[CERT-daily] Tageszusammenfassung - 14.10.2019

Mon Oct 14 18:08:06 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 11-10-2019 18:00 − Montag 14-10-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ The Week in Ransomware - October 11th 2019 - Decryptors Released! ∗∗∗
---------------------------------------------
We had some interesting news this week, such as the HildaCrypt ransomware releasing their keys, RobbinHood Ransomware bragging about their past exploits, a Muhstik Ransomware victim hacking back and stealing the decryption keys, and a Nemty decryptor being released.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-11th-2019-decryptors-released/


∗∗∗ Sodinokibi Ransomware: Following the Affiliate Money Trail ∗∗∗
---------------------------------------------
After a Sodinokibi ransomware affiliate posted partial transaction IDs for ransomware payments, researchers were able to use that information to follow the money trail for affiliates and in some cases, how they spend their illicit earnings.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-following-the-affiliate-money-trail/


∗∗∗ Simjacker: SIM-Karten in 29 Ländern anfällig für SMS-Angriff ∗∗∗
---------------------------------------------
Mit einer präparierten SMS können Daten aus dem Mobiltelefon ausgelesen werden. Die Sicherheitsfirma Adaptive Mobile hat den Simjacker genannten Angriff entdeckt und die betroffenen Staaten veröffentlicht. Demnach nutzte in drei Ländern eine Überwachungsfirma die Lücke aktiv aus.
---------------------------------------------
https://www.golem.de/news/simjacker-sim-karten-in-29-laendern-anfaellig-fuer-sms-angriff-1910-144399-rss.html


∗∗∗ Pass the AppleJeus ∗∗∗
---------------------------------------------
A new macOS backdoor written by the infamous Lazarus APT group needs analyzing. Here, we examine its infection vector, method of persistence, capabilities, and more!
---------------------------------------------
https://objective-see.com/blog/blog_0x49.html


∗∗∗ Another successful edition of the European Cyber Security Challenge concluded in Romania ∗∗∗
---------------------------------------------
The sixth edition of the European Cyber Security Challenge (ECSC), organised from 9 to 11 October in Bucharest at the Palace of the Parliament, the heaviest building and the second-largest building in the world, has concluded. Team Romania - followed by Italy and Austria - has proven successful in completing the most advanced and complex cybersecurity challenges and is thereby the proud winner of ECSC2019.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/another-successful-edition-of-the-european-cyber-security-challenge-concluded-in-romania


∗∗∗ Most SSL certificate misissuance caused by software bugs and rule misinterpretations ∗∗∗
---------------------------------------------
Academic study analyzed 379 incidents of incorrectly-issued SSL certificates from a total of 1,300+ known cases.
---------------------------------------------
https://www.zdnet.com/article/most-ssl-certificate-misissuance-caused-by-software-bugs-and-rule-misinterpretations/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB19-49) ∗∗∗
---------------------------------------------
A prenotification security advisory (APSB19-49) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, October 15, 2019. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well as the Adobe PSIRT Blog.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1793


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, sdl, and unbound), Debian (clamav, libdatetime-timezone-perl, openssl, tcpdump, and tzdata), Fedora (cutter-re, jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-parent, libapreq2, ming, opendmarc, radare2, and thunderbird), openSUSE (chromium), Oracle (kernel), and SUSE (axis, jakarta-commons-fileupload, kernel, sles12sp3-docker-image, sles12sp4-image, system-user-root, and webkit2gtk3).
---------------------------------------------
https://lwn.net/Articles/802268/


∗∗∗ Critical Flaw in Sophos Cyberoam Appliances Allows Remote Code Execution ∗∗∗
---------------------------------------------
A critical vulnerability patched recently by Sophos in its Cyberoam firewall appliances allows a remote, unauthenticated attacker to execute arbitrary commands with root privileges.
---------------------------------------------
https://www.securityweek.com/critical-flaw-sophos-cyberoam-appliances-allows-remote-code-execution


∗∗∗ Swift 5.1.1 for Ubuntu ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT210647


∗∗∗ Reflected XSS vulnerability in OpenProject (CVE-2019-17092) ∗∗∗
---------------------------------------------
https://sec-consult.com/en/blog/advisories/reflected-xss-vulnerability-in-openproject-cve-2019-17092/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily