[CERT-daily] Tageszusammenfassung - 02.04.2020

Daily end-of-shift report team at cert.at
Thu Apr 2 18:16:33 CEST 2020 

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 01-04-2020 18:00 − Donnerstag 02-04-2020 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Office 365 Phishing Uses CSS Tricks to Bypass Email Gateways ∗∗∗
---------------------------------------------
A phishing campaign using Office 365 voicemail lures to trick them into visiting landing pages designed to steal their personal information or infect their computers with malware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/office-365-phishing-uses-css-tricks-to-bypass-email-gateways/


∗∗∗ Pekraut - German RAT starts gnawing ∗∗∗
---------------------------------------------
Feature-rich remote access malware Pekraut emerges. The rodent seems to be of German origin and is ready to be released. We analyzed the malware in-depth.
---------------------------------------------
https://www.gdatasoftware.com/blog/2020/04/35849-pekraut-german-rat-starts-gnawing


∗∗∗ Cyber-Kriminelle nutzen Corona-Krise vermehrt aus ∗∗∗
---------------------------------------------
Das Bundesamt für Sicherheit in der Informationstechnik (BSI) beobachtet aktuell eine Zunahme von Cyber-Angriffen mit Bezug zum Corona-Virus auf Unternehmen und Bürger.
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2020/Cyber-Kriminell_02042020.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Apache HTTP Server 2.4 vulnerabilities, Fixed in Apache httpd 2.4.42 ∗∗∗
---------------------------------------------
low: mod_proxy_ftp use of uninitialized value (CVE-2020-1934): mod_proxy_ftp use of uninitialized value with maliciosu FTP backend. low: mod_rewrite CWE-601 open redirect (CVE-2020-1927): Some mod_rewrite configurations vulnerable to open redirect.
---------------------------------------------
https://httpd.apache.org/security/vulnerabilities_24.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, kernel, linux-hardened, linux-lts, and pam-krb5), Debian (haproxy, libplist, and python-bleach), Fedora (tomcat), Gentoo (ghostscript-gpl, haproxy, ledger, qtwebengine, and virtualbox), Red Hat (haproxy, nodejs:12, qemu-kvm-rhev, and rh-haproxy18-haproxy), SUSE (memcached and qemu), and Ubuntu (apport).
---------------------------------------------
https://lwn.net/Articles/816633/


∗∗∗ 2020-04-02: Vulnerabilities in Telephone Gateway TG/S 3.2 ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ 2020-04-02: SECURITY System 800xA Information Manager - Remote Code Execution ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ 2020-04-02: SECURITY System 800xA Weak Registry Permissions ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121221&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.5.0 ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF10 + ICAM 3.0 – 4.0 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-68-5-0-esr-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if10-icam-3-0-4-0/


∗∗∗ Security Bulletin: CVE-2019-2989 vulnerabilitiy in IBM Java Runtime affects IBM Integration Designer used in IBM Business Automation Workflow and IBM Business Process Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-2989-vulnerabilitiy-in-ibm-java-runtime-affects-ibm-integration-designer-used-in-ibm-business-automation-workflow-and-ibm-business-process-manager/


∗∗∗ Security Bulletin: CVE-2019-4732 vulnerabilitiy in IBM Java Runtime affects IBM Integration Designer used in IBM Business Automation Workflow and IBM Business Process Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4732-vulnerabilitiy-in-ibm-java-runtime-affects-ibm-integration-designer-used-in-ibm-business-automation-workflow-and-ibm-business-process-manager/


∗∗∗ Security Bulletin: IBM Process Federation Server REST API is subject to DoS attacks ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-process-federation-server-rest-api-is-subject-to-dos-attacks/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list