===================== = End-of-Day report = =====================
Timeframe: Dienstag 28-07-2020 18:00 − Mittwoch 29-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ VermieterInnen aufgepasst: Besonders in der Urlaubszeit wollen BetrügerInnen an Ihr Geld! ∗∗∗ --------------------------------------------- Betrug im Internet zielt manchmal auf ganz bestimmte Personengruppen ab. Gerade jetzt in der Urlaubszeit sind auch Zimmer- oder Ferienwohnung-VermieterInnen sowie Hoteliers im Visier von BetrügerInnen. Die Kriminellen geben sich dabei als interessierte Gäste aus und versuchen durch Scheckbetrug an das Geld der VermieterInnen zu kommen. --------------------------------------------- https://www.watchlist-internet.at/news/vermieterinnen-aufgepasst-besonders-i...
∗∗∗ Betrüger-Mails: Emotet klaut Dateianhänge für mehr Authentizität ∗∗∗ --------------------------------------------- Aufgepasst: Emotet hat dazu gelernt und versteckt sich nun in noch glaubhafteren Mails. --------------------------------------------- https://heise.de/-4857724
∗∗∗ Netwalker malware: What it is, how it works and how to prevent it | Malware spotlight ∗∗∗ --------------------------------------------- Netwalker is a data encryption malware that represents an evolution of the well-known Kokoklock ransomware and has been active since September 2019. This article will detail the specific technical features of the Netwalker ransomware. --------------------------------------------- https://resources.infosecinstitute.com/netwalker-malware-what-it-is-how-it-w...
∗∗∗ MMS Exploit Part 3: Constructing the Memory Corruption Primitives ∗∗∗ --------------------------------------------- Posted by Mateusz Jurczyk, Project Zero. This post is the third of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-3-constructi...
===================== = Vulnerabilities = =====================
∗∗∗ Magento gets security updates for severe code execution bugs ∗∗∗ --------------------------------------------- Adobe today released security updates to fix two code execution vulnerabilities affecting Magento Commerce and Magento Open Source, rated as important and critical severity. --------------------------------------------- https://www.bleepingcomputer.com/news/security/magento-gets-security-updates...
∗∗∗ Critical Arbitrary File Upload Vulnerability Patched in wpDiscuz Plugin ∗∗∗ --------------------------------------------- On June 19th, our Threat Intelligence team discovered a vulnerability present in Comments – wpDiscuz, a WordPress plugin installed on over 80,000 sites. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. --------------------------------------------- https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulner...
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, firefox-esr, luajit, and salt), Fedora (clamav, java-1.8.0-openjdk, and java-11-openjdk), Gentoo (claws-mail, dropbear, ffmpeg, libetpan, mujs, mutt, and rsync), openSUSE (qemu), Red Hat (openstack-tripleo-heat-templates), SUSE (freerdp, ldb, rubygem-puma, samba, and webkit2gtk3), and Ubuntu (mysql-5.7, mysql-8.0 and sympa). --------------------------------------------- https://lwn.net/Articles/827376/
∗∗∗ Security Bulletin: Legacy Components of IBM Netcool Configuration Manager have been updated. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-legacy-components-of-ibm-n...
∗∗∗ Security Bulletin: Apache CXF vulnerability identified in IBM Tivoli Application Dependency Discovery Manager (CVE-2020-1954) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-vulnerability-i...
∗∗∗ Security Bulletin: IBM Planning Analytics has addressed multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-has...
∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to Information Disclosure (CVE-2020-4463) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-managemen...
∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Security Key Lifecycle Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2019 – Includes Oracle Oct 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-ed...
∗∗∗ IBM Informix: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0764
∗∗∗ Stored Cross-Site Scripting (XSS) Vulnerability in Namirial SIGNificant SignAnyWhere ∗∗∗ --------------------------------------------- https://sec-consult.com/./en/blog/advisories/stored-cross-site-scripting-xss...