===================== = End-of-Day report = =====================
Timeframe: Donnerstag 25-06-2020 18:00 − Freitag 26-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ Golang Worm Widens Scope to Windows, Adds Payload Capacity ∗∗∗ --------------------------------------------- A first-stage malware loader spotted in active campaigns has added additional exploits and a new backdoor capability. --------------------------------------------- https://threatpost.com/worm-golang-malware-windows-payloads/156924/
∗∗∗ Browser-Hersteller verkürzen Zertifikats-Lebensdauer auf ein Jahr ∗∗∗ --------------------------------------------- Ab September dürfen HTTPS-Zertifikate nur noch auf maximal ein Jahr ausgestellt werden. --------------------------------------------- https://heise.de/-4796599
∗∗∗ Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files ∗∗∗ --------------------------------------------- This credit card skimmer hides in plain sight, quite literally, as it resides inside the metadata of image files. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-with...
∗∗∗ Achtung: Auf Instagram kursieren betrügerische Nachrichten ∗∗∗ --------------------------------------------- Seit kurzem melden uns Instagram-NutzerInnen, betrügerische Nachrichten, in denen sie aufgefordert werden, einem Link zu folgen. Achtung: Kriminelle, die diese Privatnachrichten zahlreich und willkürlich versenden, wollen nur an Ihre Zugangsdaten kommen! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-auf-instagram-kursieren-betru...
∗∗∗ Angebliche E-Mail der Bundesregierung enthält Ransomware ∗∗∗ --------------------------------------------- Die Serie von Ransomware-Angriffen auf deutsche Unternehmen setzt sich fort. Eine neue Ransomware-Kampagne in Deutschland nutzt als Köder eine gefälschte E-Mail im Namen der Bundesregierung. --------------------------------------------- https://www.zdnet.de/88381006/angebliche-e-mail-der-bundesregierung-enthaelt...
===================== = Vulnerabilities = =====================
∗∗∗ Micropatch is Available for Windows LNK Remote Code Execution Vulnerability (CVE-2020-1299) ∗∗∗ --------------------------------------------- Windows 7 and Server 2008 R2 users without Extended Security Updates have just received a micropatch for CVE-2020-1299, another "Stuxnet-like" critical LNK remote code execution issue that can get code executed on users computer just by viewing a folder with Windows Explorer.This vulnerability was patched by Microsoft with June 2020 Updates, but Windows 7 and Server 2008 users without Extended Security Updates remained vulnerable. --------------------------------------------- https://blog.0patch.com/2020/06/micropatch-is-available-for-windows-lnk.html
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (alpine), Fedora (fwupd, microcode_ctl, mingw-libjpeg-turbo, mingw-sane-backends, suricata, and thunderbird), openSUSE (uftpd), Red Hat (nghttp2), SUSE (ceph, curl, mutt, squid, tigervnc, and unbound), and Ubuntu (linux kernel and nvidia-graphics-drivers-390, nvidia-graphics-drivers-440). --------------------------------------------- https://lwn.net/Articles/824579/
∗∗∗ Security Bulletin: Multiple vulnurabilities discovered in IBM® SDK, Java™ can affect Rational Software Architect Design Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnurabilities-d...
∗∗∗ Security Bulletin: Information Disclosure in IBM Spectrum Protect Plus (CVE-2020-4565) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-...
∗∗∗ Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearCase (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-the-ibm...
∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2019-1551) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-a...
∗∗∗ Security Bulletin: NVIDIA Windows GPU Display Driver has resolved several security vulnerabilities as described below. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-nvidia-windows-gpu-display...
∗∗∗ Security Bulletin: NVIDIA Windows GPU Display driver is vulnerable to several security vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-nvidia-windows-gpu-display...
∗∗∗ Security Bulletin: A security vulnerability in Node.js affects IBM Integration Bus & IBM App Connect Enterprise V11 (CVE-2019-10744) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-i...