[CERT-daily] Tageszusammenfassung - 15.06.2020

Mon Jun 15 18:19:37 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 12-06-2020 18:00 − Montag 15-06-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Mirai Botnet Activity, (Sat, Jun 13th) ∗∗∗
---------------------------------------------
This past week, I noticed new activity from the Mirai botnet in my honeypot. The sample log with the IP and file associated with the first log appears to have been taken down (96.30.193.26) which appeared multiple times this week including today. However, the last two logs from today are still active which is using a Bash script to download multiple exploits targeting various device types (MIPS, ARM4-7, MPSL, x86, PPC, M68k). Something else of interest is the User-Agent: XTC and the name viktor [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/26234


∗∗∗ What is the Gibberish Hack? ∗∗∗
---------------------------------------------
Discovering some random folder with numbers and letters you don’t remember on your website would make any website owner put on their detective cap. At first, you may think, “Did I leave my FTP client open and my cat ran across the keyboard?” But when you open the folder, you find a series of HTML files, each named with some kind of nonsensical phrases like “cheap-cool-hairstyles-photos.html.” If you open one of these files on the browser, you’ll likely be [...]
---------------------------------------------
https://blog.sucuri.net/2020/06/gibberish-hack.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ D-Link patcht älteren WLAN-Router DIR-865L – aber nur ein bisschen ∗∗∗
---------------------------------------------
Ein wichtiges Sicherheitsupdate für den WLAN-Router DIR865L schließt mehrere Sicherheitslücken. Eine kritische Schwachstelle bleibt aber offen.
---------------------------------------------
https://heise.de/-4783566


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (intel-microcode, libexif, mysql-connector-java, and thunderbird), Fedora (gnutls, grafana, kernel, kernel-headers, mingw-gnutls, mod_auth_openidc, NetworkManager, and pdns-recursor), Gentoo (adobe-flash, ansible, chromium, firefox, glibc, mailutils, nokogiri, readline, ssvnc, and webkit-gtk), Mageia (axel, bind, dbus, flash-player-plugin, libreoffice, networkmanager, and roundcubemail), openSUSE (java-1_8_0-openjdk, kernel, nodejs8, rubygem-bundler, [...]
---------------------------------------------
https://lwn.net/Articles/823107/


∗∗∗ Security Bulletin: Vulnerability in Apache Tomcat affects IBM Spectrum Protect Plus (CVE-2020-1938) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-tomcat-affects-ibm-spectrum-protect-plus-cve-2020-1938/


∗∗∗ Security Bulletin: IBM Spectrum Protect Plus vulnerable to Logjam (CVE-2015-4000) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-plus-vulnerable-to-logjam-cve-2015-4000/


∗∗∗ Security Bulletin: Multiple Java vulnerabilities affect IBM Spectrum Protect Plus ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-java-vulnerabilities-affect-ibm-spectrum-protect-plus/


∗∗∗ Security Bulletin: Vulnerability in MongoDB affects IBM Spectrum Protect Plus (CVE-2019-2389) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-mongodb-affects-ibm-spectrum-protect-plus-cve-2019-2389/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4469, CVE-2020-4471, CVE-2020-4470) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-spectrum-protect-plus-cve-2020-4469-cve-2020-4471-cve-2020-4470/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-infosphere-information-server/


∗∗∗ Security Bulletin: Vulnerability in Go programming language affects IBM Spectrum Protect Server (CVE-2019-16276) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-go-programming-language-affects-ibm-spectrum-protect-server-cve-2019-16276/


∗∗∗ Security Bulletin: Db2 vulnerabilities affect IBM Spectrum Protect Server (CVE-2020-4230, CVE-2020-4135, CVE-2020-4204, CVE-2020-4200) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-db2-vulnerabilities-affect-ibm-spectrum-protect-server-cve-2020-4230-cve-2020-4135-cve-2020-4204-cve-2020-4200/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects the IBM Spectrum Protect Server (CVE-2019-2989) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-the-ibm-spectrum-protect-server-cve-2019-2989/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2019-4732, CVE-2019-2989, CVE-2019-2964) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-operations-center-and-client-management-service-cve-2019-4732-cve-2019-2989-cve-2019-2964/


∗∗∗ Security Bulletin: Denial of Service vulnerability in Linux Kernel affects IBM Spectrum Protect Plus (CVE-2020-12114) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnerability-in-linux-kernel-affects-ibm-spectrum-protect-plus-cve-2020-12114/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily