===================== = End-of-Day report = =====================
Timeframe: Donnerstag 16-01-2020 18:00 − Freitag 17-01-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection ∗∗∗ --------------------------------------------- The TrickBot Trojan has received an update that adds a UAC bypass targeting the Windows 10 operating system so that it infects users without displaying any visible prompts. --------------------------------------------- https://www.bleepingcomputer.com/news/security/trickbot-now-uses-a-windows-1...
∗∗∗ Dutch Govt Suggests Turning Off Citrix ADC Devices, Mitigations May Fail ∗∗∗ --------------------------------------------- Mitigation recommendations for CVE-2019-19781, a currently unpatched critical flaw affecting Citrix Application Delivery Controller (ADC) and Citrix Gateway, do not have the expected effect on all product versions. --------------------------------------------- https://www.bleepingcomputer.com/news/security/dutch-govt-suggests-turning-o...
∗∗∗ FTCODE Ransomware - New Version Includes Stealing Capabilities ∗∗∗ --------------------------------------------- Recently, the Zscaler ThreatLabZ team came across PowerShell-based ransomware called “FTCODE,” which targets Italian-language users. An earlier version of FTCODE ransomware was being downloaded using a document file that contained malicious macros. In the recent campaign, the ransomware is being downloaded using VBScript. --------------------------------------------- https://www.zscaler.com/blogs/research/ftcode-ransomware--new-version-includ...
∗∗∗ 404 Exploit Not Found: Vigilante Deploying Mitigation for CitrixNetScaler Vulnerability While Maintaining Backdoor ∗∗∗ --------------------------------------------- As noted in Rough Patch: I Promise Itll Be 200 OK, our FireEye Mandiant Incident Response team has been hard at work responding to intrusions stemming from the exploitation of CVE-2019-19781. After analyzing dozens of successful exploitation attempts against Citrix ADCs that did not have the Citrix mitigation steps implemented, we’ve recognized multiple groups of post-exploitation activity. Within these, something caught our eye: one particular threat actor that’s been deploying a [...] --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-miti...
∗∗∗ Hinweise auf mögliche Verwundbarkeiten der Medizin-Telematik ∗∗∗ --------------------------------------------- Open-Source-Bibliotheken, die im Telematik-Konnektor von T-Systems zum Einsatz kommen, weisen hunderte bekannter Sicherheitslücken auf. --------------------------------------------- https://heise.de/-4635791
∗∗∗ WeLeakInfo, the site which sold access to passwords stolen in data breaches, is brought down by the FBI ∗∗∗ --------------------------------------------- Law enforcement agencies have seized control of the domain of WeLeakInfo, a website offering cheap access to billions of personal credentials stolen from approximately 10,000 data breaches. --------------------------------------------- https://www.grahamcluley.com/weleakinfo-seized/
===================== = Vulnerabilities = =====================
∗∗∗ Schneider Electric Modicon Controllers ∗∗∗ --------------------------------------------- This advisory contains mitigations for several improper check for unusual or exceptional conditions vulnerabilities in Schneider Electric Modicon PLC controllers. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-016-01
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium), Fedora (gnulib, ImageMagick, jetty, ocsinventory-agent, phpMyAdmin, python-django, rubygem-rmagick, thunderbird, and xar), Mageia (e2fsprogs, kernel, and libjpeg), openSUSE (icingaweb2), Oracle (git, java-11-openjdk, and thunderbird), Red Hat (.NET Core), Scientific Linux (git, java-11-openjdk, and thunderbird), SUSE (fontforge and LibreOffice), and Ubuntu (kamailio and thunderbird). --------------------------------------------- https://lwn.net/Articles/809916/
∗∗∗ HPESBNS03981 rev.1 - HPE ViewPoint on NonStop, Local Disclosure of Sensitive Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=em...
∗∗∗ HPESBNS03976 rev.1 - HPE NonStop using Sudo ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=em...
∗∗∗ Pivotal Spring Framework: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0057
∗∗∗ Trend Micro Produkte: Mehrere Schwachstellen ermöglichen Erlangen von Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0055
∗∗∗ Linux Kernel: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0058