[CERT-daily] Tageszusammenfassung - 13.12.2019
Daily end-of-shift report
team at cert.at
Fri Dec 13 18:24:04 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 12-12-2019 18:00 − Freitag 13-12-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ New Echobot Variant Exploits 77 Remote Code Execution Flaws ∗∗∗
---------------------------------------------
The Echobot botnet is still after the low hanging fruit as a new variant has been spotted with an increased number of exploits that target unpatched devices, IoT for the most part.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/
∗∗∗ All in the (Ransomware) Family: 10 Ways to Take Action ∗∗∗
---------------------------------------------
Check out our list of top 10 things to do to protect your organization from the deepening scourge of ransomware.
---------------------------------------------
https://threatpost.com/ransomware-family-10-ways-take-action/151080/
∗∗∗ Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities ∗∗∗
---------------------------------------------
Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. The PowerShell-based downloader Trojan known as sLoad, however, puts all its bets on BITS.
---------------------------------------------
https://www.microsoft.com/security/blog/2019/12/12/multi-stage-downloader-trojan-sload-abuses-bits-almost-exclusively-for-malicious-activities/
∗∗∗ Internet banking sites and their use of TLS... and SSLv3... and SSLv2?!, (Fri, Dec 13th) ∗∗∗
---------------------------------------------
Although SSLv3 has been considered obsolete and insecure for a long time, a large number of web servers still support its use. And even though the numbers are much lower, some servers on the web support SSLv2 to this day as well. And, as it turns out, this is true even when it comes to web servers hosting internet banking portals
---------------------------------------------
https://isc.sans.edu/diary/rss/25606
∗∗∗ Unmasking Black Hat SEO for Dating Scams ∗∗∗
---------------------------------------------
Malware obfuscation comes in all shapes and sizes - and it’s sometimes hard to recognize the difference between malicious and legitimate code when you see it. Recently, we came across an interesting case where attackers went a few extra miles to make it more difficult to notice the site infection.
---------------------------------------------
https://blog.sucuri.net/2019/12/unmasking-black-hat-seo-for-dating-scams.html
∗∗∗ Threat spotlight: The curious case of Ryuk ransomware ∗∗∗
---------------------------------------------
>From comic book death god to ransomware baddie, Ryuk ransomware remains a mainstay when organizations find themselves in a crippling malware pinch. We look at Ryuks origins, attack methods, and how to protect against this ever-present threat.
---------------------------------------------
https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/
∗∗∗ Targeted Attacks Deliver New "Anchor" Malware to High-Profile Companies ∗∗∗
---------------------------------------------
TrickBot/Anchor Campaign Could be a New Targeted Magecart Attack Against High-Profile Companies
---------------------------------------------
https://www.securityweek.com/targeted-attacks-deliver-new-anchor-malware-high-profile-companies
=====================
= Vulnerabilities =
=====================
∗∗∗ Advantech DiagAnywhere Server ∗∗∗
---------------------------------------------
This advisory contains mitigations for a stack-based buffer overflow vulnerability in the Advantech DiagAnywhere Server.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-346-01
∗∗∗ Omron PLC CJ and CS Series ∗∗∗
---------------------------------------------
This advisory includes information and mitigation recommendations for authentications vulnerabilities reported in the Omron PLC CJ and CS Series.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-346-02
∗∗∗ Omron PLC CJ, CS and NJ Series ∗∗∗
---------------------------------------------
This advisory includes information and mitigation recommendations for an authentication related vulnerability in the Omron PLC CJ, CS, and NJ Series.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-346-03
∗∗∗ WordPress 5.3.1 Security and Maintenance Release ∗∗∗
---------------------------------------------
This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes - see the list below.
---------------------------------------------
https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (knot-resolver and xen), openSUSE (kernel), and SUSE (haproxy, kernel, and openssl).
---------------------------------------------
https://lwn.net/Articles/807261/
∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application and IHS server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-tivoli-monitoring-embedded-websphere-application-and-ihs-server/
∗∗∗ Security Bulletin: A cross site scripting security vulnerability has been identified with Case Builder component in IBM Case Manager (CVE-2019-4426) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-cross-site-scripting-security-vulnerability-has-been-identified-with-case-builder-component-in-ibm-case-manager-cve-2019-4426/
∗∗∗ Security Bulletin: A cross site scripting security vulnerability has been identified with Case Builder component shipped with IBM Business Automation Workflow (CVE-2019-4426) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-cross-site-scripting-security-vulnerability-has-been-identified-with-case-builder-component-shipped-with-ibm-business-automation-workflow-cve-2019-4426/
∗∗∗ HPESBHF03974 rev.1 - HPE Servers using certain Intel Processors, Local Denial of Service, Disclosure of Information, Escalation of Privilege ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03974en_us
∗∗∗ Dovecot: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1076
∗∗∗ Trend Micro AntiVirus: Schwachstelle ermöglicht Denial of Service oder Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1077
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list