[CERT-daily] Tageszusammenfassung - 18.10.2019

Fri Oct 18 18:16:49 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 17-10-2019 18:00 − Freitag 18-10-2019 18:00
Handler:     n/a
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ STOP Ransomware Decryptor Released for 148 Variants ∗∗∗
---------------------------------------------
The release of Emsisofts STOP Ransomware decryption service is a huge achievement and will be a life saver for both the victims and the helpers on BleepingComputer. It should be noted, though, that while this decryptor can help with the majority of STOP variants, anyone who was infected after August 2019 cannot be helped.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/


∗∗∗ REvil Ransomware Affiliates Partner with Corporate Intruders ∗∗∗
---------------------------------------------
Experienced network intruders and ransomware groups have struck an alliance helping each other monetize their skills by spreading malware to company networks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/revil-ransomware-affiliates-partner-with-corporate-intruders/


∗∗∗ Ordinypt: Resurgence ∗∗∗
---------------------------------------------
Recently, the Ordinypt malware has seen a resurgence in the wild, disguised as fake job applications sent via email to human resource departments in German companies. The malware uses social engineering to infect the user’s files and trick them into paying cryptocurrency to restore the infected files.
---------------------------------------------
https://www.gdatasoftware.com/blog/2019/10/35358-resurgence


∗∗∗ Quick Malicious VBS Analysis, (Fri, Oct 18th) ∗∗∗
---------------------------------------------
Lets have a look at a VBS sample found yesterday. It started as usual with a phishing email that contained a link to a malicious ZIP archive. This technique is more and more common to deliver the first stage via a URL because it reduces the risk to have the first file blocked by classic security controls.
---------------------------------------------
https://isc.sans.edu/diary/rss/25430


∗∗∗ Fake UpdraftPlus Plugins ∗∗∗
---------------------------------------------
We often find various fake WordPress plugins installed by hackers during website cleanups. Recently, we’ve noticed a new wave of infections that install fake plugins with backdoor functionality.
---------------------------------------------
https://blog.sucuri.net/2019/10/fake-updraftplus-plugins.html


∗∗∗ Samsung to patch S10 fingerprint sensor bug next week ∗∗∗
---------------------------------------------
Samsung promises software patch next week; recommends not using custom screen covers in the meantime.
---------------------------------------------
https://www.zdnet.com/article/samsung-to-patch-s10-fingerprint-sensor-bug-next-week/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ AVEVA Vijeo Citect and Citect SCADA ∗∗∗
---------------------------------------------
This advisory contains mitigations for a stack-based buffer overflow vulnerability in the AVEVA Vijeo Citect and Citect SCADA.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-290-01


∗∗∗ Horner Automation Cscape ∗∗∗
---------------------------------------------
This advisory contains mitigations for improper input validation and out-of-bounds write vulnerabilities in Horner Automations Cscape control system application programming software.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-290-02


∗∗∗ VMSA-2019-0017 ∗∗∗
---------------------------------------------
VMware SD-WAN by VeloCloud update addresses information disclosure vulnerability (CVE-2019-5533)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2019-0017.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (poppler, sudo, and wordpress), Oracle (java-1.8.0-openjdk), Red Hat (java-1.8.0-openjdk), Scientific Linux (java-1.8.0-openjdk, java-11-openjdk, and kernel), and SUSE (kernel and postgresql10).
---------------------------------------------
https://lwn.net/Articles/802622/


∗∗∗ Synology-SA-19:34 WordPress ∗∗∗
---------------------------------------------
These vulnerabilities allow remote attackers to inject arbitrary web script or HTML, obtain sensitive information, or access intranet resources via a susceptible version of WordPress.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_19_34


∗∗∗ InfoZIP vulnerability CVE-2019-13232 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K80311892

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily