[CERT-daily] Tageszusammenfassung - 05.06.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 04-06-2020 18:00 − Freitag 05-06-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Ongoing eCh0raix ransomware campaign targets QNAP NAS devices ∗∗∗
---------------------------------------------
After remaining relatively quiet over the past few months, the threat actors behind the eCh0raix Ransomware have launched a brand new campaign targeting QNAP storage devices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ongoing-ech0raix-ransomware-campaign-targets-qnap-nas-devices/


∗∗∗ Understanding the Payload-Less Email Attacks Evading Your Security Team ∗∗∗
---------------------------------------------
Business email compromise (BEC) attacks represent a small percentage of email attacks, but disproportionately represent the greatest financial risk.
---------------------------------------------
https://threatpost.com/understanding-payload-less-email-attacks/156299/


∗∗∗ Botnet blasts WordPress sites with configuration download attacks ∗∗∗
---------------------------------------------
A million sites attacked by 20,000 different computers.
---------------------------------------------
https://nakedsecurity.sophos.com/2020/06/05/botnet-blasts-wordpress-sites-with-configuration-download-attacks/


∗∗∗ Not so FastCGI!, (Fri, Jun 5th) ∗∗∗
---------------------------------------------
This past month, we've seen some new and different scans targeting tcp ports between 8000 and 10,000. The first occurrence was on 30 April 2020 and originated from ip address 23.95.67.187 and containing payload: [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/26208


∗∗∗ IBM Releases Open Source Toolkits for Processing Data While Encrypted ∗∗∗
---------------------------------------------
IBM this week announced the availability of open source toolkits that allow for data to be processed while it’s still encrypted.
---------------------------------------------
https://www.securityweek.com/ibm-releases-open-source-toolkits-processing-data-while-encrypted


∗∗∗ Achtung: Gewinn24.de fordert hohe Geldsummen am Telefon ∗∗∗
---------------------------------------------
„Guten Tag, Inkassobüro XY spricht. Sie haben einen Abo-Vertrag mit Gewinn24 abgeschlossen und sind mit Ihrer Zahlung im Rückstand“. So oder so ähnlich beginnen BetrügerInnen, die im Auftrag von Gewinn24.de anrufen, das Telefongespräch. Ein vermeintliches Inkassobüro erklärt am Telefon, dass die Kosten für ein Abo mit Gewinn24.de nicht bezahlt wurden. Die Opfer wissen jedoch selten von so einem Abo. Das ist auch nicht verwunderlich: [...]
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-gewinn24de-fordert-hohe-geldsummen-am-telefon/


∗∗∗ New Sandbox Evasions spot in VBS samples ∗∗∗
---------------------------------------------
While hidden Macro 4.0 samples are on the rise, we recently spotted some very interesting evasive VBS samples. In this short blog post, we will look at sample files#_56117.vbs, MD5: 147091e61ec59f67ab598d26f15ad0e7 and outline some of the evasive tricks.
---------------------------------------------
http://blog.joesecurity.org/2020/06/new-evasive-vbs-samples-spot.html


∗∗∗ Ransomware nimmt Windows- und Linux-Systeme mit neuartigem Angriff ins Visier ∗∗∗
---------------------------------------------
Die Hintermänner programmieren die Erpressersoftware in Java. Die Verteilung erfolgt über eine Java-Image-Datei. Sicherheitsforschern zufolge hilft das Vorgehen bei der Verschleierung der Aktivitäten der Malware.
---------------------------------------------
https://www.zdnet.de/88380548/ransomware-nimmt-windows-und-linux-systeme-mit-neuartigem-angriff-ins-visier/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security: Sicherheitslücken betreffen praktisch alle Qnap-NAS-Systeme ∗∗∗
---------------------------------------------
Gleich drei Security-Probleme sind von Qnap gemeldet worden. Das Unternehmen rät zu einem sofortigen Update des Betriebssystems.
---------------------------------------------
https://www.golem.de/news/security-sicherheitsluecken-betreffen-praktisch-alle-qnap-nas-systeme-2006-148930-rss.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (bind, firefox, and freerdp), Debian (netqmail and python-django), Fedora (cacti, cacti-spine, dbus, firefox, gjs, mbedtls, mozjs68, and perl), Oracle (freerdp and kernel), Scientific Linux (bind and firefox), Slackware (mozilla), SUSE (krb5-appl, libcroco, libexif, libreoffice, libxml2, qemu, transfig, and vim), and Ubuntu (firefox, freerdp, and python-django).
---------------------------------------------
https://lwn.net/Articles/822342/


∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4449) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-an-information-exposure-vulnerability-cve-2020-4449/


∗∗∗ Security Bulletin: Session is not invalidated After Logout ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-session-is-not-invalidated-after-logout/


∗∗∗ Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-remote-code-execution-vulnerability-in-websphere-application-server-nd-cve-2020-4448/


∗∗∗ Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by multiple vulnerabilities in libssh2 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management-module-ii-imm2-is-affected-by-multiple-vulnerabilities-in-libssh2/


∗∗∗ Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server that is installed with IBM SPSS Analytic Server (CVE-2019-12406) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-cxf-affects-websphere-application-server-that-is-installed-with-ibm-spss-analytic-server-cve-2019-12406/


∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4450) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4450/


∗∗∗ Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by a vulnerability in libssh2 (CVE-2016-0787) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management-module-ii-imm2-is-affected-by-a-vulnerability-in-libssh2-cve-2016-0787-2/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily