[CERT-daily] Tageszusammenfassung - 03.06.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 02-06-2020 18:00 − Mittwoch 03-06-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Mukashi malware: What it is, how it works and how to prevent it | Malware spotlight ∗∗∗
---------------------------------------------
Learning from the past can be an important part of future success in any endeavor, including cyberattacks. Attack groups observe this concept and apply it when they create new attack campaigns before they are released into the wild. Mukashi is an example of a malware that uses what has worked well for attackers in [...]
---------------------------------------------
https://resources.infosecinstitute.com/mukashi-malware-what-it-is-how-it-works-and-how-to-prevent-it-malware-spotlight/


∗∗∗ System Takeover Through New SAP ASE Vulnerabilities ∗∗∗
---------------------------------------------
Organizations often store their most critical data in databases, which, in turn, are often necessarily exposed in untrusted or publicly exposed environments. This makes vulnerabilities like these essential to address and test quickly since they not only threaten the data in the database but potentially the full host that it is running on.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/system-takeover-through-new-sap-ase-vulnerabilities/


∗∗∗ Jetzt patchen! Weltweit immer noch mehr als 1 Millionen Exim-Server attackierbar ∗∗∗
---------------------------------------------
Die National Security Agency (NSA) warnt vor Attacken auf Exim-Mailserver. Sicherheitsupdates sind schon länger verfügbar.
---------------------------------------------
https://heise.de/-4772712


∗∗∗ Large Scale Attack Campaign Targets Database Credentials ∗∗∗
---------------------------------------------
Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files. The peak of this attack campaign occurred on May 30, 2020. At this point, attacks from this campaign accounted for 75% of all attempted exploits of [...]
---------------------------------------------
https://www.wordfence.com/blog/2020/06/large-scale-attack-campaign-targets-database-credentials/


∗∗∗ Zahlreiche China-Shops werben auf Facebook mit günstiger Damenmode ∗∗∗
---------------------------------------------
Das Unternehmen „Chicv International Holding Limited“ ist schon länger bekannt, da es für zahlreiche Online-Shops verantwortlich ist. Laut Erfahrungsberichten von KonsumentInnen treffen die bestellten Produkte von diesen Shops – wenn überhaupt – sehr spät ein. Sind die Waren schließlich angekommen, zeigt sich schnell, dass diese nichts mit den Bildern und Beschreibungen im Online-Shop zu tun haben.
---------------------------------------------
https://www.watchlist-internet.at/news/zahlreiche-china-shops-werben-auf-facebook-mit-guenstiger-damenmode/


∗∗∗ Sophos Web Appliance: Certificate validation failed for sites signed by Sectigo root CA ∗∗∗
---------------------------------------------
Websites that are signed by Sectigo root CA may fail to connect and a certificate validation failed due to certificate AddTrust External CA Root expired on May 30th 2020.
---------------------------------------------
https://community.sophos.com/kb/en-US/135544



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitsupdates: Firefox und Tor Browser könnten private Schlüssel leaken ∗∗∗
---------------------------------------------
Mehrere Sicherheitslücken in den Webbrowsern Firefox, Firefox ESR und Tor Browser gefährden Computer.
---------------------------------------------
https://heise.de/-4772615


∗∗∗ Vulnerability Spotlight: Two vulnerabilities in Zoom could lead to code execution ∗∗∗
---------------------------------------------
Cisco Talos recently discovered two vulnerabilities in the popular Zoom video chatting application that could allow a malicious user to execute arbitrary code on victims’ machines.
---------------------------------------------
https://blog.talosintelligence.com/2020/06/vuln-spotlight-zoom-code-execution-june-2020.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (java-11-openjdk, perl-Email-MIME, perl-Email-MIME-ContentType, and slurm), openSUSE (imapfilter, mailman, and python-rpyc), Red Hat (bind and firefox), SUSE (evolution-data-server, python, qemu, and w3m), and Ubuntu (python-django).
---------------------------------------------
https://lwn.net/Articles/822136/


∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200603-01-memory-en


∗∗∗ Security Advisory - Improper Handling of Exceptional Condition Vulnerability in Huawei Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200603-01-smartphone-en


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-cross-site-scripting-vulnerability/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by Use of Hard-Coded Credentials vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-use-of-hard-coded-credentials-vulnerabilities/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Improper Access Control vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-improper-access-control-vulnerability/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator-4/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-3/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Hard-coded passwords vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-hard-coded-passwords-vulnerability/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OS Command Injection vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-os-command-injection-vulnerabilities/


∗∗∗ Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2020-4303, CVE-2020-4304) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-is-vulnerable-to-cross-site-scripting-cve-2020-4303-cve-2020-4304-2/


∗∗∗ Security Bulletin: The vanruability (net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact) found Network Performance Insight (CVE-2019-17571) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-the-vanruability-net-sf-ehcache-blocking-in-fasterxml-jackson-databind-has-an-unknown-impact-found-network-performance-insight-cve-2019-17571/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-2/


∗∗∗ June 2, 2020   TNS-2020-04   [R1] Nessus Network Monitor 5.11.1 Fixes One Third-party Vulnerability ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2020-04


∗∗∗ docker: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0524

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily