[CERT-daily] Tageszusammenfassung - 11.10.2019

Fri Oct 11 18:41:00 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 10-10-2019 18:00 − Freitag 11-10-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Remote-Angriffe und Denial-of-Service: Schwachstellen in Juniper-Netzwerktechnik ∗∗∗
---------------------------------------------
Juniper-Geräte der Serien SRX, NFX, QFX, PTX, ACX, MX, und EX sowie das Betriebssystem JUNOS weisen Schwachstellen auf die umgehend gepatcht werden sollten.
---------------------------------------------
https://heise.de/-4553168


∗∗∗ Researchers released a free decryptor for the Nemty Ransomware ∗∗∗
---------------------------------------------
Good news for the victims of the Nemty Ransomware, security researchers have released a free decryptor that could be used to recover files.
---------------------------------------------
https://securityaffairs.co/wordpress/92386/malware/nemty-ransomware-decryptor.html


∗∗∗ Examining the Ryuk Ransomware ∗∗∗
---------------------------------------------
Ryuk ransomware had a disturbingly successful debut, being used to hit at least three organizations in its first two months of activity for more than $640,000 in ransom. Several attacks followed, where the attackers demanded even greater amounts of ransom. The attackers were able to demand and receive high ransoms because of a unique trait in the Ryuk code: the ability to identify and encrypt network drives and resources, as well as delete shadow copies on the endpoint.
---------------------------------------------
https://www.zscaler.com/blogs/research/examining-ryuk-ransomware


∗∗∗ Staying Hidden on the Endpoint: Evading Detection with Shellcode ∗∗∗
---------------------------------------------
True red team assessments require a secondary objective of avoiding detection. Part of the glory of a successful red team assessment is not getting detected by anything or anyone on the system. As modern Endpoint Detection and Response (EDR) products have matured over the years, the red teams must follow suit. This blog post will provide some insights into how the FireEye Mandiant Red Team crafts payloads to bypass modern EDR products and get full command and control (C2) on their [...]
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2019/10/staying-hidden-on-the-endpoint-evading-detection-with-shellcode.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (lucene-solr and ruby-openid), Fedora (krb5 and SDL2), openSUSE (kernel and libopenmpt), and Ubuntu (python2.7, python3.4).
---------------------------------------------
https://lwn.net/Articles/802086/


∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager and Case Foundation security vulnerability in Process Orchestration Web Service logging ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-filenet-content-manager-and-case-foundation-security-vulnerability-in-process-orchestration-web-service-logging/


∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager and Case Foundation are affected by Publicly disclosed vulnerability in Java July 2019 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-filenet-content-manager-and-case-foundation-are-affected-by-publicly-disclosed-vulnerability-in-java-july-2019/


∗∗∗ Linux kernel vulnerability CVE-2017-18551 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K48073202?utm_source=f5support&utm_medium=RSS


∗∗∗ Apache Tomcat vulnerability CVE-2019-0221 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K13184144?utm_source=f5support&utm_medium=RSS


∗∗∗ ImageMagick vulnerability CVE-2019-13136 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K03512441?utm_source=f5support&utm_medium=RSS

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily