[CERT-daily] Tageszusammenfassung - 14.02.2020

Fri Feb 14 18:22:10 CET 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 13-02-2020 18:00 − Freitag 14-02-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Parallax RAT: Common Malware Payload After Hacker Forums Promotion ∗∗∗
---------------------------------------------
A remote access Trojan named Parallax is being widely distributed through malicious spam campaigns that when installed allow attackers to gain full control over an infected system.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/parallax-rat-common-malware-payload-after-hacker-forums-promotion/


∗∗∗ Keep an Eye on Command-Line Browsers, (Fri, Feb 14th) ∗∗∗
---------------------------------------------
For a few weeks, Im searching for suspicious files that make use of a command line browser like curl.exe or wget.exe in Windows environment. Wait, you were not aware of this? Just open a cmd.exe and type 'curl.exe' on your Windows 10 host: [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/25804


∗∗∗ LokiBot Impersonates Popular Game Launcher and Drops Compiled C# Code File ∗∗∗
---------------------------------------------
Recently, we discovered LokiBot (detected by Trend Micro as Trojan.Win32.LOKI) impersonating a popular game launcher to trick users into executing it on their machines. Further analysis revealed that a sample of this variant employs a quirky, installation routine that involves dropping a compiled C# code file.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/WsiHoe_u7N4/


∗∗∗ An In-Depth Technical Analysis of CurveBall (CVE-2020-0601) ∗∗∗
---------------------------------------------
The first Microsoft patch Tuesday of 2020 contained fixes for CVE-2020-0601 [...] an attacker exploiting this vulnerability could potentially create their own cryptographic certificates that appear to originate from a legitimate certificate that is fully trusted by Windows by default. .. this post will primarily highlight the code-level root cause analysis of the vulnerability in the context of how applications are likely to use CryptoAPI to handle certificates — more specifically in the [...]
---------------------------------------------
https://blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-technical-analysis-of-curveball-cve-2020-0601/


∗∗∗ Sicherheitslücken-Sammlung SweynTooth: SocS in zahlreichen Produkten verwundbar ∗∗∗
---------------------------------------------
Zwölf Lücken in der Bluetooth-Low-Energy-Umsetzung auf Systems-on-Chip mehrerer Hersteller betreffen Wearables, IoT- aber wohl auch medizinische Geräte.
---------------------------------------------
https://heise.de/-4660872


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Trend Micro AntiVirus: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
Trend Micro AntiVirus ist eine Anti-Viren-Software.
Trend Micro Maximum Security ist eine Desktop Security Suite.
Trend Micro Internet Security ist eine Firewall und Antivirus Lösung.
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/02/warnmeldung_tw-t20-0031.html


∗∗∗ Schneider Electric Modicon Ethernet Serial RTU ∗∗∗
---------------------------------------------
This advisory contains mitigations for improper check for unusual or exceptional conditions, and improper access control vulnerabilities in Schneider Electrics Modicons BMXNOR0200H Ethernet Serial RTU, a remote terminal unit.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-044-01


∗∗∗ Schneider Electric Magelis HMI Panels ∗∗∗
---------------------------------------------
This advisory contains mitigations for an improper check for unusual or exceptional conditions vulnerability in Schneiders Magelis HMI Panels.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-044-02


∗∗∗ FortiManager Cross-Site WebSocket Hijacking (CSWSH) ∗∗∗
---------------------------------------------
An Insufficient Verification of Data Authenticity vulnerability in FortiManager may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. FortiManager 6.2.0 to 6.2.1, 6.0.6 and below.
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-19-191


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (debian-security-support, postgresql-11, and postgresql-9.6), Fedora (cutter-re, firefox, php-horde-Horde-Data, radare2, and texlive-base), openSUSE (docker-runc), Oracle (kernel), Red Hat (sudo), and Ubuntu (firefox).
---------------------------------------------
https://lwn.net/Articles/812494/


∗∗∗ Bugtraq: [TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG) ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/542223


∗∗∗ Security Bulletin: Vulnerability affecting IBM Network Performance Insight (CVE-2019-12402) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affecting-ibm-network-performance-insight-cve-2019-12402/


∗∗∗ Security Bulletin: Vulnerability affecting IBM Network Performance Insight (CVE-2019-16335) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affecting-ibm-network-performance-insight-cve-2019-16335/


∗∗∗ Security Bulletin: Oct 2019 : Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-oct-2019-multiple-vulnerabilities-in-ibm-java-runtime-affect-cics-transaction-gateway/


∗∗∗ Security Bulletin: OpenSSL vulnerability affects IBM Rational Team Concert ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-affects-ibm-rational-team-concert-2/


∗∗∗ Security Bulletin: Oracle Outside In Technology vulnerability in Rational DOORS Next Generation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-outside-in-technology-vulnerability-in-rational-doors-next-generation/


∗∗∗ Security Bulletin: Vulnerabilities affect IBM Network Performance Insight (CVE-2019-14379, CVE-2019-17531, CVE-2019-14439 and CVE-2019-14540) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-ibm-network-performance-insight-cve-2019-14379-cve-2019-17531-cve-2019-14439-and-cve-2019-14540/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Digital Payments ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-digital-payments/


∗∗∗ Red Hat Virtualization: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0132

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily