[CERT-daily] Tageszusammenfassung - 22.01.2020
Daily end-of-shift report
team at cert.at
Wed Jan 22 19:00:32 CET 2020
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 21-01-2020 18:00 − Mittwoch 22-01-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Actively Exploited IE 11 Zero-Day Bug Gets Temporary Patch ∗∗∗
---------------------------------------------
A micropatch implementing Microsofts workaround for the actively exploited zero-day remote code execution (RCE) vulnerability impacting Internet Explorer is now available via the 0patch platform until an official fix will be released.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/actively-exploited-ie-11-zero-day-bug-gets-temporary-patch/
∗∗∗ sLoad launches version 2.0, Starslord ∗∗∗
---------------------------------------------
sLoad has launched version 2.0. With the new version, sLoad, which is a PowerShell-based Trojan downloader notable for its almost exclusive use of the Windows BITS service for malicious activities, has added an anti-analysis trick and the ability to track the stage of infection for every affected machine.
---------------------------------------------
https://www.microsoft.com/security/blog/2020/01/21/sload-launches-version-2-0-starslord/
∗∗∗ FireEye and Citrix Tool Scans for Indicators of Compromise Related to CVE-2019-19781 ∗∗∗
---------------------------------------------
[...] To help organizations identify compromised systems associated with CVE-2019-19781, FireEye and Citrix worked together to release a new tool that searches for indicators of compromise (IoC) associated with attacker activity observed by FireEye Mandiant. This tool is freely accessible in both the Citrix and FireEye GitHub repositories.
---------------------------------------------
https://www.fireeye.com/blog/products-and-services/2020/01/fireeye-and-citrix-tool-scans-for-iocs-related-to-vulnerability.html
∗∗∗ Aktuelle Welle: Ursnif-Trojaner versteckt sich in Zip-Archiven ∗∗∗
---------------------------------------------
Derzeit sind mal wieder vermehrt E-Mails mit gefährlichem Dateianhang in Umlauf. Der Schädling namens Ursnif hat es unter anderem auf Account-Daten abgesehen.
---------------------------------------------
https://heise.de/-4643571
∗∗∗ Achtung: Gekaperte WhatsApp-Kontakte verlangen Verifizierungscode ∗∗∗
---------------------------------------------
Einige WhatsApp-UserInnen berichten von eigenen Kontakten, die per WhatsApp einen Verifizierungscode verlangen. Die Profile dieser Kontakte wurden bereits über die gleiche Betrugsmasche übernommen. Wer auf die Nachrichten der vermeintlichen Bekannten und Familienmitglieder mit den angeforderten Codes antwortet, verliert das eigene WhatsApp-Profil an Kriminelle.
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-gekaperte-whatsapp-kontakte-verlangen-verifizierungscode/
∗∗∗ In enterprise attack wave, NetWire Trojan now buries itself in disk image files ∗∗∗
---------------------------------------------
Enterprise companies are being targeted by a business email scam harnessing the Trojan.
---------------------------------------------
https://www.zdnet.com/article/in-new-enterprise-attack-wave-netwire-rat-trojan-buries-itself-in-image-files/
=====================
= Vulnerabilities =
=====================
∗∗∗ Honeywell Maxpro VMS & NVR ∗∗∗
---------------------------------------------
This advisory contains mitigations for deserialization of untrusted data and SQL injection vulnerabilities in Honeywells MAXPRO VMS & NVR video management systems.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-021-01
∗∗∗ Bitdefender BOX 2 bootstrap download_image command injection vulnerability ∗∗∗
---------------------------------------------
An exploitable command injection vulnerability exists in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/download_image unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. An unauthenticated attacker should impersonate a remote nimbus server to trigger this vulnerability.
---------------------------------------------
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0919
∗∗∗ Sicherheitsupdate: AMD-Treiber und VMware können ein gefährlicher Cocktail sein ∗∗∗
---------------------------------------------
Angreifer könnten mit einem präparierten Pixel Shader eine AMD-Treiber-Lücke ausnutzen, um aus einer VM auszubrechen.
---------------------------------------------
https://heise.de/-4643294
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (tiff and transfig), Fedora (thunderbird-enigmail), Mageia (ffmpeg and sox), openSUSE (fontforge, python3, and tigervnc), Oracle (python-reportlab), Red Hat (apache-commons-beanutils, java-1.8.0-openjdk, kernel, kernel-alt, libarchive, openslp, openvswitch2.11, openvswitch2.12, and python-reportlab), Scientific Linux (java-1.8.0-openjdk and python-reportlab), SUSE (samba and tigervnc), and Ubuntu (python-pysaml2).
---------------------------------------------
https://lwn.net/Articles/810282/
*** Cisco Security Advisories ***
---------------------------------------------
https://tools.cisco.com/security/center/publicationListing.x
∗∗∗ IBM Security Bulletins (High Severity) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/tag/psirthigh/
∗∗∗ Security Bulletin: IBM Integration Bus Hyper visor Edition V9.0 require customer action for security vulnerabilities in Red Hat Linux ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-hyper-visor-edition-v9-0-require-customer-action-for-security-vulnerabilities-in-red-hat-linux-5/
∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Huawei Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200122-01-phone-en
∗∗∗ Security Advisory - Two Integer Overflow Vulnerabilities in LDAP of Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200115-01-ldap-en
∗∗∗ Security Advisory - Insufficient Verification Vulnerability in Some Huawei products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200122-02-osca-en
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list