[CERT-daily] Tageszusammenfassung - 19.12.2019
Daily end-of-shift report
team at cert.at
Thu Dec 19 19:31:29 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 18-12-2019 18:00 − Donnerstag 19-12-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Emotet Gang Changes Tactics Ahead of the Winter Holidays ∗∗∗
---------------------------------------------
With the end of the year approaching fast, the authors of Emotet have made some changes that may increase their revenue for the holidays.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/emotet-gang-changes-tactics-ahead-of-the-winter-holidays/
∗∗∗ TP-Link Routers Give Cyberattackers an Open Door to Business Networks ∗∗∗
---------------------------------------------
Remote attackers can easily compromise the device and pivot to move laterally through the LAN or WAN.
---------------------------------------------
https://threatpost.com/tp-link-routers-cyberattackers-open-door/151254/
∗∗∗ Microsoft Updates November Security Updates with SharePoint Bug ∗∗∗
---------------------------------------------
Microsoft has added a fresh CVE to its security portal, linking it to the existing November security updates (the patch itself was already included in the updates, but not specifically named). The CVE describes a vulnerability in SharePoint Server. According to a Microsoft Security Advisory, an attacker could exploit the bug (CVE-2019-1491) to obtain sensitive information and then use that information to mount further attacks.
---------------------------------------------
https://threatpost.com/microsoft-issues-out-of-band-update-sharepoint-bug/151260/
∗∗∗ Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks ∗∗∗
---------------------------------------------
Microsoft Defender ATP data scientists and threat hunters collaborate to use a data science-driven approach to detecting RDP brute force attacks to protect customers against real-world threats.
---------------------------------------------
https://www.microsoft.com/security/blog/2019/12/18/data-science-for-cybersecurity-a-probabilistic-time-series-model-for-detecting-rdp-inbound-brute-force-attacks/
∗∗∗ How Websites Are Used to Spread Emotet Malware ∗∗∗
---------------------------------------------
In past posts, we’ve discussed the more popular reasons why hackers target smaller websites. Today, we’ll focus instead on how hackers use compromised websites to spread dangerous malware like Emotet to end user victims.
---------------------------------------------
https://blog.sucuri.net/2019/12/how-websites-are-used-to-spread-emotet-malware.html
∗∗∗ Zero Day Vulnerability in Deutsche Bahn Ticket Machine Series System uncovered ∗∗∗
---------------------------------------------
Whitehat in action discovers Kiosk Escape & Escalation via Windows PasswordAgent
---------------------------------------------
https://www.vulnerability-db.com/?q=articles/2019/12/13/zero-day-vulnerability-deutsche-bahn-ticket-machine-series-system-uncovered
∗∗∗ Erpressung 2.0: Ransomware-Gangs wollen sensible Firmendaten veröffentlichen ∗∗∗
---------------------------------------------
Die Macher von Maze und Sodinokibi läuten womöglich einen unerfreulichen Trend ein: Sie wollen sensible Dokumente infizierter Unternehmen online stellen.
---------------------------------------------
https://heise.de/-4619041
∗∗∗ Gefälschte Krone.at-Werbung lockt auf Facebook mit gratis iPhones ∗∗∗
---------------------------------------------
Achtung: Auf Facebook kursieren Werbeschaltungen im Namen der Kronen Zeitung. Darin wird behauptet, dass die größte Apple-Lagerhalle gebrannt hat und nun 2173 unbeschädigte iPhones in Österreich verschenkt werden. Das ist frei erfunden und die Werbung stammt nicht von der Kronen Zeitung. Wer sich hier anmeldet, tappt in eine Abo-Falle!
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-kroneat-werbung-lockt-auf-facebook-mit-gratis-iphones/
∗∗∗ 30 years of ransomware: How one bizarre attack laid the foundations for the malware taking over the world ∗∗∗
---------------------------------------------
In December 1989 the world was introduced to the first ever ransomware - and 30 years later ransomware attacks are now at crisis levels.
---------------------------------------------
https://www.zdnet.com/article/30-years-of-ransomware-how-one-bizarre-attack-laid-the-foundations-for-the-malware-taking-over-the-world/
=====================
= Vulnerabilities =
=====================
∗∗∗ Drupal Releases Security Updates ∗∗∗
---------------------------------------------
Original release date: December 19, 2019Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.7.x, and 8.8.x. An attacker could exploit some of these vulnerabilities to modify data on an affected website.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/12/19/drupal-releases-security-updates
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (git, libgit2, and shadow), Debian (debian-edu-config and python-django), Fedora (python-django), Mageia (apache-commons-beanutils, fence-agents, flightcrew, freerdp, htmldoc, libssh, pacemaker, rsyslog, samba, and sssd), Oracle (freetype and kernel), Scientific Linux (freetype and kernel), SUSE (firefox, spectre-meltdown-checker, thunderbird, xen, and zziplib), and Ubuntu (python-django).
---------------------------------------------
https://lwn.net/Articles/807711/
∗∗∗ Synology-SA-19:42 WordPress ∗∗∗
---------------------------------------------
Multiple vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML or bypass security constraint via a susceptible version of WordPress.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_19_42
∗∗∗ Security Bulletin: IBM API Connect is impacted by a vulnerability in libexpat ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-vulnerability-in-libexpat/
∗∗∗ Security Bulletin: Multiple Vulnerabilities in GnuTLS affects IBM Watson Studio Local ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnutls-affects-ibm-watson-studio-local/
∗∗∗ Security Bulletin: Multiple Vulnerabilities in libpng affects IBM Watson Studio Local ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-libpng-affects-ibm-watson-studio-local/
∗∗∗ Security Bulletin: Vulnerability in jQuery affects IBM Watson Studio Local ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jquery-affects-ibm-watson-studio-local/
∗∗∗ Security Bulletin: Multiple Vulnerabilities in libxml2 affects IBM Watson Studio Local ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-libxml2-affects-ibm-watson-studio-local/
∗∗∗ PHP: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1099
∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1098
∗∗∗ Citrix Systems NetScaler Gateway: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1093
∗∗∗ Atlassian Confluence: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1101
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list