===================== = End-of-Day report = =====================
Timeframe: Donnerstag 27-02-2020 18:00 − Freitag 28-02-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ Nemty Ransomware Actively Distributed via Love Letter Spam ∗∗∗ --------------------------------------------- Security researchers have spotted an ongoing malspam campaign using emails disguised as messages from secret lovers to deliver Nemty Ransomware payloads on the computers of potential victims. --------------------------------------------- https://www.bleepingcomputer.com/news/security/nemty-ransomware-actively-dis...
∗∗∗ Site Takeover Campaign Exploits Multiple Zero-Day Vulnerabilities ∗∗∗ --------------------------------------------- Early yesterday, the Flexible Checkout Fields for WooCommerce plugin received a critical update to patch a zero-day vulnerability which allowed attackers to modify the plugin’s settings. As our Threat Intelligence team researched the scope of this attack campaign, we discovered three additional zero-day vulnerabilities in popular WordPress plugins that are being exploited as a part of this [...] --------------------------------------------- https://www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-multi...
∗∗∗ Ghostcat bug impacts all Apache Tomcat versions released in the last 13 years ∗∗∗ --------------------------------------------- Ghostcat vulnerability can allow hackers to read configuration files or plant backdoors on Tomcat servers. --------------------------------------------- https://www.zdnet.com/article/ghostcat-bug-impacts-all-apache-tomcat-version...
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (java-1.7.0-openjdk and ppp), Debian (libimobiledevice, libusbmuxd, and pure-ftpd), Fedora (caddy, firejail, golang-github-gorilla-websocket, golang-vitess, hugo, mingw-libpng, php, and proftpd), openSUSE (chromium, enigmail, ipmitool, libsolv, libzypp, zypper, weechat, and yast2-rmt), Oracle (java-1.7.0-openjdk and ppp), Red Hat (java-1.7.0-openjdk and ppp), Scientific Linux (java-1.7.0-openjdk and ppp), and SUSE (java-1_8_0-ibm, kernel, mariadb, [...] --------------------------------------------- https://lwn.net/Articles/813543/
∗∗∗ HPESBST03980 rev.1 - HPE StoreFabric C-series Switches with Cisco Prime Data Center Network Manager (DCNM), Remote Authentication Bypass ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=em...
∗∗∗ wpdefault - Backdoor Plugin ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/10096
∗∗∗ Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-2989, CVE-2020-2593 and CVE-2019-4732 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-jav...
∗∗∗ Security Bulletin: Apache Log4j vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-17571) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability...
∗∗∗ Security Bulletin: Man in the middle vulnerability CVE-2014-3603 affects Websphere Liberty and OpenLiberty used by MobileFirst Platform Foundation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-man-in-the-middle-vulnerab...
∗∗∗ Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-node-js-vulnerabilities-af...
∗∗∗ Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in TCP (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management-...
∗∗∗ Security Bulletin: WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4663 and CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-serv...
∗∗∗ Security Bulletin: Node.js handlebars vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-node-js-handlebars-vulnera...
∗∗∗ Security Bulletin: MobileFirst Platform Foundation is affected by WebSphere Application Server Liberty is affected by Apache Commons Compress vulnerability (CVE-2019-12402) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-mobilefirst-platform-found...
∗∗∗ Security Bulletin: Information disclosure vulnerability in WebSphere Application Server which is shipped with Jazz for Service Management (CVE-2019-4477) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vul...
∗∗∗ Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-siteprotector...