===================== = End-of-Day report = =====================
Timeframe: Donnerstag 13-02-2020 18:00 − Freitag 14-02-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner
===================== = News = =====================
∗∗∗ Parallax RAT: Common Malware Payload After Hacker Forums Promotion ∗∗∗ --------------------------------------------- A remote access Trojan named Parallax is being widely distributed through malicious spam campaigns that when installed allow attackers to gain full control over an infected system. --------------------------------------------- https://www.bleepingcomputer.com/news/security/parallax-rat-common-malware-p...
∗∗∗ Keep an Eye on Command-Line Browsers, (Fri, Feb 14th) ∗∗∗ --------------------------------------------- For a few weeks, Im searching for suspicious files that make use of a command line browser like curl.exe or wget.exe in Windows environment. Wait, you were not aware of this? Just open a cmd.exe and type 'curl.exe' on your Windows 10 host: [...] --------------------------------------------- https://isc.sans.edu/diary/rss/25804
∗∗∗ LokiBot Impersonates Popular Game Launcher and Drops Compiled C# Code File ∗∗∗ --------------------------------------------- Recently, we discovered LokiBot (detected by Trend Micro as Trojan.Win32.LOKI) impersonating a popular game launcher to trick users into executing it on their machines. Further analysis revealed that a sample of this variant employs a quirky, installation routine that involves dropping a compiled C# code file. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/WsiHoe_u7N4/
∗∗∗ An In-Depth Technical Analysis of CurveBall (CVE-2020-0601) ∗∗∗ --------------------------------------------- The first Microsoft patch Tuesday of 2020 contained fixes for CVE-2020-0601 [...] an attacker exploiting this vulnerability could potentially create their own cryptographic certificates that appear to originate from a legitimate certificate that is fully trusted by Windows by default. .. this post will primarily highlight the code-level root cause analysis of the vulnerability in the context of how applications are likely to use CryptoAPI to handle certificates — more specifically in the [...] --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-tech...
∗∗∗ Sicherheitslücken-Sammlung SweynTooth: SocS in zahlreichen Produkten verwundbar ∗∗∗ --------------------------------------------- Zwölf Lücken in der Bluetooth-Low-Energy-Umsetzung auf Systems-on-Chip mehrerer Hersteller betreffen Wearables, IoT- aber wohl auch medizinische Geräte. --------------------------------------------- https://heise.de/-4660872
===================== = Vulnerabilities = =====================
∗∗∗ Trend Micro AntiVirus: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- Trend Micro AntiVirus ist eine Anti-Viren-Software. Trend Micro Maximum Security ist eine Desktop Security Suite. Trend Micro Internet Security ist eine Firewall und Antivirus Lösung. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/02/warnm...
∗∗∗ Schneider Electric Modicon Ethernet Serial RTU ∗∗∗ --------------------------------------------- This advisory contains mitigations for improper check for unusual or exceptional conditions, and improper access control vulnerabilities in Schneider Electrics Modicons BMXNOR0200H Ethernet Serial RTU, a remote terminal unit. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-044-01
∗∗∗ Schneider Electric Magelis HMI Panels ∗∗∗ --------------------------------------------- This advisory contains mitigations for an improper check for unusual or exceptional conditions vulnerability in Schneiders Magelis HMI Panels. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-044-02
∗∗∗ FortiManager Cross-Site WebSocket Hijacking (CSWSH) ∗∗∗ --------------------------------------------- An Insufficient Verification of Data Authenticity vulnerability in FortiManager may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. FortiManager 6.2.0 to 6.2.1, 6.0.6 and below. --------------------------------------------- https://fortiguard.com/psirt/FG-IR-19-191
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (debian-security-support, postgresql-11, and postgresql-9.6), Fedora (cutter-re, firefox, php-horde-Horde-Data, radare2, and texlive-base), openSUSE (docker-runc), Oracle (kernel), Red Hat (sudo), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/812494/
∗∗∗ Bugtraq: [TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG) ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/542223
∗∗∗ Security Bulletin: Vulnerability affecting IBM Network Performance Insight (CVE-2019-12402) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affecting-ib...
∗∗∗ Security Bulletin: Vulnerability affecting IBM Network Performance Insight (CVE-2019-16335) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affecting-ib...
∗∗∗ Security Bulletin: Oct 2019 : Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-oct-2019-multiple-vulnerab...
∗∗∗ Security Bulletin: OpenSSL vulnerability affects IBM Rational Team Concert ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-affe...
∗∗∗ Security Bulletin: Oracle Outside In Technology vulnerability in Rational DOORS Next Generation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-outside-in-technolo...
∗∗∗ Security Bulletin: Vulnerabilities affect IBM Network Performance Insight (CVE-2019-14379, CVE-2019-17531, CVE-2019-14439 and CVE-2019-14540) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-ibm...
∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Digital Payments ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-...
∗∗∗ Red Hat Virtualization: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0132