[CERT-daily] Tageszusammenfassung - 25.06.2020
Daily end-of-shift report
team at cert.at
Thu Jun 25 18:15:52 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 24-06-2020 18:00 − Donnerstag 25-06-2020 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ European bank suffers biggest PPS DDoS attack, new botnet suspected ∗∗∗
---------------------------------------------
A bank in Europe was the target of a huge distributed denial-of-service (DDoS) attack that sent to its networking gear a flood of 809 million packets per second (PPS).
---------------------------------------------
https://www.bleepingcomputer.com/news/security/european-bank-suffers-biggest-pps-ddos-attack-new-botnet-suspected/
∗∗∗ Defending Exchange servers under attack ∗∗∗
---------------------------------------------
Exchange servers are high-value targets. If compromised, Exchange servers provide a unique environment that could allow attackers to perform various tasks using the same built-in tools or scripts that admins use. Keeping these servers safe from these advanced attacks is of utmost importance.
---------------------------------------------
https://www.microsoft.com/security/blog/2020/06/24/defending-exchange-servers-under-attack/
∗∗∗ The Golden Tax Department and the Emergence of GoldenSpy Malware ∗∗∗
---------------------------------------------
Trustwave SpiderLabs has discovered a new malware family, dubbed GoldenSpy, embedded in tax payment software that a Chinese bank requires corporations to install to conduct business operations in China.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-golden-tax-department-and-the-emergence-of-goldenspy-malware/
∗∗∗ Maersk, me & notPetya ∗∗∗
---------------------------------------------
[...] Establishing the exact content and format of this post has been difficult. It hasn’t been clear where to start. [...] I’ve tried to focus on the main timeline and the lessons. So this isn’t everything. But the experience we had at Maersk, or at least significant elements of it, could happen to any organisation. In fact, it does happen, to all kinds of organisations, all of the time, [...]
---------------------------------------------
https://gvnshtn.com/maersk-me-notpetya/
∗∗∗ Extending Drupal 7s End-of-Life - PSA-2020-06-24 ∗∗∗
---------------------------------------------
Previously, Drupal 7s end-of-life was scheduled for November 2021. Given the impact of COVID-19 on budgets and businesses, we will be extending the end of life until November 28, 2022. The Drupal Security Team will continue to follow the Security Team processes for Drupal 7 core and contributed projects.
---------------------------------------------
https://www.drupal.org/psa-2020-06-24
∗∗∗ Attackers Cryptojacking Docker Images to Mine for Monero ∗∗∗
---------------------------------------------
We identified a malicious Docker Hub account named "azurenql" that contained 8 repositories, hosting 6 malicious Monero mining images.
---------------------------------------------
https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/
=====================
= Vulnerabilities =
=====================
∗∗∗ Telnet Vulnerability Affecting Cisco Products: June 2020 ∗∗∗
---------------------------------------------
On February 28, 2020, APPGATE published a blog post regarding CVE-ID CVE-2020-10188, which is a vulnerability in Telnet servers (telnetd). For more information about this vulnerability, see the Details section. Cisco will release software updates that address this vulnerability. There are workarounds that address this vulnerability.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telnetd-EFJrEzPx
∗∗∗ Multiple vulnerabilities in Danish company Mobile Industrial Robot s products ∗∗∗
---------------------------------------------
More than 10 different robot types are affected and operate from industrial spaces to public environments, such as airports and hospitals.
---------------------------------------------
https://news.aliasrobotics.com/the-week-of-mobile-industrial-robots-bugs/
∗∗∗ Mehrere Sicherheitslücken in Grafikkarten-Treiber von Nvidia gestopft ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für Software und Treiber von Nvidia. Neben Windows ist auch Linux bedroht.
---------------------------------------------
https://heise.de/-4794975
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (libexif, php-horde-horde, and tcpreplay), openSUSE (rubygem-bundler), Oracle (docker-cli docker-engine, kernel, and ntp), Slackware (curl and libjpeg), and Ubuntu (mutt).
---------------------------------------------
https://lwn.net/Articles/824474/
∗∗∗ Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-speech-to-text-text-to-speech-icp-websphere-application-server-liberty-fix-4/
∗∗∗ Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-speech-to-text-text-to-speech-icp-websphere-application-server-liberty-fix-3/
∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to SQL injection (CVE-2019-4650) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-sql-injection-cve-2019-4650/
∗∗∗ Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-speech-to-text-text-to-speech-icp-websphere-application-server-liberty-fix-2/
∗∗∗ Security Bulletin: ICP Speech to Text, Text to Speech Oracle Java Vulnerability Fix ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-icp-speech-to-text-text-to-speech-oracle-java-vulnerability-fix/
∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2020-4223) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-cross-site-scripting-cve-2020-4223/
∗∗∗ Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by a vulnerability in cURL (CVE-2019-5482) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bootable-media-creator-bomc-is-affected-by-a-vulnerability-in-curl-cve-2019-5482/
∗∗∗ Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-vulnerabilities/
∗∗∗ Security Bulletin: ICP Speech to Text, Text to Speech – OpenSSL vulnerability fix. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-icp-speech-to-text-text-to-speech-openssl-vulnerability-fix/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list