[CERT-daily] Tageszusammenfassung - 21.01.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 20-01-2020 18:00 − Dienstag 21-01-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ SIM Hijacking ∗∗∗
---------------------------------------------
SIM hijacking -- or SIM swapping -- is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Since your smartphone often serves as a security measure or backup verification system, this allows the fraudster to take over other accounts of yours. Sometimes this involves people inside the phone companies. Phone companies have added security measures since this attack became popular and public, but a new study [...]
---------------------------------------------
https://www.schneier.com/blog/archives/2020/01/sim_hijacking.html


∗∗∗ Realistic Factory Honeypot Shows Threats Faced by Industrial Organizations ∗∗∗
---------------------------------------------
Trend Micro researchers have set up a factory honeypot and found that industrial organizations should be more concerned about attacks launched by profit-driven cybercriminals rather than the threat posed by sophisticated state-sponsored groups.
---------------------------------------------
https://www.securityweek.com/realistic-factory-honeypot-shows-threats-faced-industrial-organizations


∗∗∗ Vorsicht vor betrügerischen Microsoft-Anrufen ∗∗∗
---------------------------------------------
Aktuell geben sich Kriminelle wieder als Microsoft-MitarbeiterInnen aus und rufen beliebige Telefonnummern an. Angeblich gäbe es ein Problem mit Ihrem Computer. Dieses wollen die betrügerischen AnruferInnen nun mit Ihnen gemeinsam beheben. Legen Sie sofort auf, Kriminelle wollen sich Zugang auf Ihren Computer verschaffen und sensible Benutzerdaten abgreifen.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-betruegerischen-microsoft-anrufen/


∗∗∗ Antivirus vendors push fixes for EFS ransomware attack method ∗∗∗
---------------------------------------------
Signature-based software may not be enough to protect Microsoft’s Windows EFS against evolving ransomware families.
---------------------------------------------
https://www.zdnet.com/article/antivirus-vendors-scramble-to-fix-new-efs-ransomware-attack/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Samba Releases Security Updates ∗∗∗
---------------------------------------------
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2019-14902, CVE-2019-14907, and CVE-2019-19344 and apply the necessary updates and workarounds.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2020/01/21/samba-releases-security-updates


∗∗∗ CVE-2019-19886 – HIGH – DoS against libModSecurity 3 ∗∗∗
---------------------------------------------
The ModSecurity 3.0.x release line suffers from a Denial of Service vulnerability after triggering a segmentation fault on the webserver when parsing a malformed cookie header. All users of ModSecurity 3.0.0 – 3.0.3 should update to ModSecurity 3.0.4 as soon as possible.
---------------------------------------------
https://coreruleset.org/20200118/cve-2019-19886-high-dos-against-libmodsecurity-3/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (openconnect), Fedora (e2fsprogs, glibc, kernel, and nss), openSUSE (Mesa, php7, and slurm), Oracle (.NET Core, java-1.8.0-openjdk, java-11-openjdk, and thunderbird), Red Hat (java-1.8.0-openjdk, openvswitch, and openvswitch2.11), Scientific Linux (java-1.8.0-openjdk), SUSE (java-11-openjdk, libssh, libvpx, Mesa, and thunderbird), and Ubuntu (libbsd and samba).
---------------------------------------------
https://lwn.net/Articles/810157/


∗∗∗ Insufficient Authentication Vulnerability in OSCA Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200121-01-osca-en


∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ermöglichen Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0062


∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0061

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily