[CERT-daily] Tageszusammenfassung - 28.04.2020

Tue Apr 28 18:51:54 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 27-04-2020 18:00 − Dienstag 28-04-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Achtung Schadsoftware: Bundeskriminalamt warnt vor gefälschter Polizei-Mail ∗∗∗
---------------------------------------------
Zurzeit kursiert eine Mail mit dem Betreff "Letzte Einladung der Polizei". Darin werden die Empfänger aufgefordert, mit der Polizei Kontakt aufzunehmen und die Anhänge zu öffnen. Dabei handelt es sich mit hoher Wahrscheinlichkeit um Schadsoftware.
---------------------------------------------
http://www.bmi.gv.at/news.aspx?id=414F7246445856707A58773D


∗∗∗ Agent Tesla delivered by the same phishing campaign for over a year, (Tue, Apr 28th) ∗∗∗
---------------------------------------------
While going over malicious e-mails caught by our company gateway in March, I noticed that several of those, that carried ACE file attachments, appeared to be from the same sender. That would not be that unusual, but and after going through the historical logs, I found that e-mails from the same address with similar attachments were blocked by the gateway as early as March 2019.
---------------------------------------------
https://isc.sans.edu/diary/rss/26062


∗∗∗ Cybercrime: Führungskräfte geduldig ausspionieren und dann ausnehmen ∗∗∗
---------------------------------------------
Über Man-in-the-Middle-Attacken greift die "Florentiner Bankengruppe" gezielt Entscheidungsträger an – ein erfolgreiches Spiel auf Zeit.
---------------------------------------------
https://heise.de/-4710607


∗∗∗ New Version of Infection Monkey Maps to MITRE ATT&CK Framework ∗∗∗
---------------------------------------------
Guardicores open source breach and attack simulation platform Infection Monkey now maps its attack results to the MITRE ATT&CK framework, allowing users to quickly discover internal vulnerabilities and rapidly fix them.
---------------------------------------------
https://www.securityweek.com/new-version-infection-monkey-maps-mitre-attck-framework


∗∗∗ Website-BetreiberInnen aufgepasst: Erpressungsmails im Umlauf ∗∗∗
---------------------------------------------
Zahlreiche Website-BetreiberInnen erhalten aktuell betrügerische Erpressungsmails. Kriminelle behaupten auf Englisch, sie hätten Ihre Website gehackt und nun Zugriff auf sämtliche Datensätze. Diese drohen sie zu veröffentlichen und Ihre KundInnen über das angebliche Datenleck zu informieren. Damit das nicht geschieht fordern sie 2000 USD in Form von Bitcoins. Gehen Sie nicht darauf ein, es handelt sich um ein betrügerisches Spam-E-Mail!
---------------------------------------------
https://www.watchlist-internet.at/news/website-betreiberinnen-aufgepasst-erpressungsmails-im-umlauf/


∗∗∗ Anatomy of Formjacking Attacks ∗∗∗
---------------------------------------------
A detailed look at the fast-growing crime of formjacking, where cybercriminals hack a website to collect sensitive user information and steal credit card numbers.
---------------------------------------------
https://unit42.paloaltonetworks.com/anatomy-of-formjacking-attacks/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Bridge (APSB20-19) and Adobe Illustrator (APSB20-20). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1864


∗∗∗ High-Severity Vulnerabilities Patched in LearnPress ∗∗∗
---------------------------------------------
On March 16, 2020, LearnPress – WordPress LMS Plugin, a WordPress plugin with over 80,000 installations, patched a high-severity vulnerability that allowed subscriber-level users to elevate their permissions to those of an “LP Instructor”, a custom role with capabilities similar to the WordPress “author” role, including the ability to upload files and create posts containing [...]
---------------------------------------------
https://www.wordfence.com/blog/2020/04/high-severity-vulnerabilities-patched-in-learnpress/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox, java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, qemu-kvm, and thunderbird), Debian (qemu and ruby-json), Fedora (chromium, haproxy, and libssh), openSUSE (cacti, cacti-spine and teeworlds), Oracle (kernel), SUSE (apache2, git, kernel, ovmf, and xen), and Ubuntu (cups, file-roller, and re2c).
---------------------------------------------
https://lwn.net/Articles/818821/


∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2020-0005 ∗∗∗
---------------------------------------------
Date Reported: April 27, 2020   Advisory ID: WSA-2020-0005   CVE identifiers: CVE-2020-3885, CVE-2020-3894,CVE-2020-3895, CVE-2020-3897,CVE-2020-3899, CVE-2020-3900,CVE-2020-3901, CVE-2020-3902. Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2020-3885  Versions affected: WebKitGTK before 2.28.0 and WPE WebKit before2.28.0. Credit to Ryan Pickren (ryanpickren.com). Impact: A file URL may be incorrectly processed. Description: Alogic issue was addressed with improved [...]
---------------------------------------------
https://webkitgtk.org/security/WSA-2020-0005.html


∗∗∗ IntelMQ Manager release 2.1.1 fixes critical security issue ∗∗∗
---------------------------------------------
The IntelMQ Manager version 2.1.1 released yesterday fixes a Remote Code Execution flaw (CWE-78: OS Command Injection). The documentation for version 2.1.1 and installation instructions can be found on our GitHub repository. Always run IntelMQ Manager instances in private networks with proper authentication & TLS. Further, restrict access to the tool to web-browsers which can only access internal web-sites, as workaround for existing CSRF issues. See also our security considerations with [...]
---------------------------------------------
https://cert.at/en/blog/2020/4/intelmq-manager-release-211-fixes-critical-security-issue


∗∗∗ Security Bulletin: CVE-2019-1552 vulnerability in OpenSSL affect IBM Workload Scheduler ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-1552-vulnerability-in-openssl-affect-ibm-workload-scheduler/


∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a denial of service that affect TXSeries for Multiplatforms ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-denial-of-service-that-affect-txseries-for-multiplatforms/


∗∗∗ Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-application-server-cve-2020-4329/


∗∗∗ Security Bulletin: NVIDIA Windows and Linux GPU Display drivers are have resolved several security vulnerabilities as described below. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-nvidia-windows-and-linux-gpu-display-drivers-are-have-resolved-several-security-vulnerabilities-as-described-below/


∗∗∗ Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM)(CVE-2019-12418, CVE-2019-17563) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-open-source-apache-tomcat-vulnerabilities-affect-ibm-tivoli-application-dependency-discovery-manager-taddmcve-2019-12418-cve-2019-17563-2/


∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a denial of service that affect IBM CICS TX on Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-denial-of-service-that-affect-ibm-cics-tx-on-cloud/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect TXSeries for Multiplatforms ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-txseries-for-multiplatforms/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect DB2 Recovery Expert for Linux, Unix and Windows(IBM SDK, Java Technology Edition Quarterly CPU – Jan 2020) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affect-db2-recovery-expert-for-linux-unix-and-windowsibm-sdk-java-technology-edition-quarterly-cpu-jan-2020-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cics-tx-on-cloud/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Jan 2020 CPU (CVE-2020-2583, CVE-2019-4732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-jan-2020-cpu-cve-2020-2583-cve-2019-4732/


∗∗∗ HPESBHF03970 rev.1 - HPE Products with Intel Ethernet 700 Series Processors, Local Escalation of Privilege, Local Denial of Service ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03970en_us


∗∗∗ Samba: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0377

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily