[CERT-daily] Tageszusammenfassung - 16.10.2019

Wed Oct 16 18:14:41 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 15-10-2019 18:00 − Mittwoch 16-10-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Docker Containers Riddled with Graboid Crypto-Worm ∗∗∗
---------------------------------------------
A worm with a randomized propagation method is spreading via the popular container technology.
---------------------------------------------
https://threatpost.com/docker-containers-graboid-crypto-worm/149235/


∗∗∗ Security Monitoring: At Network or Host Level?, (Wed, Oct 16th) ∗∗∗
---------------------------------------------
Today, to reach a decent security maturity, the keyword remains "visibility". There is nothing more frustrating than being blind about what's happening on a network or starting an investigation without any data (logs, events) to process. The question is: how to efficiently keep an eye on what's happening on your network? There are three key locations to collect data: [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/25420


∗∗∗ Messing with Azorult Part 1: Malware Breakdown ∗∗∗
---------------------------------------------
In this blog series, we dive into an information stealing Trojan called Azorult that we analysed during a recent Digital Forensics and Incident Response (DFIR) investigation. During our analysis, we also take a look at the bot’s control panel and its vulnerability.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/messing-with-azorult-part-1-malware-breakdown/


∗∗∗ Patchday bei Adobe: 64 Lücken im Reader ∗∗∗
---------------------------------------------
Außerdem gibt es auch Updates für den Experience Manager, Experience Manager Forms und den Adobe Download Manager.
---------------------------------------------
https://heise.de/-4557403


∗∗∗ Schadsoftware in vermeintlichen Banking-Apps aus unbekannter Quelle! ∗∗∗
---------------------------------------------
Immer wieder versenden Kriminelle massenhaft E-Mails im Design diverser Banken. Sie beziehen sich darin gehäuft auf die sogenannte PSD2-Richtlinie, die zu diversen Änderungen beim Online-Banking geführt hat und verlangen die Bestätigung persönlicher Daten oder die Installation einer App aus unbekannter Quelle. Nur so ließe sich die Sperre Ihres Kontos verhindern. Es dürfen keine Daten bekanntgegeben und die Apps nicht installiert werden. Es handelt sich um [...]
---------------------------------------------
https://www.watchlist-internet.at/news/schadsoftware-in-vermeintlichen-banking-apps-aus-unbekannter-quelle/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Critical Patch Update: Oracle veröffentlicht 219 Sicherheitspatches ∗∗∗
---------------------------------------------
Es gibt abgesicherte Versionen von unter anderem Fusion Middleware und NoSQL Database, in denen Oracle kritische Sicherheitslücken geschlossen hat.
---------------------------------------------
https://heise.de/-4557788


∗∗∗ VMSA-2019-0016 ∗∗∗
---------------------------------------------
VMware Cloud Foundation and VMware Harbor Container Registry for PCF address broken access control vulnerability (CVE-2019-16919)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2019-0016.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (apache2 and unbound), Fedora (opendmarc, runc, and sudo), openSUSE (epiphany, GraphicsMagick, and libopenmpt), Oracle (kernel and sudo), Red Hat (java-1.8.0-openjdk, jss, kernel, kernel-rt, and kpatch-patch), SUSE (crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer, libpcap, sudo, [...]
---------------------------------------------
https://lwn.net/Articles/802451/


∗∗∗ Linux kernel vulnerability CVE-2019-13233 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K13331647?utm_source=f5support&utm_medium=RSS


∗∗∗ HPESBHF03960 rev.1 - HPE Lights Out 100 (LO100) Remote Management for ProLiant G1 - G6 servers, Remote Denial of Service ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03960en_us


∗∗∗ Red Hat JBoss Enterprise Application Platform: Schwachstelle gefährdet Verfügbarkeit und Integrität ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0905


∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0913


∗∗∗ Publish SBA-ADV-20190913-04: WordPress Plugin - All in One SEO Pack -… ∗∗∗
---------------------------------------------
https://github.com/sbaresearch/advisories/commit/478f4828ddc618f6bdb9530640ce4e0388d908a2


∗∗∗ Publish SBA-ADV-20190913-03: WordPress Plugin - Events Manager - Stor… ∗∗∗
---------------------------------------------
https://github.com/sbaresearch/advisories/commit/eb0047b9fb067ec171007b14df08661986e3e28a


∗∗∗ Publish SBA-ADV-20190913-02: WordPress Plugin - Broken Link Checker -… ∗∗∗
---------------------------------------------
https://github.com/sbaresearch/advisories/commit/3e79665a02f0cd2e7666e7738e04ddce8af4d12f


∗∗∗ Publish SBA-ADV-20190913-01: WordPress Plugin - EU Cookie Law (GDPR) … ∗∗∗
---------------------------------------------
https://github.com/sbaresearch/advisories/commit/51b3d30fc0d9e69a760203b32de18f0663716bf2

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily