[CERT-daily] Tageszusammenfassung - 23.12.2019

Daily end-of-shift report team at cert.at
Mon Dec 23 18:08:53 CET 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 20-12-2019 18:00 − Montag 23-12-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ FBI Issues Alert For LockerGoga and MegaCortex Ransomware ∗∗∗
---------------------------------------------
The FBI has issued a warning to private industry recipients to provide information and guidance on the LockerGoga and MegaCortex Ransomware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fbi-issues-alert-for-lockergoga-and-megacortex-ransomware/


∗∗∗ Mozi, Another Botnet Using DHT ∗∗∗
---------------------------------------------
Mozi Botnet relies on the DHT protocol to build a P2P network, and uses ECDSA384 and the xor algorithm to ensure the integrity and security of its components and P2P network. The sample spreads via Telnet with weak passwords and some known exploits
---------------------------------------------
https://blog.netlab.360.com/mozi-another-botnet-using-dht/


∗∗∗ Extracting VBA Macros From .DWG Files, (Sun, Dec 22nd) ∗∗∗
---------------------------------------------
I updated my oledump.py tool to help with the analysis of files that embed OLE files, like AutoCAD's .dwg files with VBA macros.
---------------------------------------------
https://isc.sans.edu/diary/rss/25634


∗∗∗ Leveraging Disk Imaging Tools to Deliver RATs ∗∗∗
---------------------------------------------
This year we observed a notable uptick in disc imaging software (like .ISO) being used as a container for serving malware via email, with .ISO archives attributing to 6% of all malware attachment archives seen this year.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/leveraging-disk-imaging-tools-to-deliver-rats/


∗∗∗ Looking into Attacks and Techniques Used Against WordPress Sites ∗∗∗
---------------------------------------------
This blog post lists different kinds of attacks against WordPress, by way of payload examples we observed in the wild, and how attacks have used hacked admin access and API, Alfa-Shell deployment, and SEO poisoning to take advantage of vulnerable sites.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/mjE1ckQKGtA/


∗∗∗ Geknackte Zwei-Faktor-Anmeldung: Warum Software Token keine gute Idee sind ∗∗∗
---------------------------------------------
Eine mutmaßlich chinesische Hackergruppe, deren Angriffe bis 2011 zurückgehen, soll einen neuartigen Angriff auf RSA-Software-Token entdeckt haben.
---------------------------------------------
https://heise.de/-4622748


∗∗∗ Jetzt updaten: Cisco ASA 5500-X Series Firewalls aus der Ferne angreifbar ∗∗∗
---------------------------------------------
Eine bereits seit 2018 bekannte ASA-Schwachstelle wird derzeit möglicherweise aktiv ausgenutzt.
---------------------------------------------
https://heise.de/-4621541


∗∗∗ Vorsicht vor GMX-Phishing-Mails ∗∗∗
---------------------------------------------
Zahlreiche LeserInnen melden uns momentan gefährliche Phishing-Mails, mit denen Kriminelle versuchen, an GMX-Konten zu gelangen. GMX-UserInnen müssen sich daher in Acht nehmen, wenn sie plötzlich wegen einer angeblichen Kontosperre, zu einem Login aufgefordert werden. Die Daten und E-Mail-Konten landen in den Händen Krimineller und können für Verbrechen unter fremder Identität genützt werden!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-gmx-phishing-mails/


∗∗∗ War Never Changes: Attacks Against WPA3’s Enhanced Open — Part 2: Understanding OWE ∗∗∗
---------------------------------------------
https://posts.specterops.io/war-never-changes-attacks-against-wpa3s-enhanced-open-part-2-understanding-owe-90fdc29126a1



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Patch now: Published Citrix applications leave networks of potentially 80,000 firms at risk from attackers ∗∗∗
---------------------------------------------
Unauthorised users able to perform arbitrary code execution A critical vulnerability found in Citrix Application Delivery Controller and Citrix Gateway (formerly known as Netscaler ADC and Netscaler Gateway) means businesses with apps published using these technologies may be exposing their internal network to unauthorised access.
---------------------------------------------
https://go.theregister.co.uk/feed/www.theregister.co.uk/2019/12/23/patch_now_published_citrix_applications_leave_network_vulnerable_to_unauthorised_access/


∗∗∗ Sicherheitslücke in Twitter-App für Android ∗∗∗
---------------------------------------------
Über eine Sicherheitslücke in der Twitter-App für Android lässt sich bösartiger Code einschleusen, der private Daten auslesen kann. Ein Update steht bereit.
---------------------------------------------
https://heise.de/-4621735


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (cups, cyrus-sasl2, tightvnc, and x2goclient), Fedora (cacti and cacti-spine), openSUSE (mariadb and samba), Oracle (fribidi, git, and python), Red Hat (fribidi, libyang, and qemu-kvm-rhev), Slackware (openssl and tigervnc), and SUSE (firefox, nspr, nss and kernel).
---------------------------------------------
https://lwn.net/Articles/808026/


∗∗∗ Synology-SA-19:43 Drupal ∗∗∗
---------------------------------------------
A vulnerability allows remote authenticated users to upload arbitrary files via a susceptible version of Drupal.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_19_43


∗∗∗ F5 Security Advisories ∗∗∗
---------------------------------------------
https://support.f5.com/csp/new-updated-articles


∗∗∗ Security Bulletin: Multiple Vulnerabilities in libpng affects IBM Watson Studio Local ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-libpng-affects-ibm-watson-studio-local-2/


∗∗∗ Security Bulletin: Input Validation Vulnerability in Watson Studio Local ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-input-validation-vulnerability-in-watson-studio-local/


∗∗∗ Security Bulletin: Multiple Vulnerabilities In Redis affects Watson Studio Local (CVE-2018-12453, CVE-2018-12326, CVE-2018-11218) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-redis-affects-watson-studio-local-cve-2018-12453-cve-2018-12326-cve-2018-11218/


∗∗∗ Security Bulletin: JWT Token Check Vulnerability in Watson Studio Local ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-jwt-token-check-vulnerability-in-watson-studio-local/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in Kubernetes affects IBM Watson Studio Local ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affects-ibm-watson-studio-local/


∗∗∗ Security Bulletin: Watson Studio Local Key Storage Vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-watson-studio-local-key-storage-vulnerability/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in GNU binutils affects IBM Watson Studio Local ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affects-ibm-watson-studio-local/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in GNU Binutils affects Watson Studio Local ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affects-watson-studio-local/


∗∗∗ Security Bulletin: Internal SSL Communication Vulerability in Watson Studio Local (PSIRT-ADV0011800) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-internal-ssl-communication-vulerability-in-watson-studio-local-psirt-adv0011800/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in OpenSSL affects IBM Watson Studio Local ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affects-ibm-watson-studio-local/


∗∗∗ Security Bulletin: Vulnerabilities in Samba affects IBM Watson Studio Local ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-samba-affects-ibm-watson-studio-local/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list