[CERT-daily] Tageszusammenfassung - 10.02.2020
Daily end-of-shift report
team at cert.at
Mon Feb 10 18:21:09 CET 2020
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 07-02-2020 18:00 − Montag 10-02-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ KBOT: sometimes they come back ∗∗∗
---------------------------------------------
We recently discovered malware that spread through injecting malicious code into Windows executable files; in other words, a virus. It is the first “living” virus in recent years that we have spotted in the wild. We named it KBOT.
---------------------------------------------
https://securelist.com/kbot-sometimes-they-come-back/96157/
∗∗∗ Emotet: Erster Hase-Igel-Loop für EmoCheck ∗∗∗
---------------------------------------------
Eine neue Emotet-Version machte ein erstes Update des Erkennungs-Tools EmoCheck fällig.
---------------------------------------------
https://heise.de/-4656609
∗∗∗ Dangerous Domain Corp.com Goes Up for Sale ∗∗∗
---------------------------------------------
As an early domain name investor, Mike OConnor had by 1994 snatched up several choice online destinations, including bar.com, cafes.com, grill.com, place.com, pub.com and television.com. Some he sold over the years, but for the past 26 years OConnor refused to auction perhaps the most sensitive domain in his stable -- corp.com.
---------------------------------------------
https://krebsonsecurity.com/2020/02/dangerous-domain-corp-com-goes-up-for-sale/
∗∗∗ Betrügerisches Raiffeisen SMS im Umlauf ∗∗∗
---------------------------------------------
Zahlreiche HandynutzerInnen empfangen aktuell angeblich eine SMS von der Raiffeisenbank. Die Funktion pushTAN sei nicht aktiviert. Um das Problem zu beheben, werden Sie aufgefordert, einem Link zu folgen. Klicken Sie nicht auf den Link, Sie gelangen auf eine gefälschte Raiffeisen-Login-Seite. Kriminelle stehlen Ihre Zugangsdaten und Ihre Telefonnummer.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerisches-raiffeisen-sms-im-umlauf/
=====================
= Vulnerabilities =
=====================
∗∗∗ Tutor LMS < 1.5.3 - Cross-Site Request Forgery (CSRF) ∗∗∗
---------------------------------------------
Tutor LMS WordPress plugin is vulnerable to Cross-Site Request Forgery (CSRF) attacks.
---------------------------------------------
https://wpvulndb.com/vulnerabilities/10058
∗∗∗ Geschlossene Lücke: Dell SupportAssist Client könnte Schadcode laden ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für Dell SupportAssist for business PCs und Dell SupportAssist for home PCs.
---------------------------------------------
https://heise.de/-4656474
∗∗∗ Sicherheitsupdate: Wiki-Software Confluence unter Windows angreifbar ∗∗∗
---------------------------------------------
Angreifer könnten die Windows-Version von Confluence attackieren und sich gegebenenfalls höhere Nutzerrechte verschaffen.
---------------------------------------------
https://heise.de/-4656770
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ipmitool, libexif, and ppp), Fedora (glib2, java-1.8.0-openjdk, java-11-openjdk, libasr, libuv, mingw-gdk-pixbuf, mingw-SDL2, nethack, nghttp2, nodejs, nodejs-mixin-deep, nodejs-set-value, nodejs-yarn, opensmtpd, python-feedgen, runc, samba, sox, and texlive-base), Mageia (chromium-browser-stable, mgetty, openslp, qtbase5, spamassassin, sudo, and xmlrpc), openSUSE (ceph and chromium), Oracle (grub2 and kernel), SUSE (docker-runc, LibreOffice, docker-runc, wicked), Ubuntu (libxml2, qtbase-opensource-src)
---------------------------------------------
https://lwn.net/Articles/812118/
∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200207-01-te-en
∗∗∗ Security Bulletin: Aspera Web Shares application is affected by NGINX Vulnerabilities (CVE-2018-16845, CVE-2018-16843, CVE-2019-7401) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-shares-application-is-affected-by-nginx-vulnerabilities-cve-2018-16845-cve-2018-16843-cve-2019-7401/
∗∗∗ Security Bulletin: Aspera Web Applications (Faspex, Console, Shares) are affected by Apache Vulnerabilities (CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10098), ) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-applications-faspex-console-shares-are-affected-by-apache-vulnerabilities-cve-2019-10081-cve-2019-10082-cve-2019-10092-cve-2019-10098/
∗∗∗ Security Bulletin: Aspera Web Applications (Faspex, Console) are affected by Apache Vulnerabilities (CVE-2019-0196, CVE-2019-0197, CVE-2019-0215, CVE-2019-0217, CVE-2019-0220) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-applications-faspex-console-are-affected-by-apache-vulnerabilities-cve-2019-0196-cve-2019-0197-cve-2019-0215-cve-2019-0217-cve-2019-0220/
∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (February 2020v1) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-object-storage-systems-february-2020v1/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server January 2020 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-january-2020-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/
∗∗∗ Security Bulletin: Aspera Web Application (Faspex, Console, Orchestrator, Shares) are affected by Apache vulnerabilities (CVE-2019-9517, CVE-2019-10097) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-application-faspex-console-orchestrator-shares-are-affected-by-apache-vulnerabilities-cve-2019-9517-cve-2019-10097/
∗∗∗ Security Bulletin: Aspera Web Faspex application is affected by OpenSSL Vulnerability (CVE-2019-1552) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-faspex-application-is-affected-by-openssl-vulnerability-cve-2019-1552/
∗∗∗ Security Bulletin: IBM Aspera WebApps (Shares, Faspex, Console, Orchestrator) and products are affected by OpenSSL Vulnerability (CVE-ID: CVE-2019-1543) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-webapps-shares-faspex-console-orchestrator-and-products-are-affected-by-openssl-vulnerability-cve-id-cve-2019-1543/
∗∗∗ HPESBHF03978 rev.2 - HPE Superdome Flex Server, Multiple Remote Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03978en_us
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list