[CERT-daily] Tageszusammenfassung - 03.10.2019
Daily end-of-shift report
team at cert.at
Thu Oct 3 18:05:01 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 02-10-2019 18:00 − Donnerstag 03-10-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Sodinokibi Ransomware Builds An All-Star Team of Affiliates ∗∗∗
---------------------------------------------
The Sodinokibi Ransomware (REvil) has been making news lately as they target the enterprise, MSPs, and government entities through their hand-picked team of all-star affiliates. These affiliates appear to have had a prior history with the GandCrab RaaS and use similar distribution methods.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-builds-an-all-star-team-of-affiliates/
∗∗∗ A New Wave of Buggy WordPress Infections ∗∗∗
---------------------------------------------
We’ve been following an ongoing malware campaign for the past couple of years now. This campaign is renowned for its prompt addition of exploits for newly discovered WordPress theme and plugin vulnerabilities. Every other week, the attackers introduce new domain names and slightly change the obfuscation of their scripts to prevent detection.
---------------------------------------------
https://blog.sucuri.net/2019/10/a-new-wave-of-buggy-wordpress-infections.html
∗∗∗ FBI: Don’t pay ransomware demands, stop encouraging cybercriminals to target others ∗∗∗
---------------------------------------------
The FBI has some unambiguous advice for organisations on how they should handle ransomware demands: Dont pay.
---------------------------------------------
https://www.tripwire.com/state-of-security/featured/fbi-dont-pay-ransomware/
=====================
= Vulnerabilities =
=====================
∗∗∗ Gefährliche Lücke in Magenta-Routern entdeckt ∗∗∗
---------------------------------------------
Die bereits in UPC-Zeiten verteilte Connect Box kann von außen übernommen werden. Ein Firmware-Update soll Abhilfe schaffen.
---------------------------------------------
https://futurezone.at/produkte/gefaehrliche-luecke-in-magenta-routern-entdeckt/400637039
∗∗∗ WhatsApp Flaw Opens Android Devices to Remote Code Execution ∗∗∗
---------------------------------------------
A double-free bug could allow an attacker to achieve remote code execution; users are encouraged to update to a patched version of the messaging app.
---------------------------------------------
https://threatpost.com/whatsapp-flaw-opens-android-devices-to-remote-code-execution/148888/
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (kernel), Debian (jackson-databind, libapreq2, and subversion), Fedora (glpi, memcached, and zeromq), openSUSE (rust), Oracle (kernel), Red Hat (patch), and SUSE (dovecot23, git, jasper, libseccomp, and thunderbird).
---------------------------------------------
https://lwn.net/Articles/801226/
∗∗∗ Localization update - Moderately critical - Insecure server configuration - SA-CONTRIB-2019-072 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-072
∗∗∗ Simple AMP (Accelerated Mobile Pages) - Moderately critical - Access bypass - SA-CONTRIB-2019-071 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-071
∗∗∗ Ubercart - Moderately critical - Cross site scripting - SA-CONTRIB-2019-070 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-070
∗∗∗ Cisco Security Advisories ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/publicationListing.x
∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Cross-Site Scripting (CVE-2019-4564) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-key-lifecycle-manager-is-affected-by-cross-site-scripting-cve-2019-4564/
∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by information exposure (CVE-2019-4514) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-key-lifecycle-manager-is-affected-by-information-exposure-cve-2019-4514/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-installation-manager-and-ibm-packaging-utility-7/
∗∗∗ IBM Security Bulletin: Java Vulnerability Affects IBM Connect:Direct Web Services (CVE-2019-10246, CVE-2019-10247, CVE-2019-10241 & CVE-2018-12545) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-affects-ibm-connectdirect-web-services-cve-2019-10246-cve-2019-10247-cve-2019-10241-cve-2018-12545/
∗∗∗ IBM Security Bulletin: IBM MQ AMQP Listeners are vulnerable to a session fixation attack (CVE-2019-4227) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-amqp-listeners-are-vulnerable-to-a-session-fixation-attack-cve-2019-4227/
∗∗∗ HPESBST03958 rev.1 - HPE Command View Advanced Edition (CVAE) Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us
∗∗∗ HPESBST03959 rev.1 - HPE Command View Advanced Edition (CVAE) Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list