bulletin: Permission security vulnerability exists in IBM Sterling File Gateway (CVE-2020-4259) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-permission-security-vulne…
∗∗∗ Security Bulletin: IBM API Connect is impacted by vulnerabilities in PHP (CVE-2020-7069, CVE-2020-7059) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impact…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 12-05-2020 18:00 − Mittwoch 13-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ US govt shares list of most exploited vulnerabilities since 2016 ∗∗∗
---------------------------------------------
US Government cybersecurity agencies and specialists today have released a list of the top 10 routinely exploited security vulnerabilities between 2016 and 2019.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/us-govt-shares-list-of-most-…
∗∗∗ Ramsay Malware Targets Air-Gapped Networks ∗∗∗
---------------------------------------------
The cyber-espionage toolkit is under active development.
---------------------------------------------
https://threatpost.com/ramsay-malware-air-gapped-networks/155695/
∗∗∗ Angreifer könnten Symantec Endpoint Protection als Sprungbrett nutzen ∗∗∗
---------------------------------------------
Symantecs Entwickler haben mehrere Sicherheitslücken in Endpoint Protection und Endpoint Protection Manager geschlossen.
---------------------------------------------
https://heise.de/-4720697
∗∗∗ Tinder-Bots betrügen mit scheinbarer Verifizierung ∗∗∗
---------------------------------------------
Internet-BetrügerInnen treiben auch auf Dating-Plattform ihr Unwesen und versuchen den Menschen durch Flirten Geld aus der Tasche zu ziehen. Bei einer dieser Betrugsmaschen geben Fake-Profile auf Tinder vor, dass sie sich sicherer fühlen würden, wenn sich das Tinder-Match verifizieren lässt. Das Opfer dieser Masche erhält einen Link dafür. Doch tatsächlich geht es dabei nicht darum, Vertrauen und Sicherheit vor einem Date herzustellen, [...]
---------------------------------------------
https://www.watchlist-internet.at/news/tinder-bots-betruegen-mit-scheinbare…
=====================
= Vulnerabilities =
=====================
∗∗∗ Unmittelbar Patchen: Kritische Schwachstelle in SAP® ABAP Systemen (CVE-2020-6262) ∗∗∗
---------------------------------------------
Das SEC Consult Vulnerability Lab hat eine kritische Code-Injection-Schwachstelle (CVE-2020-6262), mit einem CVSSv3 Score von 9.9, in SAP® Service Data Download (ein Teil des SAP® Solution Manager Plugin ST-PI), identifiziert.
---------------------------------------------
https://www.sec-consult.com/./blog/2020/05/unmittelbar-patchen-kritische-sc…
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (java-1.8.0-openjdk and seamonkey), Gentoo (firefox, lrzip, qemu, squid, and thunderbird), Oracle (thunderbird), Red Hat (buildah, kernel, kernel-alt, kernel-rt, kpatch-patch, podman, python-pip, python-virtualenv, and qemu-kvm), Scientific Linux (kernel), Slackware (mariadb), SUSE (openconnect), and Ubuntu (file, firefox, iproute2, pulseaudio, and squid, squid3).
---------------------------------------------
https://lwn.net/Articles/820409/
∗∗∗ Mai-Patchday: Microsoft schließt 111 Sicherheitslücken ∗∗∗
---------------------------------------------
Es ist der drittgrößte Patchday in der Geschichte des Unternehmens. Anfällig sind unter anderem Windows, SharePoint, Edge und Internet Explorer. Eine Lücke in Windows erlaubt sogar eine Remotecodeausführung mit erweiterten Benutzerrechten.
---------------------------------------------
https://www.zdnet.de/88379702/mai-patchday-microsoft-schliesst-111-sicherhe…
∗∗∗ Security Advisory - Out of Bounds Read Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200513-…
∗∗∗ Security Advisory - Integer Overflow Vulnerability in Android affects Several Huawei Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200513-…
∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200513-…
∗∗∗ Security Bulletin: [All] Apache Tomcat (core only) (Publicly disclosed vulnerability) CVE-2020-1935, CVE-2019-17569 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-all-apache-tomcat-core-on…
∗∗∗ Security Bulletin: Security Vulnerabilities in IBM® Java SDK Oct 2019 and Jan 2020 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-…
∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in IBM WebSphere Application Server Affect IBM Sterling B2B Integrator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera…
∗∗∗ Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-cast-iron-s…
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: Information Disclosure Security Vulnerability Exists in IBM Sterling B2B Integrator (CVE-2020-4312) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-se…
∗∗∗ FreeBSD: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0453
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 11-05-2020 18:00 − Dienstag 12-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Astaroth’s New Evasion Tactics Make It ‘Painful to Analyze’ ∗∗∗
---------------------------------------------
The infostealer has gone above and beyond in its new anti-analysis and obfuscation tactics.
---------------------------------------------
https://threatpost.com/astaroths-evasion-tactics-painful-analyze/155633/
∗∗∗ Anubis Malware Upgrade Logs When Victims Look at Their Screens ∗∗∗
---------------------------------------------
Threat actors are cooking up new features for the sophisticated banking trojan that targets Google Android apps and devices.
---------------------------------------------
https://threatpost.com/anubis-malware-upgrade-victims-screens/155644/
∗∗∗ Analyzing Dark Crystal RAT, a C# backdoor ∗∗∗
---------------------------------------------
[...] The FLARE Team helps augment our threat intelligence by reverse engineering malware samples. Recently, FLARE worked on a new C# variant of Dark Crystal RAT (DCRat) that the threat intel team passed to us. We reviewed open source intelligence and prior work, performed sandbox testing, and reverse engineered the Dark Crystal RAT to review its capabilities [...]
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2020/05/analyzing-dark-crystal-…
∗∗∗ Profilbesuche auf Facebook erkennen – Geht das? ∗∗∗
---------------------------------------------
Auf Facebook kursiert momentan ein Link, der es angeblich ermöglicht, Profilzugriffe anzuzeigen. Das macht natürlich neugierig. Doch Vorsicht: Sie landen auf einer Phishing-Seite! Kriminelle greifen Ihre Facebook-Login-Daten ab und posten betrügerische Beiträge in Ihrem Namen. Und: Facebook bietet kein Tool an, dass Ihnen anzeigt, wer auf Ihrem Profil war.
---------------------------------------------
https://www.watchlist-internet.at/news/profilbesuche-auf-facebook-erkennen-…
∗∗∗ Rückblick auf das erste Drittel 2020 ∗∗∗
---------------------------------------------
Jänner: BMEIA, Shitrix, BlueGate – ein besinnlicher Jahresbeginn
Februar: Die (fast) letzten Augenblicke von TLS
März und April: COVID-19 oder "Im Cyber nix neues"
---------------------------------------------
https://cert.at/de/blog/2020/5/ruckblick-auf-das-erste-drittel-2020
=====================
= Vulnerabilities =
=====================
∗∗∗ Adobe fixes critical vulnerabilities in Acrobat, Reader, and DNG SDK ∗∗∗
---------------------------------------------
Adobe has released security updates for Adobe Acrobat, Reader, and Adobe DNG Software Development Kit that resolve a combined total of thirty-six security vulnerabilities in the three products.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-vulnera…
∗∗∗ Siemens SSA-352504: Urgent/11 TCP/IP Stack Vulnerabilities in Siemens Power Meters ∗∗∗
---------------------------------------------
Siemens low & high voltage power meters are affected by multiple security vulnerabilities due to the underlying Wind River VxWorks network stack. This stack is affected by eleven vulnerabilities known as the "URGENT/11".
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-352504.txt
∗∗∗ TYPO3 Core version 10.4.2 fixes multiple vulnerabilities ∗∗∗
---------------------------------------------
TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset
TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine
TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling
TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized
TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings
TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface
---------------------------------------------
https://typo3.org/help/security-advisories/typo3-cms
∗∗∗ TYPO3 - vulnerabilities in multiple extensions - 2020-05-12 ∗∗∗
---------------------------------------------
TYPO3-EXT-SA-2020-004: SQL Injection in extension "phpMyAdmin" (phpmyadmin)
TYPO3-EXT-SA-2020-005: Multiple vulnerabilities in extension "Direct Mail" (direct_mail)
TYPO3-EXT-SA-2020-006: Broken Access Control in extension "gForum" (g_forum)
TYPO3-EXT-SA-2020-007: Sensitive Data Exposure in extension "Job Fair" (jobfair)
TYPO3-EXT-SA-2020-008: Cross-Site Scripting in "SVG Sanitizer" (svg_sanitizer)
---------------------------------------------
https://typo3.org/help/security-advisories/typo3-extensions
∗∗∗ Sicherheitspatches: Online-Foren über vBulletin-Lücke attackierbar ∗∗∗
---------------------------------------------
Es sind mehrere abgesicherte Version der Foren-Software vBulletin erschienen.
---------------------------------------------
https://heise.de/-4719217
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (a2ps and qutebrowser), openSUSE (cacti, cacti-spine, ghostscript, and python-markdown2), Oracle (kernel), Red Hat (chromium-browser, libreswan, and qemu-kvm-ma), Scientific Linux (thunderbird), and SUSE (kernel and libvirt).
