[CERT-daily] Tageszusammenfassung - 17.09.2019

Tue Sep 17 18:22:57 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 16-09-2019 18:00 − Dienstag 17-09-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Emotet Revived with Large Spam Campaigns Around the World ∗∗∗
---------------------------------------------
Less than a month after reactivating its command and control (C2) servers, the Emotet botnet has come to like by spewing spam messages to countries around the globe.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/emotet-revived-with-large-spam-campaigns-around-the-world/


∗∗∗ Misuse of WordPress update_option() function Leads to Website Infections ∗∗∗
---------------------------------------------
In the past four months, Sucuri has seen an increase in the number of plugins affected by the misuse of WordPress’ update_option() function. This function is used to update a named option/value in the options database table. If developers do not implement the permission flow correctly, attackers can gain admin access or inject arbitrary data into any website. Note: The WordPress update_option() function cannot be used maliciously if the developer correctly implements it in their code.
---------------------------------------------
https://blog.sucuri.net/2019/09/misuse-of-wordpress-update_option-function-leads-to-website-infections.html


∗∗∗ Explaining Server Side Template Injections ∗∗∗
---------------------------------------------
[...] Exploiting SSTI in strange cases will be the next post I make. Any and all feedback is appreciated
---------------------------------------------
https://0x00sec.org/t/explaining-server-side-template-injections/16297


∗∗∗ 2019 CWE Top 25 Most Dangerous Software Errors ∗∗∗
---------------------------------------------
The Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Errors (CWE Top 25) is a demonstrative list of the most widespread and critical weaknesses that can lead to serious vulnerabilities in software. These weaknesses are often easy to find and exploit. They are dangerous because they will frequently allow adversaries to completely take over execution of software, steal data, or prevent the software from working.
---------------------------------------------
https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html


∗∗∗ Investigating Gaps in your Windows Event Logs ∗∗∗
---------------------------------------------
I recently TAd the SANS SEC 504 class (Hacker Tools, Techniques, Exploits, and Incident Handling) , and one of the topics we covered was attackers "editing" windows event logs to cover their tracks, especially the Windows Security Event Log.
---------------------------------------------
https://isc.sans.edu/forums/diary/Investigating+Gaps+in+your+Windows+Event+Logs/25328/


∗∗∗ Phishing: BAWAG PSK fordert keine Datenbestätigung per E-Mail ∗∗∗
---------------------------------------------
Kriminelle geben sich als BAWAG PSK Bank aus und behaupten, dass Online-Banking-NutzerInnen aufgrund der EU-Zahlungsrichtlinie ihre Daten bestätigen müssen. Angeblich sei auch das Konto gesperrt. Es handelt sich jedoch um einen Vorwand, um an Zugangsdaten zu kommen. Klicken Sie keinesfalls auf den Button, Sie gelangen zu einer gefälschten Login-Seite!
---------------------------------------------
https://www.watchlist-internet.at/news/phishing-bawag-psk-fordert-keine-datenbestaetigung-per-e-mail/


∗∗∗ MISP 2.4.116 released (aka the new decaying feature) ∗∗∗
---------------------------------------------
A new version of MISP (2.4.116) has been release, including a long awaited major new feature that deals with decaying indicators in addition to a new ATT&CK sightings export and a new sync priority capability.
---------------------------------------------
https://www.misp-project.org/2019/09/17/MISP.2.4.116.released.html


∗∗∗ Gootkit malware crew left their database exposed online without a password ∗∗∗
---------------------------------------------
Even cyber-criminal gangs cant secure their MongoDB servers properly.
---------------------------------------------
https://www.zdnet.com/article/gootkit-malware-crew-left-their-database-exposed-online-without-a-password/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Atlassian Jira ∗∗∗
---------------------------------------------
Ben Taylor of Cisco ASIG discovered these vulnerabilities.Atlassian’s Jira software contains multiple vulnerabilities that could allow an attacker to carry out a variety of actions, including the disclosure of sensitive information and the remote execution of JavaScript code. Jira is a piece of software that allows users to create, manage and organize tasks and manage projects. These bugs could create a variety of scenarios, including the ability to execute code inside of Jira and [...]
---------------------------------------------
https://blog.talosintelligence.com/2019/09/vuln-spotlight-atlassian-jira-sept-19.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (dino-im, python2.7, python3.4, and wpa), Fedora (kmplayer), openSUSE (podman and samba), Oracle (thunderbird), Red Hat (thunderbird), Slackware (expat), SUSE (curl), and Ubuntu (apache2).
---------------------------------------------
https://lwn.net/Articles/799509/


∗∗∗ SOHOpelessly Broken 2.0: 125 Vulnerabilities Found in Routers, NAS Devices ∗∗∗
---------------------------------------------
Researchers have discovered many vulnerabilities in over a dozen small office/home office (SOHO) routers and network-attached storage (NAS) devices as part of a project dubbed SOHOpelessly Broken 2.0.
---------------------------------------------
https://www.securityweek.com/sohopelessly-broken-20-125-vulnerabilities-found-routers-nas-devices


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Apache HTTPD vulnerability CVE-2019-10098 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K25126370

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily