[CERT-daily] Tageszusammenfassung - 03.04.2020

Daily end-of-shift report team at cert.at
Fri Apr 3 18:10:38 CEST 2020 

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 02-04-2020 18:00 − Freitag 03-04-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ TFW you-get-really-excited-you-patch-diffed-a-0day-used-in-the-wild-but-then-find-out-it-is-the-wrong-vuln ∗∗∗
---------------------------------------------
I’m really interested in 0-days exploited in the wild and what we, the security community, can learn about them to make 0-day hard. I explained some of Project Zero’s ideas and goals around in-the-wild 0-days in a November blog post. On December’s Patch Tuesday, I was immediately intrigued by CVE-2019-1458, a Win32k Escalation of Privilege (EoP), said to be exploited in the wild and discovered by Anton Ivanov and Alexey Kulaev of [...]
---------------------------------------------
https://googleprojectzero.blogspot.com/2020/04/tfw-you-get-really-excited-you-patch.html


∗∗∗ Progress In 2020 Funding Challenge - Thanks To Fantastic Global Supporters, But More Help Still Needed! ∗∗∗
---------------------------------------------
Our first status update on the critical initial milestone in Shadowservers urgent 2020 funding challenge. Great progress from our awesome community, with particular thanks to philanthropist Craig Newmark, but more help still needed to fully secure our data center operations in 2020. Join with us to continue protecting victims of cybercrime and help protect the Internet.
---------------------------------------------
https://www.shadowserver.org/news/progress-in-2020-funding-challenge-thanks-to-fantastic-global-supporters-but-more-help-still-needed/


∗∗∗ Contact Form 7 Datepicker: Gefährliches WordPress-Plugin ohne Support ∗∗∗
---------------------------------------------
Angreifer könnten WordPress-Websites attackieren und Admin-Sessions übernehmen.
---------------------------------------------
https://heise.de/-4696045


∗∗∗ Researchers Discover Hidden Behavior in Thousands of Android Apps ∗∗∗
---------------------------------------------
Thousands of mobile applications for Android contain hidden behavior such as backdoors and blacklists, a group of researchers has discovered. With smartphones being part of our every-day lives, millions of applications are being used for a broad variety of activities, yet many of these engage in behaviors that are never disclosed to their users.
---------------------------------------------
https://www.securityweek.com/researchers-discover-hidden-behavior-thousands-android-apps


∗∗∗ Mahnungen und Zahlungsaufforderungen von Flirthub.de ungerechtfertigt ∗∗∗
---------------------------------------------
Zahlreiche InternetuserInnen wenden sich momentan an uns, da sie plötzlich Zahlungsaufforderungen von Flirthub.de erhalten. Angeblich hätten sie sich auf der Website der MD Service GmbH angemeldet und eine Testphase sei nun in ein Premium-Abo übergelaufen. Wir haben uns die Websites und Zahlungsaufforderungen genauer angesehen. Unser Urteil: Betroffene müssen die geforderten 265,62 Euro nicht bezahlen!
---------------------------------------------
https://www.watchlist-internet.at/news/mahnungen-und-zahlungsaufforderungen-von-flirthubde-ungerechtfertigt/


∗∗∗ Vorsicht bei gefälschten Nachrichten von SMSinfo zu Paketlieferungen ∗∗∗
---------------------------------------------
Aufgrund der Corona-Krise müssen Fachgeschäfte in Österreich geschlossen sein. Viele Menschen greifen daher auf Online-Bestellungen zurück und warten auf ihr bestelltes Paket. Das nutzen derzeit vermehrt Kriminelle aus und versenden SMS unter den Namen „SMSinfo“. Der mitgeschickte Link in dieser SMS führt zu einer gefälschten Post-Webseite auf der Sie aufgefordert werden zwei Euro zu zahlen. Geben Sie Ihre Daten hier nicht ein, denn die Nachricht stammt [...]
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-bei-gefaelschten-nachrichten-von-smsinfo-zu-paketlieferungen/


∗∗∗ GuLoader: Malspam Campaign Installing NetWire RAT ∗∗∗
---------------------------------------------
NetWire, a publicly-available RAT, was found being distributed through a file downloader called GuLoader. We explain how its infection chain works and how to defend against it.
---------------------------------------------
https://unit42.paloaltonetworks.com/guloader-installing-netwire-rat/


∗∗∗ Microsoft: How one Emotet infection took out this organizations entire network ∗∗∗
---------------------------------------------
An Emotet victims IT disaster shows why organizations should filter internal emails and use two-factor authentication.
---------------------------------------------
https://www.zdnet.com/article/microsoft-how-one-emotet-infection-took-out-this-organizations-entire-network/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ B&R Automation Studio ∗∗∗
---------------------------------------------
This advisory contains mitigations for improper privilege management, missing required cryptographic step, and path traversal vulnerabilities in B&R Automation Studio software.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-093-01


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (mediawiki and qbittorrent), Gentoo (gnutls), Mageia (bluez, kernel, python-yaml, varnish, and weechat), Oracle (haproxy and nodejs:12), SUSE (exiv2, haproxy, libpng12, mgetty, and python3), and Ubuntu (libgd2).
---------------------------------------------
https://lwn.net/Articles/816757/


∗∗∗ Security Bulletin: IBM Agile Lifecycle Manager is affected by an Apache Zookeeper vulnerability (CVE-2019-0201) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-agile-lifecycle-manager-is-affected-by-an-apache-zookeeper-vulnerability-cve-2019-0201/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Agile Lifecycle Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-ibm-agile-lifecycle-manager/


∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged user could execute commands as root ( CVE-2020-4273) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-where-an-unprivileged-user-could-execute-commands-as-root-cve-2020-4273/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list