---------------------------------------------
https://lwn.net/Articles/820307/
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/2020/05/
∗∗∗ Bitdefender Antivirus: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0441
∗∗∗ Exim: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0444
∗∗∗ Symantec Endpoint Protection: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0443
∗∗∗ SAP Patchday Mai 2020 ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0442
∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0449
∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Manipulation von Dateien ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0448
∗∗∗ F5 BIG-IP: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0445
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 08-05-2020 18:00 − Montag 11-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Sodinokibi ransomware can now encrypt open and locked files ∗∗∗
---------------------------------------------
The Sodinokibi (REvil) ransomware has added a new feature that makes it easier to encrypt all files, even those that are opened and locked by another process.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-can-no…
∗∗∗ Thunderspy: Nicht patchbare Sicherheitslücken in Thunderbolt ∗∗∗
---------------------------------------------
Mit einem Schraubendreher und einem SPI-Programmer lassen sich zentrale Sicherheitsfunktionen von Thunderbolt deaktivieren.
---------------------------------------------
https://www.golem.de/news/thunderspy-nicht-patchbare-sicherheitsluecken-in-…
∗∗∗ Sphinx Malware Returns to Riddle U.S. Targets ∗∗∗
---------------------------------------------
The banking trojan has upgraded and is seeing a resurgence on the back of coronavirus stimulus payment themes.
---------------------------------------------
https://threatpost.com/sphinx-riddle-us-targets-modifications/155621/
∗∗∗ Lieferzeiten & Zahlung beim Online-Shopping: Das sind Ihre Rechte ∗∗∗
---------------------------------------------
Der Watchlist Internet werden in letzter Zeit vermehrt Online-Shops gemeldet, die zwar nicht unbedingt Fake-Shops sind, sich jedoch durch verzögerte Lieferzeiten nicht an geltende Gesetze halten. Aber welche Rechte haben Sie als Konsumentin oder Konsument eigentlich? Was können Sie machen, wenn sich ein Online-Shop nicht an die vereinbarte Lieferzeit hält? Wann müssen Sie Bestellungen bezahlen? Wie können Sie Ihre Rechte geltend machen?
---------------------------------------------
https://www.watchlist-internet.at/news/lieferzeiten-zahlung-beim-online-sho…
∗∗∗ Intel und Microsoft entwickeln Deep-Learning-Technik zur Malware-Analyse ∗∗∗
---------------------------------------------
Das Stamina genannte Projekt wandelt Dateien in Graustufen-Bilder um. Microsoft analysiert die Bilder auf Textur- und Struktur-Muster. Bei Tests erreicht das System eine Genauigkeit von mehr als 99 Prozent.
---------------------------------------------
https://www.zdnet.de/88379578/intel-und-microsoft-entwickeln-deep-learning-…
=====================
= Vulnerabilities =
=====================
∗∗∗ Vulnerabilities Patched in Page Builder by SiteOrigin Affects Over 1 Million Sites ∗∗∗
---------------------------------------------
On Monday, May 4, 2020, the Wordfence Threat Intelligence team discovered two vulnerabilities present in Page Builder by SiteOrigin, a WordPress plugin actively installed on over 1,000,000 sites. Both of these flaws allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser.
---------------------------------------------
https://www.wordfence.com/blog/2020/05/vulnerabilities-patched-in-page-buil…
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium and firefox), Debian (libntlm, squid, thunderbird, and wordpress), Fedora (chromium, community-mysql, crawl, roundcubemail, and xen), Mageia (chromium-browser-stable), openSUSE (chromium, firefox, LibVNCServer, openldap2, opera, ovmf, php7, python-PyYAML, rpmlint, rubygem-actionview-5_1, slirp4netns, sqliteodbc, squid, thunderbird, and webkit2gtk3), Oracle (firefox, git, gnutls, kernel, libvirt, squid, and targetcli), Red Hat [...]
---------------------------------------------
https://lwn.net/Articles/820196/
∗∗∗ VMware to Patch Recent Salt Vulnerabilities in vROps ∗∗∗
---------------------------------------------
VMware is working on patches for its vRealize Operations Manager (vROps) product to fix two recently disclosed Salt vulnerabilities that have already been exploited to hack organizations. read more
---------------------------------------------
https://www.securityweek.com/vmware-patch-recent-salt-vulnerabilities-vrops
∗∗∗ Data leak, phishing security flaws disclosed in Oracle iPlanet Web Server ∗∗∗
---------------------------------------------
Security patches will not be issued to fix the problems.
---------------------------------------------
https://www.zdnet.com/article/data-leak-phishing-security-flaws-exposed-in-…
∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200506-…
∗∗∗ Security Bulletin: CVE-2019-4667 Lack of Built in HSTS option ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4667-lack-of-bui…
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-12406) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln…
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-4720) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln…
∗∗∗ Security Bulletin: A Security Vulnerability in IBM Java Runtime affects IBM Cloud Private (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-…
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Private – Node.js (CVE-2019-15605, CVE-2019-15606) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-…
∗∗∗ Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-cast-iron-s…
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-17495) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln…
∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cloud Private ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 07-05-2020 18:00 − Freitag 08-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Blue Mockingbird Monero-Mining Campaign Exploits Web Apps ∗∗∗
---------------------------------------------
The cybercriminals are using a deserialization vulnerability, CVE-2019-18935, to achieve remote code execution before moving laterally through the enterprise.
---------------------------------------------
https://threatpost.com/blue-mockingbird-monero-mining/155581/
∗∗∗ Navigating the MAZE: Tactics, Techniques and Procedures Associated WithMAZE Ransomware Incidents ∗∗∗
---------------------------------------------
Targeted ransomware incidents have brought a threat of disruptive and destructive attacks to organizations across industries and geographies. FireEye Mandiant Threat Intelligence has previously documented this threat in our investigations of trends across ransomware incidents, FIN6 activity, implications for OT networks, and other aspects of post-compromise ransomware deployment.
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-proc…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr, salt, and webkit2gtk), Fedora (firefox, mingw-gnutls, nss, and teeworlds), Mageia (firefox, libvncserver, matio, qt4, roundcubemail, samba, thunderbird, and vlc), Oracle (firefox and squid), SUSE (firefox, ghostscript, openldap2, rmt-server, syslog-ng, and webkit2gtk3), and Ubuntu (firefox).
---------------------------------------------
https://lwn.net/Articles/819969/
∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0436
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: Vulnerabilities exist in IBM Data Risk Manager (CVE-2020-4427, CVE-2020-4428, CVE-2020-4429, and CVE-2020-4430) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-exist-in-…
∗∗∗ Security Bulletin: Security vulnerabilities in Dojo and jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-…
∗∗∗ Security Bulletin: Multiple security vulnerabilities in Swagger UI affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera…
∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 06-05-2020 18:00 − Donnerstag 07-05-2020 18:00
Handler: n/a
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Gefährliche Schadsoftware-Mail im Namen von A1 ∗∗∗
---------------------------------------------
Nehmen Sie sich vor einer gefälschten A1-Mail mit dem Betreff *Wichtige Mitteilung* in Acht. Es handelt sich um eine Nachricht, die von Kriminellen verschickt wird, die Schadsoftware auf Ihrem Smartphone installieren wollen. Wenn Sie den Aufforderungen nachkommen, können die VerbrecherInnen sensible Daten von Ihrem Mobiltelefon stehlen.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaehrliche-schadsoftware-mail-im-n…
∗∗∗ Large scale Snake Ransomware campaign targets healthcare, more ∗∗∗
---------------------------------------------
The operators of the Snake Ransomware have launched a worldwide campaign of cyberattacks that have infected numerous businesses and at least one health care organization over the last few days.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/large-scale-snake-ransomware…
∗∗∗ Cisco Webex phishing uses fake cert errors to steal credentials ∗∗∗
---------------------------------------------
A highly convincing series of phishing attacks are using fake certificate error warnings with graphics and formatting lifted from Cisco Webex emails to steal users account credentials.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cisco-webex-phishing-uses-fa…
∗∗∗ Keep your IR on the Ball ∗∗∗
---------------------------------------------
Even with the myriad of security tools we have at our disposal today, cybercriminals are still able to penetrate our networks. Is it really necessary to have a Cyber Incident Response Plan in place?
---------------------------------------------
https://www.domaintools.com/resources/blog/keep-your-ir-on-the-ball
∗∗∗ How a favicon delivered a web credit card skimmer to victims ∗∗∗
---------------------------------------------
Cyber crooks deploying web credit card skimmers on compromised Magento websites have a new trick up their sleeve: favicons that “turn” malicious when victims visit a checkout page.
---------------------------------------------
https://www.helpnetsecurity.com/2020/05/07/favicons-card-skimmers/
∗∗∗ Combined Attack on Elementor Pro and Ultimate Addons for Elementor Puts 1 Million Sites at Risk ∗∗∗
---------------------------------------------
On May 6, 2020, our Threat Intelligence team received reports of active exploitation of vulnerabilities in two related plugins, Elementor Pro and Ultimate Addons for Elementor. We have reviewed the log files of compromised sites to confirm this activity. As this is an active attack, we wanted to alert you so that you can take [...]
---------------------------------------------
https://www.wordfence.com/blog/2020/05/combined-attack-on-elementor-pro-and…
=====================
= Vulnerabilities =
=====================
∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB20-24) ∗∗∗
---------------------------------------------
A prenotification security advisory (APSB20-24) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, May 12, 2020. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well as the Adobe PSIRT Blog.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1869
∗∗∗ Cisco Security Advisories ∗∗∗
---------------------------------------------
Cisco has released 34 Security Advisories for multiple products on 2020-05-06.
12 rated "High"
22 rated "Medium"
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&first…
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr, keystone, mailman, and tomcat9), Fedora (ceph, firefox, java-1.8.0-openjdk, libldb, nss, samba, seamonkey, and suricata), Oracle (kernel), Scientific Linux (firefox and squid), SUSE (libvirt, php7, slirp4netns, and webkit2gtk3), and Ubuntu (linux-firmware and openldap).
---------------------------------------------
https://lwn.net/Articles/819761/
∗∗∗ For six years Samsung smartphone users have been at risk from critical security bug. Patch now ∗∗∗
---------------------------------------------
Samsung has released a security update for its popular Android smartphones which includes a critical fix for a vulnerability that affects all devices sold by the manufacturer since 2014.
---------------------------------------------
https://www.tripwire.com/state-of-security/security-data-protection/six-yea…
∗∗∗ Joomla: Schwachstelle ermöglicht SQL-Injection ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0425
∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0424
∗∗∗ [webapps] Draytek VigorAP 1000C - Persistent Cross-Site Scripting ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/48436
∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics Subscription ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja…
∗∗∗ Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-…
∗∗∗ Security Bulletin: Multiple vulnerabilities in Node.js affects IBM App Connect Enterprise V11 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: Vulnerability CVE-2020-8492 in Python affects IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2020-84…
∗∗∗ Security Bulletin: Vulnerability CVE-2019-18348 in Python affects IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2019-18…
∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-2949-may-affect-…
∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics Subscription ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja…
∗∗∗ Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssh-…
∗∗∗ Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2019-1551 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-for-hp-nonst…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 05-05-2020 18:00 − Mittwoch 06-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Vorsicht: Betrügerische FinanzOnline E-Mails im Umlauf ∗∗∗
---------------------------------------------
„Ihre Steuerrückerstattung von 1.850 EUR wurde zurückerstattet“ heißt es in einer E-Mail, angeblich vom Finanzamt. Doch Vorsicht: Dieses E-Mail stammt nicht vom Finanzamt, sondern von Kriminellen. Klicken Sie keinesfalls auf den Link, Sie landen auf einer gefälschten FinanzOnline-Seite. Kriminelle stehlen mit dieser nachgebauten FinanzOnline-Website sensible Daten!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-betruegerische-finanzonline…
∗∗∗ Least Privilege: The Most Effective Approach to Endpoint Security ∗∗∗
---------------------------------------------
I always try to remind people that the principle of least privilege is not just about security, but about productivity as well. I have multiple customers who have decreased the number of tickets to their service desk by a whopping 75% by getting rid of end-user admin rights.
---------------------------------------------
https://www.beyondtrust.com/blog/entry/least-privilege-the-most-effective-a…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (libmicrodns and salt), Debian (graphicsmagick, salt, sqlite3, and wordpress), Fedora (java-11-openjdk), openSUSE (chromium and sqliteodbc), Red Hat (firefox, squid, and squid:4), Slackware (firefox and thunderbird), SUSE (ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, [...]
---------------------------------------------
https://lwn.net/Articles/819600/
∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Private – Go (CVE-2019-16276) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-…
∗∗∗ Security Bulletin: IBM Maximo Anywhere does not have device jailbreak detection. (CVE-2019-4266) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-anywhere-does-…
∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect for Enterprise Resource Planning on Windows (CVE-2019-4732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java…
∗∗∗ Security Bulletin: Information disclosure vulnerability affecting IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4446 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu…
∗∗∗ Security Bulletin: Potential spoofing attack in Webshere Application Server (CVE-2020-4421) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-potential-spoofing-attack…
∗∗∗ Security Bulletin: IBM InfoSphere QualityStage is affected by a Cross-site scripting vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-qualitysta…
∗∗∗ HPESBHF03966 rev.1 - HPE Servers with certain Intel Core and Xeon Processors System Memory Management (SMM), Local Disclosure of Privileged Information ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n…
∗∗∗ HPESBHF03934 rev.1 - HPE CloudLIne servers using AMI BMC Remote Unauthorized Disclosure of Information, Unauthorized Modification and Denial of Service ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n…
∗∗∗ HPESBHF03961 rev.1 - Certain HPE Servers with 6th Generation Intel Core Processors and greater supporting SGX and TXT, Local Disclosure of Privileged Information ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 04-05-2020 18:00 − Dienstag 05-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Weitere Zero-Day-Schwachstelle in iOS: Apps können aus Sandbox ausbrechen ∗∗∗
---------------------------------------------
Mit manipulierten XML-Kommentaren ist es Apps auf iPhone und iPad offenbar möglich, sich ungehindert beliebige Berechtigungen einzuräumen.
---------------------------------------------
https://heise.de/-4714373
∗∗∗ Dell OS Recovery: Lücke in älteren Wiederherstellungs-Images für Windows 10 ∗∗∗
---------------------------------------------
Client-Systeme von Dell, auf denen Windows 10 mit einem älteren Recovery-Image wiederhergestellt wurde, benötigen ein Sicherheitsupdate.
---------------------------------------------
https://heise.de/-4714810
∗∗∗ New VCrypt Ransomware locks files in password-protected 7ZIPs ∗∗∗
---------------------------------------------
A new ransomware called VCrypt is targeting French victims by utilizing the legitimate 7zip command-line program to create password-protected archives of data folders.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-vcrypt-ransomware-locks-…
∗∗∗ LockBit ransomware self-spreads to quickly encrypt 225 systems ∗∗∗
---------------------------------------------
A feature of the LockBit ransomware allows threat actors to breach a corporate network and deploy their ransomware to encrypt hundreds of devices in just a few hours.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-self-spre…
∗∗∗ Airplane Hack Exposes Weaknesses of Alert and Avoidance Systems ∗∗∗
---------------------------------------------
Researchers warn commercial airplane systems can be spoofed impacting flight safety of nearby aircraft.
---------------------------------------------
https://threatpost.com/airplane-hack-exposes-weaknesses-of-alert-and-avoida…
∗∗∗ New Kaiji Botnet Targets IoT, Linux Devices ∗∗∗
---------------------------------------------
The botnet uses SSH brute-force attacks to infect devices and uses a custom implant written in the Go Language.
---------------------------------------------
https://threatpost.com/kaiji-botnet-iot-linux-devices/155463/
∗∗∗ Nearly a Million WP Sites Targeted in Large-Scale Attacks ∗∗∗
---------------------------------------------
Our Threat Intelligence Team has been tracking a sudden uptick in attacks targeting Cross-Site Scripting(XSS) vulnerabilities that began on April 28, 2020 and increased over the next few days to approximately 30 times the normal volume we see in our attack data. The majority of these attacks appear to be caused by a single threat [...]
---------------------------------------------
https://www.wordfence.com/blog/2020/05/nearly-a-million-wp-sites-targeted-i…
=====================
= Vulnerabilities =
=====================
∗∗∗ Patchday: Google macht verschiedene Android-Versionen sicherer ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für Android. Zwei Lücken gelten als kritisch.
---------------------------------------------
https://heise.de/-4714596
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ansible, ntp, and roundcube), Fedora (libldb and samba), Mageia (chromium-browser-stable, crawl, dolphin-emu, exiv2, fortune-mod, gnuchess, kernel, libsndfile, openexr, openldap, openvpn, qtbase5, ruby-json, squid, teeworlds, and webkit2), Red Hat (sqlite), and SUSE (icu, mailman, nginx, rmt-server, rpmlint, and rubygem-actionview-5_1).
---------------------------------------------
https://lwn.net/Articles/819517/
∗∗∗ Citrix ShareFile storage zones Controller multiple security updates ∗∗∗
---------------------------------------------
Security issues have been identified in customer-managed Citrix ShareFile storage zone controllers. These vulnerabilities, if exploited, would allow an unauthenticated attacker to compromise the storage zones controller potentially giving an attacker the ability to access ShareFile users’ documents and folders.
---------------------------------------------
https://support.citrix.com/article/CTX269106
∗∗∗ Security Bulletin: Java Vulnerability Impacts IBM Control Center (CVE-2019-4723) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerability-impact…
∗∗∗ Security Bulletin: Vulnerability in Ubuntu affects IBM Workload Scheduler 9.5 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ubuntu-a…
∗∗∗ Security Bulletin: Muluple vulnerabilities in Ubuntu affect IBM Workload Scheduler 9.5 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-muluple-vulnerabilities-i…
∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Automation Manager – Go (CVE-2019-17596) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-…
∗∗∗ Security Bulletin: Vulnerability in Ubuntu affects IBM Workload Scheduler 9.5 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ubuntu-a…
∗∗∗ Security Bulletin: Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-12406) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-denial-of-servi…
∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Automation Manager – Node.js (CVE-2019-10747) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-…
∗∗∗ Security Bulletin: Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-4720) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-denial-of-servi…
∗∗∗ Security Bulletin: Multiple Vulnerabilities in Ubuntu affect IBM Workload Scheduler 9.5 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Digital Payments (CVE-2019-4732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 30-04-2020 18:00 − Montag 04-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ New phishing campaign packs an info-stealer, ransomware punch ∗∗∗
---------------------------------------------
A new phishing campaign is distributing a double-punch of a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-phishing-campaign-packs-…
∗∗∗ Jetzt patchen! Angreifer attackieren Oracle WebLogic Server ∗∗∗
---------------------------------------------
Derzeit haben es Angreifer unter anderem auf eine kritische Sicherheitslücke in Oracle WebLogic Server abgesehen.
