[CERT-daily] Tageszusammenfassung - 29.07.2020
Daily end-of-shift report
team at cert.at
Wed Jul 29 18:24:03 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 28-07-2020 18:00 − Mittwoch 29-07-2020 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ VermieterInnen aufgepasst: Besonders in der Urlaubszeit wollen BetrügerInnen an Ihr Geld! ∗∗∗
---------------------------------------------
Betrug im Internet zielt manchmal auf ganz bestimmte Personengruppen ab. Gerade jetzt in der Urlaubszeit sind auch Zimmer- oder Ferienwohnung-VermieterInnen sowie Hoteliers im Visier von BetrügerInnen. Die Kriminellen geben sich dabei als interessierte Gäste aus und versuchen durch Scheckbetrug an das Geld der VermieterInnen zu kommen.
---------------------------------------------
https://www.watchlist-internet.at/news/vermieterinnen-aufgepasst-besonders-in-der-urlaubszeit-wollen-betruegerinnen-an-ihr-geld/
∗∗∗ Betrüger-Mails: Emotet klaut Dateianhänge für mehr Authentizität ∗∗∗
---------------------------------------------
Aufgepasst: Emotet hat dazu gelernt und versteckt sich nun in noch glaubhafteren Mails.
---------------------------------------------
https://heise.de/-4857724
∗∗∗ Netwalker malware: What it is, how it works and how to prevent it | Malware spotlight ∗∗∗
---------------------------------------------
Netwalker is a data encryption malware that represents an evolution of the well-known Kokoklock ransomware and has been active since September 2019. This article will detail the specific technical features of the Netwalker ransomware.
---------------------------------------------
https://resources.infosecinstitute.com/netwalker-malware-what-it-is-how-it-works-and-how-to-prevent-it-malware-spotlight/
∗∗∗ MMS Exploit Part 3: Constructing the Memory Corruption Primitives ∗∗∗
---------------------------------------------
Posted by Mateusz Jurczyk, Project Zero. This post is the third of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices.
---------------------------------------------
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-3-constructing-primitives.html
=====================
= Vulnerabilities =
=====================
∗∗∗ Magento gets security updates for severe code execution bugs ∗∗∗
---------------------------------------------
Adobe today released security updates to fix two code execution vulnerabilities affecting Magento Commerce and Magento Open Source, rated as important and critical severity.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/magento-gets-security-updates-for-severe-code-execution-bugs/
∗∗∗ Critical Arbitrary File Upload Vulnerability Patched in wpDiscuz Plugin ∗∗∗
---------------------------------------------
On June 19th, our Threat Intelligence team discovered a vulnerability present in Comments – wpDiscuz, a WordPress plugin installed on over 80,000 sites. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server.
---------------------------------------------
https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (curl, firefox-esr, luajit, and salt), Fedora (clamav, java-1.8.0-openjdk, and java-11-openjdk), Gentoo (claws-mail, dropbear, ffmpeg, libetpan, mujs, mutt, and rsync), openSUSE (qemu), Red Hat (openstack-tripleo-heat-templates), SUSE (freerdp, ldb, rubygem-puma, samba, and webkit2gtk3), and Ubuntu (mysql-5.7, mysql-8.0 and sympa).
---------------------------------------------
https://lwn.net/Articles/827376/
∗∗∗ Security Bulletin: Legacy Components of IBM Netcool Configuration Manager have been updated. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-legacy-components-of-ibm-netcool-configuration-manager-have-been-updated/
∗∗∗ Security Bulletin: Apache CXF vulnerability identified in IBM Tivoli Application Dependency Discovery Manager (CVE-2020-1954) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-vulnerability-identified-in-ibm-tivoli-application-dependency-discovery-manager-cve-2020-1954/
∗∗∗ Security Bulletin: IBM Planning Analytics has addressed multiple Security Vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-has-addressed-multiple-security-vulnerabilities-2/
∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to Information Disclosure (CVE-2020-4463) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-information-disclosure-cve-2020-4463/
∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Security Key Lifecycle Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-security-key-lifecycle-manager/
∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2019 – Includes Oracle Oct 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2019-includes-oracle-oct-2019-cpu-affects-ibm-tivoli-composite-application-manager-for-transactions-robotic-response-time/
∗∗∗ IBM Informix: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0764
∗∗∗ Stored Cross-Site Scripting (XSS) Vulnerability in Namirial SIGNificant SignAnyWhere ∗∗∗
---------------------------------------------
https://sec-consult.com/./en/blog/advisories/stored-cross-site-scripting-xss-vulnerability-in-namirial-significant-signanywhere/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list