[CERT-daily] Tageszusammenfassung - 29.04.2020
Daily end-of-shift report
team at cert.at
Wed Apr 29 18:58:16 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 28-04-2020 18:00 − Mittwoch 29-04-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Would You Have Fallen for This Phone Scam? ∗∗∗
---------------------------------------------
You may have heard that todays phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. But you probably didnt know that your bank may be making it super easy for thieves to impersonate the bank, by giving away information about recent transactions on your account via automated, phone-based customer support systems.
---------------------------------------------
https://krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-scam/
∗∗∗ Cloud Under Pressure: Keeping AWS Projects Secure ∗∗∗
---------------------------------------------
Amazon Web Services (AWS) allow organizations to take advantage of numerous services and capabilities. As the number of available options under the cloud infrastructure of the company grows, so too do the security risks and the possible weaknesses.
---------------------------------------------
https://www.tripwire.com/state-of-security/security-data-protection/cloud/cloud-under-pressure-keeping-aws-projects-secure/
∗∗∗ Google Researchers Find Multiple Vulnerabilities in Apples ImageIO Framework ∗∗∗
---------------------------------------------
Google Project Zero security researchers have discovered multiple vulnerabilities in ImageIO, the image parsing API used by Apple’s iOS and macOS operating systems.
---------------------------------------------
https://www.securityweek.com/google-researchers-find-multiple-vulnerabilities-apples-imageio-framework
∗∗∗ Emotet C2 and RSA Key Update - 04/28/2020 23:59 ∗∗∗
---------------------------------------------
Emotet C2 and RSA Key - Update 04/28/2020 at 23:59 UTC
News: Still no Emotet back this week for spamming but once again more shennanigans with Trickbot installs doing option 42 to drop Emotet E2 as shown by Fate112 in his post here: https://twitter.com/tosscoinwitcher/status/1255259004164542464
Watch for the falling C2 combos… seems like they are doing a lot of spring cleaning as counts plummet as of late. Key and current C2 list below for each Epoch [...]
---------------------------------------------
https://paste.cryptolaemus.com/emotet/2020/04/28/emotet-c2-rsa-update-04-28-20-1.html
∗∗∗ Check Point: Android-Ransomware verschlüsselt Dateien angeblich im Namen des FBI ∗∗∗
---------------------------------------------
Die Erpressersoftware fordert im Namen der US-Bundespolizei ein Lösegeld von 500 Dollar. Sie kann aber auch die vollständige Kontrolle über ein Smartphone übernehmen und weitere schädliche Apps installieren. Check Point vermutet die Hintermänner in Russland.
---------------------------------------------
https://www.zdnet.de/88379222/check-point-android-ransomware-verschluesselt-dateien-angeblich-im-namen-des-fbi/
=====================
= Vulnerabilities =
=====================
∗∗∗ Cisco IOS XE SD-WAN Software Command Injection Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xesdwcinj-AcQ5MxCn
∗∗∗ Security Updates Available for Magento | APSB20-22 ∗∗∗
---------------------------------------------
Magento has released updates for Magento Commerce and Open Source editions. These updates resolve vulnerabilities rated Critical, Important and Moderate (severity ratings). Successful exploitation could lead to arbitrary code execution.
---------------------------------------------
https://helpx.adobe.com/security/products/magento/apsb20-22.html
∗∗∗ VMSA-2020-0008 ∗∗∗
---------------------------------------------
VMware ESXi patches address Stored Cross-Site Scripting (XSS) vulnerability (CVE-2020-3955)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2020-0008.html
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (kernel, openjdk-7, openjdk-8, and openldap), Fedora (openvpn), openSUSE (teeworlds and vlc), Red Hat (bind, binutils, bluez, container-tools:1.0, container-tools:2.0, container-tools:rhel8, cups, curl, dnsmasq, dpdk, e2fsprogs, edk2, evolution, exiv2, fontforge, freeradius:3.0, gcc, gdb, glibc, GNOME, grafana, GStreamer, libmad, and SDL, haproxy, ibus and glib2, irssi, kernel, kernel-rt, liblouis, libmspack, libreoffice, libsndfile, libtiff, libxml2, [...]
---------------------------------------------
https://lwn.net/Articles/818950/
∗∗∗ Advisory: Sophos XG Firewall: Asnarok Vulnerability - Actions required for SFM/CFM managed devices ∗∗∗
---------------------------------------------
This article outlines the remediation steps for XG Firewalls with severed connections to SFM and CFM central management product.
---------------------------------------------
https://community.sophos.com/kb/en-US/135429
∗∗∗ Advisory - Sophos XG Firewall v18: Upgrade from v17.5.x to v18 Build_354 will take longer than previous upgrades ∗∗∗
---------------------------------------------
https://community.sophos.com/kb/en-US/135437
∗∗∗ April 28, 2020 TNS-2020-03 [R1] Nessus Agent 7.6.3 Fixes Multiple Third-party Vulnerabilities ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2020-03
∗∗∗ Red Hat Security Advisories ∗∗∗
---------------------------------------------
https://access.redhat.com/errata/#/?q=&p=1&sort=portal_publication_date%20desc&rows=25&portal_advisory_type=Security%20Advisory
∗∗∗ Security Bulletin: Vulnerability in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-websphere-liberty-affecting-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/
∗∗∗ Security Bulletin: Vulnerabilities exist in Watson Explorer (CVE-2019-4720, CVE-2019-12406) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-exist-in-watson-explorer-cve-2019-4720-cve-2019-12406/
∗∗∗ Security Bulletin: Vulnerabilities in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-websphere-liberty-affecting-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Jan 2020 CPU (CVE-2020-2583, CVE-2019-4732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-application-manager-jan-2020-cpu-cve-2020-2583-cve-2019-4732/
∗∗∗ Security Bulletin: A vulnerability in in IBM® Runtime Environment Java™ Version affects IBM WIoTP MessageGateway (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-in-ibm-runtime-environment-java-version-affects-ibm-wiotp-messagegateway-cve-2020-2654/
∗∗∗ Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2019-1551) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affects-watson-explorer-foundational-components-cve-2019-1551/
∗∗∗ Security Bulletin: Sensitive Information Disclosed in Logs (CVE-2019-4286) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-sensitive-information-disclosed-in-logs-cve-2019-4286/
∗∗∗ Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nss-nss-softokn-nss-util-vulnerability-cve-2019-11729-and-cve-2019-11745/
∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-ibm-connec-4/
∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-ibm-connec-3/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list