---------------------------------------------
https://heise.de/-4713619
∗∗∗ Power Supply Can Turn Into Speaker for Data Exfiltration Over Air Gap ∗∗∗
---------------------------------------------
A researcher has demonstrated that threat actors could exfiltrate data from an air-gapped device over an acoustic channel even if the targeted machine does not have any speakers, by abusing the power supply.
---------------------------------------------
https://www.securityweek.com/power-supply-can-turn-speaker-data-exfiltratio…
∗∗∗ Vorsicht vor gefährlichen VPN-Diensten ∗∗∗
---------------------------------------------
VPN-Dienste sind momentan gefragt wie nie zuvor. „Virtuelle private Netzwerke“ erhalten besonders durch verstärktes Home-Office Zulauf. Sie ermöglichen beispielsweise sicheren Zugriff auf Firmennetzwerke von zu Hause aus. Doch Vorsicht: Die hohe Nachfrage wird von Kriminellen ausgenützt. Sie kopieren Websites echter VPN-Dienste und laden gefährliche Schadsoftware auf die Systeme ihrer Opfer!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-gefaehrlichen-vpn-diens…
∗∗∗ CursedChrome turns your browser into a hackers proxy ∗∗∗
---------------------------------------------
CursedChrome shows how hackers can take full control over your Chrome browser using just one extension.
---------------------------------------------
https://www.zdnet.com/article/cursedchrome-turns-your-browser-into-a-hacker…
∗∗∗ Angriffe auf Salt, LineageOS, Ghost und Digicert ∗∗∗
---------------------------------------------
Hacker nutzen Schwachstellen aus, um Systeme zu attackieren. Im Blickpunkt stehen aktuell der SaltStack, das Handy-Betriebssystem LineageOS, die Bloggerplattform Ghost und der Zertifizierungsanbieter Digicert.
---------------------------------------------
https://www.zdnet.de/88379335/angriffe-auf-salt-lineageos-ghost-und-digicer…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (git, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, python-twisted-web, and thunderbird), Debian (dom4j, miniupnpc, otrs2, pound, ruby2.1, vlc, w3m, and yodl), Fedora (git, java-latest-openjdk, mingw-libxml2, php-horde-horde, pxz, sqliteodbc, and xen), Gentoo (cacti, django, fontforge, and libu2f-host), openSUSE (cacti, cacti-spine, chromium, python-typed-ast, and salt), Red Hat (gnutls and kernel), SUSE (kernel), and Ubuntu (edk2).
---------------------------------------------
https://lwn.net/Articles/819200/
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (mailman, openldap, pound, tomcat8, and trafficserver), Fedora (chromium, java-11-openjdk, kernel, openvpn, pxz, and rubygem-json), openSUSE (apache2, bouncycastle, chromium, git, python-typed-ast, resource-agents, ruby2.5, samba, squid, webkit2gtk3, and xen), Slackware (seamonkey), SUSE (LibVNCServer and permissions), and Ubuntu (mysql-5.7, mysql-8.0).
---------------------------------------------
https://lwn.net/Articles/819394/
∗∗∗ TP-Link Patches Multiple Vulnerabilities in NC Cloud Cameras ∗∗∗
---------------------------------------------
TP-Link has released firmware updates to address several vulnerabilities in its NC series cloud cameras, including bugs that could lead to the remote execution of arbitrary commands.
---------------------------------------------
https://www.securityweek.com/tp-link-patches-multiple-vulnerabilities-nc-cl…
∗∗∗ Synology-SA-20:11 SRM ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to conduct denial-of-service attacks via a susceptible version of SRM.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_11
∗∗∗ Synology-SA-20:10 WordPress ∗∗∗
---------------------------------------------
Multiple vulnerabilities allow remote attackers to inject arbitrary web script or HTML via a susceptible version of WordPress.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_10
∗∗∗ Security Bulletin: Vulnerability in Xerces-C (CVE-2018-1311) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-xerces-c…
∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java…
∗∗∗ Security Bulletin: OpenSSL disclosed vulnerability affects MessageGatweay (CVE-2020-1967) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-disclosed-vulnera…
∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect for Enterprise Resource Planning on Windows (CVE-2019-4732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java…
∗∗∗ Security Bulletin: Windows DLL injection vulnerability in IBM Java Runtime affects Collaboration and Deployment Services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-windows-dll-injection-vul…
∗∗∗ Security Bulletin: IBM MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2019-1551 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-ser…
∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-we…
∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja…
∗∗∗ Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0409
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 29-04-2020 18:00 − Donnerstag 30-04-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Microsoft Sway abused in PerSwaysion spear-phishing operation ∗∗∗
---------------------------------------------
Multiple threat actors running phishing attacks on corporate targets have been counting on Microsoft Sway service to trick victims into giving their Office 365 login credentials.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-sway-abused-in-per…
∗∗∗ „Sarah“ verschickt gefälschte HOFER-Umfrage ∗∗∗
---------------------------------------------
Unter dem Namen „Sarah“ verschicken Kriminelle derzeit willkürlich SMS mit einem Link, der zu einem gefälschten HOFER-Treueprogramm führt. Versprochen werden exklusive Preise, sofern an einer Umfrage zur Kundenzufriedenheit teilgenommen wird. Wir haben uns das vermeintliche Treueprogramm genauer angeschaut. Unser Fazit: Die versprochenen Preise erhalten Sie nicht. Stattdessen hoffen die BetrügerInnen, dass sie ein Abo abschließen. Dieses würde Sie [...]
---------------------------------------------
https://www.watchlist-internet.at/news/sarah-verschickt-gefaelschte-hofer-u…
∗∗∗ Cybercriminals are using Google reCAPTCHA to hide their phishing attacks ∗∗∗
---------------------------------------------
Security researchers say that they are seeing cybercriminals deploying Google’s reCAPTCHA anti-bot tool in an effort to avoid early detection of their malicious campaigns.
---------------------------------------------
https://hotforsecurity.bitdefender.com/blog/cybercriminal-are-using-google-…
∗∗∗ Cybereason warnt vor neuem mobilen Banking-Trojaner ∗∗∗
---------------------------------------------
EventBot ist erst seit März 2020 im Umlauf. Die Malware stiehlt Daten von Finanz-Apps und hebelt die 2-Faktor-Authentifizierung auf. Die Hintermänner sind so in der Lage, geschäftliche und private Finanztransaktionen zu kapern.
---------------------------------------------
https://www.zdnet.de/88379272/cybereason-warnt-vor-neuem-mobilen-banking-tr…
=====================
= Vulnerabilities =
=====================
∗∗∗ Salt peppered with holes? Automation tool vulnerable to auth bypass: Patch now ∗∗∗
---------------------------------------------
The Salt configuration tool has patched two vulnerabilities whose combined effect was to expose Salt installations to complete control by an attacker. A patch for the issues was released last night, but systems that are not set to auto-update may still be vulnerable.
---------------------------------------------
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/04/30/salt_aut…
∗∗∗ WordPress Releases Security Update ∗∗∗
---------------------------------------------
WordPress 5.4 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 5.4.1.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2020/04/30/wordpress-releases…
∗∗∗ macOS: Sandbox-Ausbruch per Editor ∗∗∗
---------------------------------------------
In TextEdit steckt ein Bug, mit dem böswillige Apps eigentlich verbotene Kommandos ausführen können.
---------------------------------------------
https://heise.de/-4712045
∗∗∗ High Severity Vulnerability Patched in Ninja Forms ∗∗∗
---------------------------------------------
On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress plugin with over 1 million installations. This vulnerability could allow an attacker to trick an administrator into importing a contact form containing malicious JavaScript and replace any existing contact form with the malicious version.
---------------------------------------------
https://www.wordfence.com/blog/2020/04/high-severity-vulnerability-patched-…
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, git, and webkit2gtk), Debian (nodejs and tiff), Fedora (libxml2, php-horde-horde, pxz, and sqliteodbc), Oracle (python-twisted-web), Red Hat (chromium-browser, git, and rh-git218-git), Scientific Linux (python-twisted-web), SUSE (ceph, kernel, munge, openldap2, salt, squid, and xen), and Ubuntu (mailman, python3.8, samba, and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/819064/
∗∗∗ Synology-SA-20:08 Cloud Station Backup ∗∗∗
---------------------------------------------
A vulnerability allows local users to execute arbitrary code via a susceptible version of Cloud Station Backup.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_08_Cloud…
∗∗∗ Synology-SA-20:07 Synology Calendar ∗∗∗
---------------------------------------------
Multiple vulnerabilities allow remote authenticated users to download arbitrary files or hijack the authentication of administrators via a susceptible version of Synology Calendar.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_07_Synol…
∗∗∗ Synology-SA-20:06 DSM ∗∗∗
---------------------------------------------
Multiple vulnerabilities allow remote authenticated users to conduct denial-of-service attacks or obtain user credentials via a susceptible version of DSM.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_06_DSM
∗∗∗ Citrix Hypervisor Security Update ∗∗∗
---------------------------------------------
An issue has been discovered in Citrix Hypervisor that, if exploited, could potentially allow an attacker on the management network to enumerate valid administrative account usernames. Note that this attack does not disclose the corresponding passwords [...]
