[CERT-daily] Tageszusammenfassung - 27.07.2020
Daily end-of-shift report
team at cert.at
Mon Jul 27 18:06:49 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 24-07-2020 18:00 − Montag 27-07-2020 18:00
Handler: Dimitri Robl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ No More Ransom turns 4: Saves $632 million in ransomware payments ∗∗∗
---------------------------------------------
The No More Ransom Project celebrates its fourth anniversary today after helping over 4.2 million visitors recover from a ransomware infection and saving an estimated $632 million in ransom payments. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/no-more-ransom-turns-4-saves-632-million-in-ransomware-payments/
∗∗∗ ProLock ransomware – new report reveals the evolution of a threat ∗∗∗
---------------------------------------------
Ransomware crooks keep adjusting their approach to make their demands more compelling, even against companies that say theyd never pay up.
---------------------------------------------
https://nakedsecurity.sophos.com/2020/07/27/prolock-ransomware-new-report-reveals-the-evolution-of-a-threat/
∗∗∗ Cracking Maldoc VBA Project Passwords, (Sun, Jul 26th) ∗∗∗
---------------------------------------------
In diary entry "VBA Project Passwords" I explained that VBA project passwords in malicious documents don't hinder analysis: you can just extract the macros without knowing the password. It's only when you would perform a dynamic analysis with the step-by-step debugger of the VBA IDE, that the password would prevent you from doing this. But there are simple methods to remove the password, and then you can go ahead with your debugging.
---------------------------------------------
https://isc.sans.edu/diary/rss/26390
∗∗∗ Analyzing Metasploit ASP .NET Payloads, (Mon, Jul 27th) ∗∗∗
---------------------------------------------
I recently helped a friend with the analysis of a Metasploit ASP .NET payload.
---------------------------------------------
https://isc.sans.edu/diary/rss/26392
∗∗∗ Ensiko: A Webshell With Ransomware Capabilities ∗∗∗
---------------------------------------------
Ensiko is a PHP web shell with ransomware capabilities that targets various platforms such as Linux, Windows, macOS, or any other platform that has PHP installed. The malware has the capability to remotely control the system and accept commands to perform malicious activities on the infected machine.
---------------------------------------------
https://blog.trendmicro.com/trendlabs-security-intelligence/ensiko-a-webshell-with-ransomware-capabilities/
∗∗∗ Jetzt patchen! Angreifer attackieren BIG-IP Appliances von F5 ∗∗∗
---------------------------------------------
Derzeit haben Angreifer eine kritische Sicherheitslücke in verschiedenen BIG-IP Appliances im Visier. Sicherheitsupdates sind verfügbar.
---------------------------------------------
https://heise.de/-4852900
∗∗∗ Evolution of Valak, from Its Beginnings to Mass Distribution ∗∗∗
---------------------------------------------
Valak is an information stealer and malware loader that has become increasingly common in our threat landscape and is being mass distributed by an actor known as Shathak/TA551.The post Evolution of Valak, from Its Beginnings to Mass Distribution appeared first on Unit42.
---------------------------------------------
https://unit42.paloaltonetworks.com/valak-evolution/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (e2fsprogs, ffmpeg, milkytracker, mupdf, openjdk-11, and qemu), Fedora (bashtop), Gentoo (ant, arpwatch, awstats, cacti, chromium, curl, dbus, djvu, filezilla, firefox, freexl, fuseiso, fwupd, glib-networking, haml, hylafaxplus, icinga, jhead, lha, libexif, libreswan, netqmail, nss, ntfs3g, ntp, ocaml, okular, ossec-hids, qtgui, qtnetwork, re2c, reportlab, samba, sarg, sqlite, thunderbird, transmission, tre, twisted, webkit-gtk, wireshark, and xen),
---------------------------------------------
https://lwn.net/Articles/827153/
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by an information disclosure vulnerability (CVE-2020-4498) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-information-disclosure-vulnerability-cve-2020-4498/
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by an information disclosure vulnerability (CVE-2018-20852) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-information-disclosure-vulnerability-cve-2018-20852/
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-18066) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2018-18066/
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a buffer overflow vulnerability (CVE-2015-2716) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-buffer-overflow-vulnerability-cve-2015-2716/
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2019-13232) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2019-13232/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM MQ Appliance (CVE-2020-4025 and CVE-2020-4203) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-mq-appliance-cve-2020-4025-and-cve-2020-4203/
∗∗∗ Security Bulletin: Security vulnerabilities have been identified in BigFix Platform shipped with IBM License Metric Tool. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-bigfix-platform-shipped-with-ibm-license-metric-tool-2/
∗∗∗ Security Bulletin: Security vulnerability has been identified in BigFix Platform shipped with IBM License Metric Tool. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-has-been-identified-in-bigfix-platform-shipped-with-ibm-license-metric-tool/
∗∗∗ Security Bulletin: IBM MQ Appliance affected by an OpenSSL vulnerability (CVE-2019-1551) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-affected-by-an-openssl-vulnerability-cve-2019-1551/
∗∗∗ Security Bulletin: Udaya testing on production 12345 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-udaya-testing-on-production-12345/
∗∗∗ Security Bulletin: Dev team testing on production 123 456 789 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-dev-team-testing-on-production-123-456-789/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list