[CERT-daily] Tageszusammenfassung - 02.01.2020
Daily end-of-shift report
team at cert.at
Thu Jan 2 18:17:36 CET 2020
=====================
= End-of-Day report =
=====================
Timeframe: Montag 30-12-2019 18:00 − Donnerstag 02-01-2020 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Ransomware in Node.js, (Thu, Jan 2nd) ∗∗∗
---------------------------------------------
Here is a sample that I spotted two days ago. Its an interesting one because its a malware that implements ransomware features developed in Node.js! The stage one is not obfuscated and I suspect the script to be a prototype or a test...
---------------------------------------------
https://isc.sans.edu/diary/rss/25664
∗∗∗ The Anatomy of Website Malware Part 2: Credit Card Stealers ∗∗∗
---------------------------------------------
One of the biggest malicious trends in the last few months and years are credit card stealers — also commonly referred to as credit card skimmers or cc stealers . In the second part of this Website Malware Anatomy series, I’m going to deconstruct several skimmers and show you what they look like, where they are hiding, and how they work.
---------------------------------------------
https://blog.sucuri.net/2019/12/the-anatomy-of-website-malware-part-2-credit-card-stealers.html
∗∗∗ Kaufen Sie keine Welpen auf realpuppieshome.com ∗∗∗
---------------------------------------------
Auf realpuppieshome.com werden Ihnen zahlreiche entzückende Zuchtwelpen angezeigt und zur Adoption angeboten. Die aufwendig gestaltete Website täuscht dabei ein seriöses Angebot vor. Doch nehmen Sie sich in Acht: Hier erhalten Sie das gewünschte Hundejunge nie. Stattdessen verlieren Sie Ihr Geld an Kriminelle.
---------------------------------------------
https://www.watchlist-internet.at/news/kaufen-sie-keine-welpen-auf-realpuppieshomecom/
=====================
= Vulnerabilities =
=====================
∗∗∗ December 30, 2019 TNS-2019-09 [R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities ∗∗∗
---------------------------------------------
Three separate third-party components (OpenSSL, Apache HTTP Server, SimpleSAMLphp) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues in Tenable.sc.
---------------------------------------------
http://www.tenable.com/security/tns-2019-09
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (intel-microcode and libbsd), openSUSE (chromium, LibreOffice, and spectre-meltdown-checker), and SUSE (mozilla-nspr, mozilla-nss and python-azure-agent).
---------------------------------------------
https://lwn.net/Articles/808319/
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (igraph, jhead, libgcrypt20, otrs2, and waitress) and Mageia (clamaw, exiv2, filezilla, hunspell, libidn2, pdfresurrect, roundcubemail, and xpdf).
---------------------------------------------
https://lwn.net/Articles/808395/
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Red Hat (chromium-browser and rh-git218-git) and SUSE (java-1_8_0-ibm and openssl-1_1).
---------------------------------------------
https://lwn.net/Articles/808488/
∗∗∗ Cisco Data Center Network Manager Authentication Bypass Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass
∗∗∗ Cisco Data Center Network Manager XML External Entity Read Access Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-xml-ext-entity
∗∗∗ Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-unauth-access
∗∗∗ Cisco Data Center Network Manager SQL Injection Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
∗∗∗ Cisco Data Center Network Manager Path Traversal Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-path-trav
∗∗∗ Cisco Data Center Network Manager Command Injection Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-comm-inject
∗∗∗ Security Advisory - Missing Integrity Checking Vulnerability on Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191225-01-digital-en
∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191030-01-phone-en
∗∗∗ Security Advisory - Improper Credentials Management Vulnerability in Some Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200102-01-credential-en
∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200102-02-smartphone-en
∗∗∗ Security Advisory - Denial of Service Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200102-03-smartphone-en
∗∗∗ Security Advisory - Buffer Error Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200102-01-buffer-en
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Privileged Identity Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-privileged-identity-manager/
∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Private – Swagger UI (CVE-2019-17495) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-swagger-ui-cve-2019-17495/
∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Private Kubernetes (CVE-2019-11245) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-kubernetes-cve-2019-11245/
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to IBM WebSphere Application Server Liberty vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-ibm-websphere-application-server-liberty-vulnerabilities/
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2014-3603) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-ibm-websphere-application-server-liberty-vulnerability-cve-2014-3603/
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-12402) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-ibm-websphere-application-server-liberty-vulnerability-cve-2019-12402/
∗∗∗ Security Bulletin: A Security Vulnerability affects Cloud Foundry for IBM Cloud Private (CVE-2019-16935) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-affects-cloud-foundry-for-ibm-cloud-private-cve-2019-16935/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list