---------------------------------------------
https://support.citrix.com/article/CTX272237
∗∗∗ Security Advisory - Invalid Pointer Access Vulnerability in Huawei OceanStor Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200429-…
∗∗∗ Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-1938) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-open-source-apache-tomcat…
∗∗∗ Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-2019-1551) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclose…
∗∗∗ Security Bulletin: Publicly disclosed vulnerability found by vFinder in IBM eDiscovery Analyzer ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner…
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ F5 BIG-IP: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0402
∗∗∗ The BIG-IP AFM ACL and IPI features may not function as designed ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K72423000
∗∗∗ Intel QAT cryptography driver vulnerability CVE-2020-5882 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K43815022
∗∗∗ The BIG-IP ASM system may fail to mask a configured sensitive parameter in the Referer header value ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K33572148
∗∗∗ BIG-IP APM logs may contain random data after the APM session ID ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K43404365
∗∗∗ BIG-IP SSL connection Alert Timeout security exposure ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K25165813
∗∗∗ BIG-IP may not detect invalid Transfer-Encoding headers ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K10701310
∗∗∗ HPESBMU03997 rev.1 - HPE Smart Update Manager (SUM), Remote Unauthorized Access ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n…
∗∗∗ OpenLDAP: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0405
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 28-04-2020 18:00 − Mittwoch 29-04-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Would You Have Fallen for This Phone Scam? ∗∗∗
---------------------------------------------
You may have heard that todays phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. But you probably didnt know that your bank may be making it super easy for thieves to impersonate the bank, by giving away information about recent transactions on your account via automated, phone-based customer support systems.
---------------------------------------------
https://krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-sc…
∗∗∗ Cloud Under Pressure: Keeping AWS Projects Secure ∗∗∗
---------------------------------------------
Amazon Web Services (AWS) allow organizations to take advantage of numerous services and capabilities. As the number of available options under the cloud infrastructure of the company grows, so too do the security risks and the possible weaknesses.
---------------------------------------------
https://www.tripwire.com/state-of-security/security-data-protection/cloud/c…
∗∗∗ Google Researchers Find Multiple Vulnerabilities in Apples ImageIO Framework ∗∗∗
---------------------------------------------
Google Project Zero security researchers have discovered multiple vulnerabilities in ImageIO, the image parsing API used by Apple’s iOS and macOS operating systems.
---------------------------------------------
https://www.securityweek.com/google-researchers-find-multiple-vulnerabiliti…
∗∗∗ Emotet C2 and RSA Key Update - 04/28/2020 23:59 ∗∗∗
---------------------------------------------
Emotet C2 and RSA Key - Update 04/28/2020 at 23:59 UTC
News: Still no Emotet back this week for spamming but once again more shennanigans with Trickbot installs doing option 42 to drop Emotet E2 as shown by Fate112 in his post here: https://twitter.com/tosscoinwitcher/status/1255259004164542464
Watch for the falling C2 combos… seems like they are doing a lot of spring cleaning as counts plummet as of late. Key and current C2 list below for each Epoch [...]
---------------------------------------------
https://paste.cryptolaemus.com/emotet/2020/04/28/emotet-c2-rsa-update-04-28…
∗∗∗ Check Point: Android-Ransomware verschlüsselt Dateien angeblich im Namen des FBI ∗∗∗
---------------------------------------------
Die Erpressersoftware fordert im Namen der US-Bundespolizei ein Lösegeld von 500 Dollar. Sie kann aber auch die vollständige Kontrolle über ein Smartphone übernehmen und weitere schädliche Apps installieren. Check Point vermutet die Hintermänner in Russland.
---------------------------------------------
https://www.zdnet.de/88379222/check-point-android-ransomware-verschluesselt…
=====================
= Vulnerabilities =
=====================
∗∗∗ Cisco IOS XE SD-WAN Software Command Injection Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Security Updates Available for Magento | APSB20-22 ∗∗∗
---------------------------------------------
Magento has released updates for Magento Commerce and Open Source editions. These updates resolve vulnerabilities rated Critical, Important and Moderate (severity ratings). Successful exploitation could lead to arbitrary code execution.
---------------------------------------------
https://helpx.adobe.com/security/products/magento/apsb20-22.html
∗∗∗ VMSA-2020-0008 ∗∗∗
---------------------------------------------
VMware ESXi patches address Stored Cross-Site Scripting (XSS) vulnerability (CVE-2020-3955)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2020-0008.html
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (kernel, openjdk-7, openjdk-8, and openldap), Fedora (openvpn), openSUSE (teeworlds and vlc), Red Hat (bind, binutils, bluez, container-tools:1.0, container-tools:2.0, container-tools:rhel8, cups, curl, dnsmasq, dpdk, e2fsprogs, edk2, evolution, exiv2, fontforge, freeradius:3.0, gcc, gdb, glibc, GNOME, grafana, GStreamer, libmad, and SDL, haproxy, ibus and glib2, irssi, kernel, kernel-rt, liblouis, libmspack, libreoffice, libsndfile, libtiff, libxml2, [...]
---------------------------------------------
https://lwn.net/Articles/818950/
∗∗∗ Advisory: Sophos XG Firewall: Asnarok Vulnerability - Actions required for SFM/CFM managed devices ∗∗∗
---------------------------------------------
This article outlines the remediation steps for XG Firewalls with severed connections to SFM and CFM central management product.
---------------------------------------------
https://community.sophos.com/kb/en-US/135429
∗∗∗ Advisory - Sophos XG Firewall v18: Upgrade from v17.5.x to v18 Build_354 will take longer than previous upgrades ∗∗∗
---------------------------------------------
https://community.sophos.com/kb/en-US/135437
∗∗∗ April 28, 2020 TNS-2020-03 [R1] Nessus Agent 7.6.3 Fixes Multiple Third-party Vulnerabilities ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2020-03
∗∗∗ Red Hat Security Advisories ∗∗∗
---------------------------------------------
https://access.redhat.com/errata/#/?q=&p=1&sort=portal_publication_date%20d…
∗∗∗ Security Bulletin: Vulnerability in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-webspher…
∗∗∗ Security Bulletin: Vulnerabilities exist in Watson Explorer (CVE-2019-4720, CVE-2019-12406) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-exist-in-…
∗∗∗ Security Bulletin: Vulnerabilities in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-websph…
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Jan 2020 CPU (CVE-2020-2583, CVE-2019-4732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: A vulnerability in in IBM® Runtime Environment Java™ Version affects IBM WIoTP MessageGateway (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-in-ibm…
∗∗∗ Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2019-1551) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affects-wat…
∗∗∗ Security Bulletin: Sensitive Information Disclosed in Logs (CVE-2019-4286) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-sensitive-information-dis…
∗∗∗ Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nss-nss-…
∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java…
∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 27-04-2020 18:00 − Dienstag 28-04-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Achtung Schadsoftware: Bundeskriminalamt warnt vor gefälschter Polizei-Mail ∗∗∗
---------------------------------------------
Zurzeit kursiert eine Mail mit dem Betreff "Letzte Einladung der Polizei". Darin werden die Empfänger aufgefordert, mit der Polizei Kontakt aufzunehmen und die Anhänge zu öffnen. Dabei handelt es sich mit hoher Wahrscheinlichkeit um Schadsoftware.
---------------------------------------------
http://www.bmi.gv.at/news.aspx?id=414F7246445856707A58773D
∗∗∗ Agent Tesla delivered by the same phishing campaign for over a year, (Tue, Apr 28th) ∗∗∗
---------------------------------------------
While going over malicious e-mails caught by our company gateway in March, I noticed that several of those, that carried ACE file attachments, appeared to be from the same sender. That would not be that unusual, but and after going through the historical logs, I found that e-mails from the same address with similar attachments were blocked by the gateway as early as March 2019.
---------------------------------------------
https://isc.sans.edu/diary/rss/26062
∗∗∗ Cybercrime: Führungskräfte geduldig ausspionieren und dann ausnehmen ∗∗∗
---------------------------------------------
Über Man-in-the-Middle-Attacken greift die "Florentiner Bankengruppe" gezielt Entscheidungsträger an – ein erfolgreiches Spiel auf Zeit.
---------------------------------------------
https://heise.de/-4710607
∗∗∗ New Version of Infection Monkey Maps to MITRE ATT&CK Framework ∗∗∗
---------------------------------------------
Guardicores open source breach and attack simulation platform Infection Monkey now maps its attack results to the MITRE ATT&CK framework, allowing users to quickly discover internal vulnerabilities and rapidly fix them.
---------------------------------------------
https://www.securityweek.com/new-version-infection-monkey-maps-mitre-attck-…
∗∗∗ Website-BetreiberInnen aufgepasst: Erpressungsmails im Umlauf ∗∗∗
---------------------------------------------
Zahlreiche Website-BetreiberInnen erhalten aktuell betrügerische Erpressungsmails. Kriminelle behaupten auf Englisch, sie hätten Ihre Website gehackt und nun Zugriff auf sämtliche Datensätze. Diese drohen sie zu veröffentlichen und Ihre KundInnen über das angebliche Datenleck zu informieren. Damit das nicht geschieht fordern sie 2000 USD in Form von Bitcoins. Gehen Sie nicht darauf ein, es handelt sich um ein betrügerisches Spam-E-Mail!
---------------------------------------------
https://www.watchlist-internet.at/news/website-betreiberinnen-aufgepasst-er…
∗∗∗ Anatomy of Formjacking Attacks ∗∗∗
---------------------------------------------
A detailed look at the fast-growing crime of formjacking, where cybercriminals hack a website to collect sensitive user information and steal credit card numbers.
---------------------------------------------
https://unit42.paloaltonetworks.com/anatomy-of-formjacking-attacks/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Bridge (APSB20-19) and Adobe Illustrator (APSB20-20). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1864
∗∗∗ High-Severity Vulnerabilities Patched in LearnPress ∗∗∗
---------------------------------------------
On March 16, 2020, LearnPress – WordPress LMS Plugin, a WordPress plugin with over 80,000 installations, patched a high-severity vulnerability that allowed subscriber-level users to elevate their permissions to those of an “LP Instructor”, a custom role with capabilities similar to the WordPress “author” role, including the ability to upload files and create posts containing [...]
---------------------------------------------
https://www.wordfence.com/blog/2020/04/high-severity-vulnerabilities-patche…
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox, java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, qemu-kvm, and thunderbird), Debian (qemu and ruby-json), Fedora (chromium, haproxy, and libssh), openSUSE (cacti, cacti-spine and teeworlds), Oracle (kernel), SUSE (apache2, git, kernel, ovmf, and xen), and Ubuntu (cups, file-roller, and re2c).
---------------------------------------------
https://lwn.net/Articles/818821/
∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2020-0005 ∗∗∗
---------------------------------------------
Date Reported: April 27, 2020 Advisory ID: WSA-2020-0005 CVE identifiers: CVE-2020-3885, CVE-2020-3894,CVE-2020-3895, CVE-2020-3897,CVE-2020-3899, CVE-2020-3900,CVE-2020-3901, CVE-2020-3902. Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2020-3885 Versions affected: WebKitGTK before 2.28.0 and WPE WebKit before2.28.0. Credit to Ryan Pickren (ryanpickren.com). Impact: A file URL may be incorrectly processed. Description: Alogic issue was addressed with improved [...]
---------------------------------------------
https://webkitgtk.org/security/WSA-2020-0005.html
∗∗∗ IntelMQ Manager release 2.1.1 fixes critical security issue ∗∗∗
---------------------------------------------
The IntelMQ Manager version 2.1.1 released yesterday fixes a Remote Code Execution flaw (CWE-78: OS Command Injection). The documentation for version 2.1.1 and installation instructions can be found on our GitHub repository. Always run IntelMQ Manager instances in private networks with proper authentication & TLS. Further, restrict access to the tool to web-browsers which can only access internal web-sites, as workaround for existing CSRF issues. See also our security considerations with [...]
---------------------------------------------
https://cert.at/en/blog/2020/4/intelmq-manager-release-211-fixes-critical-s…
∗∗∗ Security Bulletin: CVE-2019-1552 vulnerability in OpenSSL affect IBM Workload Scheduler ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-1552-vulnerabili…
∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a denial of service that affect TXSeries for Multiplatforms ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser…
∗∗∗ Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in…
∗∗∗ Security Bulletin: NVIDIA Windows and Linux GPU Display drivers are have resolved several security vulnerabilities as described below. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-nvidia-windows-and-linux-…
∗∗∗ Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM)(CVE-2019-12418, CVE-2019-17563) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-open-source-apache-tomcat…
∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a denial of service that affect IBM CICS TX on Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser…
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect TXSeries for Multiplatforms ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect DB2 Recovery Expert for Linux, Unix and Windows(IBM SDK, Java Technology Edition Quarterly CPU – Jan 2020) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java…
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Jan 2020 CPU (CVE-2020-2583, CVE-2019-4732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ HPESBHF03970 rev.1 - HPE Products with Intel Ethernet 700 Series Processors, Local Escalation of Privilege, Local Denial of Service ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n…
∗∗∗ Samba: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0377
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 24-04-2020 18:00 − Montag 27-04-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ BazarBackdoor: TrickBot gang’s new stealthy network-hacking malware ∗∗∗
---------------------------------------------
A new phishing campaign is delivering a new stealthy backdoor from the developers of TrickBot that is used to compromise and gain full access to corporate networks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/bazarbackdoor-trickbot-gang-…
∗∗∗ Asnarök malware exploits firewall zero-day to steal credentials ∗∗∗
---------------------------------------------
Some Sophos firewall products were attacked with a new Trojan malware, dubbed Asnarök by researchers cyber-security firm Sophos, to steal usernames and hashed passwords starting with April 22 according to an official timeline.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/asnar-k-malware-exploits-fir…
∗∗∗ Shade Ransomware shuts down, releases 750K decryption keys ∗∗∗
---------------------------------------------
The operators behind the Shade Ransomware (Troldesh) have shut down their operations, released over 750,000 decryption keys, and apologized for the harm they caused their victims.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/shade-ransomware-shuts-down-…
∗∗∗ Eight Common OT / Industrial Firewall Mistakes ∗∗∗
---------------------------------------------
Firewalls are easy to misconfigure. While the security consequences of such errors may be acceptable for some firewalls, the accumulated risks of misconfigured firewalls in a defense-in-depth OT network architecture are generally unacceptable.
---------------------------------------------
https://threatpost.com/waterfall-eight-common-ot-industrial-firewall-mistak…
∗∗∗ Understanding the basics of API security ∗∗∗
---------------------------------------------
This is the first of a series of articles that introduces and explains application programming interfaces (API) security threats, challenges, and solutions for participants in software development, operations, and protection.
---------------------------------------------
https://www.helpnetsecurity.com/2020/04/27/basics-api-security/
∗∗∗ GDPR.EU has er… a data leakage issue ∗∗∗
---------------------------------------------
The web site GDPR.EU is an advice site ‘operated by Proton Technologies AG, co-funded by … the EU Horizon Framework’. It’s full of useful advice for organisations that need to [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/gdpr-eu-has-er-a-data-leakage…
=====================
= Vulnerabilities =
=====================
∗∗∗ Hacker nutzen Zero-Day-Lücke in Sophos-Firewall aus ∗∗∗
---------------------------------------------
Unbekannte stehlen Dateien mit Anmeldedaten von Firewall-Administratoren und lokalen Nutzern. Sophos findet keinen Hinweis auf einen Missbrauch dieser Daten. Inzwischen steht ein Notfall-Update für die Schwachstelle zur Verfügung.
---------------------------------------------
https://www.zdnet.de/88379086/hacker-nutzen-zero-day-luecke-in-sophos-firew…
∗∗∗ Duplicated Vulnerabilities in WordPress Plugins ∗∗∗
---------------------------------------------
During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post. With a bit of research, we came to the following conclusion: Many of these plugins came from the same source — and contained the same vulnerabilities.
---------------------------------------------
https://blog.sucuri.net/2020/04/duplicated-vulnerabilities-in-wordpress-plu…
∗∗∗ Authentication bypass in FortiMail and FortiVoiceEntreprise ∗∗∗
---------------------------------------------
An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-20-045
∗∗∗ High Severity Vulnerability Patched in Real-Time Find and Replace Plugin ∗∗∗
---------------------------------------------
On April 22, 2020, our Threat Intelligence team discovered a vulnerability in Real-Time Find and Replace, a WordPress plugin installed on over 100,000 sites. This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an action, like clicking on a link in [...]
---------------------------------------------
https://www.wordfence.com/blog/2020/04/high-severity-vulnerability-patched-…
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium), Debian (eog, jsch, libgsf, mailman, ncmpc, openjdk-11, php5, python-reportlab, radicale, and rzip), Fedora (ansible, dolphin-emu, git, gnuchess, liblas, openvpn, php, qt5-qtbase, rubygem-rake, snakeyaml, webkit2gtk3, and wireshark), Mageia (chromium-browser-stable, git, java-1.8.0-openjdk, kernel, kernel-linus, mp3gain, and virtualbox), openSUSE (crawl, cups, freeradius-server, kubernetes, and otrs), SUSE (apache2, kernel, pam_radius, [...]
---------------------------------------------
https://lwn.net/Articles/818763/
∗∗∗ JSA11021 - 2020-04 Out of Cycle Security Advisory: Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11021&actp=RSS
∗∗∗ HPESBHF03945 rev.1 - HPE Servers using Supplemental Update / Online ROM Flash Component for Linux, Local Execution of Arbitrary Code. ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n…
∗∗∗ OTRS: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0372
∗∗∗ ILIAS: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0370
∗∗∗ Postfix: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0376
∗∗∗ Security Bulletin: IBM Integration Bus affected by multiple Apache Tomcat (core only) vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-affec…
∗∗∗ Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilties ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-…
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Websphere Message Broker V8. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Oct 2019 CPU (CVE-2019-2964, CVE-2019-2989 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7, Version 8, that is used by IBM Workload Scheduler. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulner…
∗∗∗ Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7, Version 8, that is used by IBM Workload Scheduler. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulner…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 23-04-2020 18:00 − Freitag 24-04-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Protecting your organization against password spray attacks ∗∗∗
---------------------------------------------
If your users sign in with guessable passwords, you may be at risk of a password spray attack.The post Protecting your organization against password spray attacks appeared first on Microsoft Security.
---------------------------------------------
https://www.microsoft.com/security/blog/2020/04/23/protecting-organization-…
∗∗∗ Malicious Excel With a Strong Obfuscation and Sandbox Evasion, (Fri, Apr 24th) ∗∗∗
---------------------------------------------
For a few weeks, we see a bunch of Excel documents spread in the wild with Macro V4[1]. But VBA macros remain a classic way to drop the next stage of the attack on the victims computer. The attacker has many ways to fetch the next stage. He can download it from a compromised server or a public service like pastebin.com, dropbox.com, or any other service that allows sharing content. The problem is, in this case, that it generates more noise via new network flows and the attack [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/26048
∗∗∗ Gefahren durch Webshells: NSA nennt beliebte Einfallstore für Server-Angriffe ∗∗∗
---------------------------------------------
US- und australische Behörden geben Tipps zum Aufspüren von Webshells und nennen einige teils recht alte, bei Angreifern aber noch immer beliebte Lücken.
---------------------------------------------
https://heise.de/-4709470
∗∗∗ When in Doubt: Hang Up, Look Up, & Call Back ∗∗∗
---------------------------------------------
Many security-conscious people probably think theyd never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Heres how one security and tech-savvy reader got taken for more than $10,000 in an elaborate, weeks-long ruse.
---------------------------------------------
https://krebsonsecurity.com/2020/04/when-in-doubt-hang-up-look-up-call-back/
=====================
= Vulnerabilities =
=====================
∗∗∗ Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution ∗∗∗
---------------------------------------------
The FTTH provisioning solution suffers from an unauthenticated remote code execution vulnerability due to an unsafe deserialization of Java objects (ViewState) triggered via the javax.faces.ViewState HTTP POST parameter. The deserialization can cause the vulnerable JSF web application to execute arbitrary Java functions, malicious Java bytecode, and system shell commands with root privileges.
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5565.php
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (lib32-openssl), Debian (git), Gentoo (chromium, firefox, git, and openssl), Oracle (kernel and python-twisted-web), Red Hat (python-twisted-web), Scientific Linux (python-twisted-web), and SUSE (file-roller, kernel, and resource-agents).
---------------------------------------------
https://lwn.net/Articles/818565/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBMJava SDK affect IBM Cloud App Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service attack caused by an authenticated user crafting a malicious message (CVE-2019-4656) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulne…
∗∗∗ Security Bulletin: IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. (CVE-2019-4619) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-al…
∗∗∗ Security Bulletin: IBM Cloud App Management is vulnerable to cross-site request forgery (CVE-2019-4750) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-app-management-…
∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Cloud App Management (CVE-2020-2593) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja…
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a tcpdump vulnerability (CVE-2018-19519) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec…
∗∗∗ Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service attack due to an error in the Channel processing function. (CVE-2019-4762) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulne…
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2020-4267) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec…
∗∗∗ Security Bulletin: Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud App Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: IBM MQ Appliance could allow a local attacker to obtain sensitive information. (CVE-2019-4719) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-al…
∗∗∗ BIG-IQ HA vulnerability CVE-2020-5870 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K69422435
∗∗∗ BIG-IQ HA vulnerability CVE-2020-5869 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K28855111
∗∗∗ BIG-IQ Grafana vulnerability CVE-2020-5868 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K37130415
∗∗∗ HPESBHF03947 rev.1 - HPE UIoT, Remote Unauthorized Access and Access to Sensitive Data ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n…
∗∗∗ Red Hat Enterprise Linux: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0362
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 22-04-2020 18:00 − Donnerstag 23-04-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ iPhones durch Zero-Day-Lücken in Apple Mail angreifbar ∗∗∗
---------------------------------------------
iOS-Nutzer sollten die Mail-App vorübergehend nicht benutzen, warnen Sicherheitsforscher. Schwachstellen erlauben unbemerktes Code-Einschleusen.
---------------------------------------------
https://heise.de/-4707901
∗∗∗ New Data Center Requirements - Can You Help Host Shadowserver? ∗∗∗
---------------------------------------------
Shadowserver urgently needs to move our current data center by August 2020. We are blogging our data center requirements for hosting and colocation providers, or other companies who might be able to help provide a new home for our public benefit services for the global Internet. Please reach out and get in touch if you can help.
---------------------------------------------
https://www.shadowserver.org/news/new-data-center-requirements-can-you-help…
∗∗∗ Maze Ransomware – What You Need to Know ∗∗∗
---------------------------------------------
What’s this Maze thing I keep hearing about? Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organizations around the world and demanded that a cryptocurrency payment be made in exchange for the safe recovery of encrypted data. There’s been plenty of ransomware before. What makes Maze so special?
---------------------------------------------
https://www.tripwire.com/state-of-security/featured/maze-ransomware-what-yo…
∗∗∗ Researchers Turn Antivirus Software Into Destructive Tools ∗∗∗
---------------------------------------------
A vulnerability impacting nearly all antivirus products out there could have been exploited to disable anti-malware protection or render the operating system unusable, RACK911 Labs security researchers reveal.
---------------------------------------------
https://www.securityweek.com/researchers-turn-antivirus-software-destructiv…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (openssl), openSUSE (freeradius-server, kernel, thunderbird, and vlc), Oracle (git, java-1.7.0-openjdk, java-1.8.0-openjdk, and java-11-openjdk), SUSE (ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, [...]
---------------------------------------------
https://lwn.net/Articles/818481/
∗∗∗ Security Advisory - Three Out of Bounds Vulnerabilities in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200422-…
∗∗∗ Security Advisory - Local Privilege Escalation Vulnerability in Huawei OSD Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200422-…
∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OpenSSL vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-…
∗∗∗ Security Bulletin: IBM Security Guardium is affected by an SQLite vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-…
∗∗∗ Security Bulletin: IBM NeXtScale Fan Power Controller (FPC) is affected by vulnerabilities in OpenSSL (CVE-2019-1547 and CVE-2019-1563) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-nextscale-fan-power-c…
∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale packaged in IBM Elastic Storage System 3000(CVE-2019-4720) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-we…
∗∗∗ Security Bulletin: Vulnerability in IBM WebSphere Liberty Profile affects IBM Spectrum Symphony and IBM Platform Symphony ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-webs…
∗∗∗ Security Bulletin: IBM Tivoli Monitoring insufficient default file/folder permissions on windows. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-ins…
∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Elastic Storage System (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja…
∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to side channel attack with Intel CPUs (CVE-2019-11135) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner…
∗∗∗ NGINX Controller sensitive command-line arguments vulnerability CVE-2020-5866 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K11922628
∗∗∗ NGINX Controller vulnerability CVE-2020-5864 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K27205552
∗∗∗ NGINX Controller insecure database transport vulnerability CVE-2020-5865 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K21009022
∗∗∗ NGINX Controller vulnerability CVE-2020-5867 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K00958787
∗∗∗ HPESBHF03988 rev.1 - HPE Onboard Administrator, Remote Reflected Cross Site Scripting ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n…
∗∗∗ HPESBNS03996 rev.1 - HPE NonStop Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity, Multiple Remote Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n…
∗∗∗ Squid: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0360
∗∗∗ Red Hat JBoss A-MQ: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0361
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 21-04-2020 18:00 − Mittwoch 22-04-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ You Wont Believe what this One Line Change Did to the Chrome Sandbox ∗∗∗
---------------------------------------------
The Chromium sandbox on Windows has stood the test of time. It’s considered one of the better sandboxing mechanisms deployed at scale without requiring elevated privileges to function. For all the good, it does have its weaknesses. The main one being the sandbox’s implementation is reliant on the security of the Windows OS.
---------------------------------------------
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-o…
∗∗∗ New iPhone Zero-Day Discovered ∗∗∗
---------------------------------------------
Last year, ZecOps discovered two iPhone zero-day exploits. They will be patched in the next iOS release: Avraham declined to disclose many details about who the targets were, and did not say whether they lost any data as a result of the attacks, but said "we were a bit surprised about who was targeted."
---------------------------------------------
https://www.schneier.com/blog/archives/2020/04/new_iphone_zero.html
∗∗∗ NSA, ASD Release Guidance for Mitigating Web Shell Malware ∗∗∗
---------------------------------------------
The U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) have jointly released a Cybersecurity Information Sheet (CSI) on mitigating web shell malware. Malicious cyber actors are increasingly deploying web shell malware on victim web servers to execute arbitrary system commands. By deploying web shell malware, cyber attackers can gain persistent access to compromised networks.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2020/04/22/nsa-asd-release-gu…
∗∗∗ Achtung vor Shops mit service6(a)vinayotap.com E-Mail-Adressen ∗∗∗
---------------------------------------------
Derzeit melden LeserInnen der Watchlist Internet vermehrt neue Fake-Shops, die vor allem eines gemeinsam haben: Sie verweisen alle auf die E-Mail-Adresse
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-vor-shops-mit-service6vinayo…
=====================
= Vulnerabilities =
=====================
∗∗∗ Microsoft Issues Out-Of-Band Security Update For Office, Paint 3D ∗∗∗
---------------------------------------------
The flaws exist in Autodesks FBX library, integrated in Microsofts Office, Office 365 ProPlus and Paint 3D applications.
---------------------------------------------
https://threatpost.com/microsoft-issues-out-of-band-security-update-for-off…
∗∗∗ Zero-Day-Lücken in IBM Data Risk Manager - Forscher-Report ignoriert ∗∗∗
---------------------------------------------
Sicherheitsforscher haben im Überwachungstool IBM Data Risk Manager vier Lücken entdeckt - drei gelten als kritisch. Erste Patches sind bereits da.
---------------------------------------------
https://heise.de/-4707165
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Oracle (java-1.7.0-openjdk and java-1.8.0-openjdk), Red Hat (git, java-1.8.0-openjdk, java-11-openjdk, and kernel), Scientific Linux (kernel), Slackware (git), SUSE (openssl-1_1 and puppet), and Ubuntu (binutils and thunderbird).
---------------------------------------------
https://lwn.net/Articles/818359/
∗∗∗ 2020-04-21: Multiple vulnerabilities in B&R Automation Studio ∗∗∗
---------------------------------------------
https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-…
∗∗∗ 2020-04-21: TPM-Fail vulnerability in several B&R products ∗∗∗
---------------------------------------------
https://www.br-automation.com/en/downloads/022020-tpm-fail/
∗∗∗ 2020-04-22: UPS Adapter CS141 – Path traversal vulnerability ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A4579&Lan…
∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200422-…
∗∗∗ Security Advisory - Local Privilege Escalation Vulnerability in Huawei PCManager Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200422-…
∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200422-…
∗∗∗ Security Bulletin: CVE-2020-4202IBM UrbanCode Deploy (UCD) could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-4202ibm-urbancod…
∗∗∗ Security Bulletin: Windows DLL injection vulnerability in IBM Java Runtime affects Collaboration and Deployment Services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-windows-dll-injection-vul…
∗∗∗ Security Bulletin: Ansible vulnerability affects IBM Elastic Storage System 3000 (CVE-2020-1734) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ansible-vulnerability-aff…
∗∗∗ Security Bulletin: CVE-2019-4668 Pattern integration passwords stored in db without current encryption ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4668-pattern-int…
∗∗∗ Security Bulletin: CVE-2014-3524 CSV Injection in reports ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2014-3524-csv-injecti…
∗∗∗ Security Bulletin: Stack-based Buffer Overflow vulnerability in IBM Spectrum Protect Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-stack-based-buffer-overfl…
∗∗∗ Security Bulletin: IBM Elastic Storage System 3000 is affected by a vulnerability where an unprivileged user could execute commands as root ( CVE-2020-4273) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-syste…
∗∗∗ Atlassian Confluence: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0355
∗∗∗ Red Hat Enterprise Linux: Mehrere Schwachstellen ermöglichen Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0351
∗∗∗ OpenSSL: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0357
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 20-04-2020 18:00 − Dienstag 21-04-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Windows 10 SMBGhost RCE exploit demoed by researchers ∗∗∗
---------------------------------------------
A proof-of-concept remote code execution (RCE) exploit for the Windows 10 CVE-2020-0796 wormable pre-auth remote code execution vulnerability was developed and demoed today by researchers at Ricerca Security.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/windows-10-smbghost-rce-expl…
∗∗∗ SpectX: Log Parser for DFIR, (Tue, Apr 21st) ∗∗∗
---------------------------------------------
I hope this finds you all safe, healthy, and sheltered to the best of your ability. In February I received a DM via Twitter from Liisa at SpectX regarding my interest in checking out SpectX. Never one to shy away from a tool review offer, I accepted. SpectX, available in a free, community desktop version, is a log parser and query engine that enables you to investigate incidents via log files from multiple sources such as log servers, AWS, Azure, Google Storage, Hadoop, ELK and SQL-databases.
---------------------------------------------
https://isc.sans.edu/diary/rss/26040
∗∗∗ Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining ∗∗∗
---------------------------------------------
Recently, we wrote an article about more than 8,000 unsecured Redis instances found in the cloud. In this article, we expound on how these instances can be abused to perform remote code execution (RCE), as demonstrated by malware samples captured in the wild.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/l3TOyRDK1yA/
∗∗∗ Grouping Linux IoT Malware Samples With Trend Micro ELF Hash ∗∗∗
---------------------------------------------
We created Trend Micro ELF Hash (telfhash), an open-source clustering algorithm that effectively clusters Linux IoT malware created using ELF files.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/tFHtqxisecc/
∗∗∗ Kerberos Tickets on Linux Red Teams ∗∗∗
---------------------------------------------
At FireEye Mandiant, we conduct numerous red team engagements within Windows Active Directory environments. Consequently, we frequently encounter Linux systems integrated within Active Directory environments. Compromising an individual domain-joined Linux system can provide useful data on its own, but the best value is obtaining data, such as Kerberos tickets, that will facilitate lateral movement techniques.
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2020/04/kerberos-tickets-on-lin…
∗∗∗ Unsichere Deserialisierung gefährdet Steam-Spiele ∗∗∗
---------------------------------------------
Viele Videospiele, die .Net oder Unity verwenden, sind angreifbar und führen Schadcode aus. Steam bietet die Möglichkeit einer wurmähnlichen Infektion.
---------------------------------------------
https://heise.de/-4706122
∗∗∗ 46% of SMBs have been targeted by ransomware, 73% have paid the ransom ∗∗∗
---------------------------------------------
Ransomware attacks are not at all unusual in the SMB community, as 46% of these businesses have been victims. And 73% of those SMBs that have been the targets of ransomware attacks actually have paid a ransom, Infrascale reveals. Yet, more than a quarter of the total SMB survey group said they lack a plan to mitigate a ransomware attack.
---------------------------------------------
https://www.helpnetsecurity.com/2020/04/21/paying-ransom/
∗∗∗ BSI aktualisiert den Mindeststandard TLS ∗∗∗
---------------------------------------------
Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat zum 9. April 2020 den "Mindeststandard zur Verwendung von Transport Layer Security (TLS)" aktualisiert.
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/AktualisierterMST…
∗∗∗ Microsoft Will Not Patch Security Bypass Flaw Abusing MSTSC ∗∗∗
---------------------------------------------
A DLL side-loading vulnerability related to the Microsoft Terminal Services Client (MSTSC) can be exploited to bypass security controls, but Microsoft says it will not be releasing a patch due to exploitation requiring elevated privileges.
---------------------------------------------
https://www.securityweek.com/microsoft-will-not-patch-security-bypass-flaw-…
∗∗∗ Zahlungsaufforderungen von angeblichen Streamingdiensten sind Fake ∗∗∗
---------------------------------------------
bodaflix.de, ebaflix.de, teraflix.de, nodaflix.de – angeblich kostenlose Streamingdienste. Nach einer Registrierung erhalten Sie jedoch eine Zahlungsaufforderung über 395,88 Euro. Wird diese ignoriert, folgen meist weitere Zahlungsaufforderungen und Mahnungen von vermeintlichen Inkassobüros. Überweisen Sie kein Geld und antworten Sie auch nicht! Es handelt sich um ein betrügerisches Schreiben.
---------------------------------------------
https://www.watchlist-internet.at/news/zahlungsaufforderungen-von-angeblich…
∗∗∗ Hey there! Are you using WhatsApp? Your account may be hackable ∗∗∗
---------------------------------------------
Can someone take control of your WhatsApp account by just knowing your phone number? We ran a small test to find out.
---------------------------------------------
https://www.welivesecurity.com/2020/04/20/hey-there-using-whatsapp-your-acc…
=====================
= Vulnerabilities =
=====================
∗∗∗ P5 FNIP-8x16A/FNIP-4xSH CSRF Stored Cross-Site Scripting ∗∗∗
---------------------------------------------
The controller suffers from CSRF and XSS vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Input passed to several GET/POST parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a [...]
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5564.php
∗∗∗ [R2] Tenable.sc 5.14.0 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
Tenable.sc leverages third-party software to help provide underlying functionality. One third-party component (jQuery) was found to contain vulnerabilities, and updated versions have been made available by the providers.
---------------------------------------------
https://www.tenable.com/security/tns-2020-02
∗∗∗ Versionsverwaltung: Erneute Sicherheitswarnung für Git ∗∗∗
---------------------------------------------
Updates beheben eine Schwachstelle in Git, die der jüngsten ähnelt und ebenfalls die Credential-Helper-Programme betrifft.
---------------------------------------------
https://heise.de/-4706272
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (webkit2gtk), Debian (awl, git, and openssl), Red Hat (chromium-browser, git, http-parser, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, qemu-kvm-ma, rh-git218-git, and rh-maven35-jackson-databind), Scientific Linux (advancecomp, avahi, bash, bind, bluez, cups, curl, dovecot, doxygen, evolution, expat, file, firefox, gettext, git, GNOME, httpd, ImageMagick, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, kernel, lftp, [...]
---------------------------------------------
https://lwn.net/Articles/818223/
∗∗∗ High-Severity Vulnerability in OpenSSL Allows DoS Attacks ∗∗∗
---------------------------------------------
An update released on Tuesday for OpenSSL patches a high-severity vulnerability that can be exploited for denial-of-service (DoS) attacks.
---------------------------------------------
https://www.securityweek.com/high-severity-vulnerability-openssl-allows-dos…
∗∗∗ [20200403] - Core - Incorrect access control in com_users access level deletion function ∗∗∗
---------------------------------------------
https://developer.joomla.org/security-centre/811-20200403-core-incorrect-ac…
∗∗∗ [20200402] - Core - Missing checks for the root usergroup in usergroup table ∗∗∗
---------------------------------------------
https://developer.joomla.org/security-centre/810-20200402-core-missing-chec…
∗∗∗ [20200401] - Core - Incorrect access control in com_users access level editing function ∗∗∗
---------------------------------------------
https://developer.joomla.org/security-centre/809-20200401-core-incorrect-ac…
∗∗∗ 2020-04-21: SECURITY ABB Central Licensing System Vulnerabilities, impact on System 800xA, Compact HMI and Control Builder Safe ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&Language…
∗∗∗ 2020-04-21: SECURITY Multiple Vulnerabilities in ABB Central Licensing System ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231&Language…
∗∗∗ 2020-04-21: SECURITY Inter process communication vulnerability in System 800xA ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&Language…
∗∗∗ Security Bulletin: A denial of service vulnerability in IBM WebSphere Liberty Profile affects IBM Spectrum Conductor and IBM Spectrum Conductor with Spark ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-denial-of-service-vulne…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily