[CERT-daily] Tageszusammenfassung - 26.06.2020
Daily end-of-shift report
team at cert.at
Fri Jun 26 18:27:05 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 25-06-2020 18:00 − Freitag 26-06-2020 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Golang Worm Widens Scope to Windows, Adds Payload Capacity ∗∗∗
---------------------------------------------
A first-stage malware loader spotted in active campaigns has added additional exploits and a new backdoor capability.
---------------------------------------------
https://threatpost.com/worm-golang-malware-windows-payloads/156924/
∗∗∗ Browser-Hersteller verkürzen Zertifikats-Lebensdauer auf ein Jahr ∗∗∗
---------------------------------------------
Ab September dürfen HTTPS-Zertifikate nur noch auf maximal ein Jahr ausgestellt werden.
---------------------------------------------
https://heise.de/-4796599
∗∗∗ Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files ∗∗∗
---------------------------------------------
This credit card skimmer hides in plain sight, quite literally, as it resides inside the metadata of image files.
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/
∗∗∗ Achtung: Auf Instagram kursieren betrügerische Nachrichten ∗∗∗
---------------------------------------------
Seit kurzem melden uns Instagram-NutzerInnen, betrügerische Nachrichten, in denen sie aufgefordert werden, einem Link zu folgen. Achtung: Kriminelle, die diese Privatnachrichten zahlreich und willkürlich versenden, wollen nur an Ihre Zugangsdaten kommen!
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-auf-instagram-kursieren-betruegerische-nachrichten/
∗∗∗ Angebliche E-Mail der Bundesregierung enthält Ransomware ∗∗∗
---------------------------------------------
Die Serie von Ransomware-Angriffen auf deutsche Unternehmen setzt sich fort. Eine neue Ransomware-Kampagne in Deutschland nutzt als Köder eine gefälschte E-Mail im Namen der Bundesregierung.
---------------------------------------------
https://www.zdnet.de/88381006/angebliche-e-mail-der-bundesregierung-enthaelt-ransomware/
=====================
= Vulnerabilities =
=====================
∗∗∗ Micropatch is Available for Windows LNK Remote Code Execution Vulnerability (CVE-2020-1299) ∗∗∗
---------------------------------------------
Windows 7 and Server 2008 R2 users without Extended Security Updates have just received a micropatch for CVE-2020-1299, another "Stuxnet-like" critical LNK remote code execution issue that can get code executed on users computer just by viewing a folder with Windows Explorer.This vulnerability was patched by Microsoft with June 2020 Updates, but Windows 7 and Server 2008 users without Extended Security Updates remained vulnerable.
---------------------------------------------
https://blog.0patch.com/2020/06/micropatch-is-available-for-windows-lnk.html
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (alpine), Fedora (fwupd, microcode_ctl, mingw-libjpeg-turbo, mingw-sane-backends, suricata, and thunderbird), openSUSE (uftpd), Red Hat (nghttp2), SUSE (ceph, curl, mutt, squid, tigervnc, and unbound), and Ubuntu (linux kernel and nvidia-graphics-drivers-390, nvidia-graphics-drivers-440).
---------------------------------------------
https://lwn.net/Articles/824579/
∗∗∗ Security Bulletin: Multiple vulnurabilities discovered in IBM® SDK, Java™ can affect Rational Software Architect Design Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnurabilities-discovered-in-ibm-sdk-java-can-affect-rational-software-architect-design-manager/
∗∗∗ Security Bulletin: Information Disclosure in IBM Spectrum Protect Plus (CVE-2020-4565) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-ibm-spectrum-protect-plus-cve-2020-4565/
∗∗∗ Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearCase (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-the-ibm-java-runtime-affects-ibm-rational-clearcase-cve-2020-2654/
∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2019-1551) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-rational-clearcase-cve-2019-1551/
∗∗∗ Security Bulletin: NVIDIA Windows GPU Display Driver has resolved several security vulnerabilities as described below. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-nvidia-windows-gpu-display-driver-has-resolved-several-security-vulnerabilities-as-described-below/
∗∗∗ Security Bulletin: NVIDIA Windows GPU Display driver is vulnerable to several security vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-nvidia-windows-gpu-display-driver-is-vulnerable-to-several-security-vulnerabilities/
∗∗∗ Security Bulletin: A security vulnerability in Node.js affects IBM Integration Bus & IBM App Connect Enterprise V11 (CVE-2019-10744) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-affects-ibm-integration-bus-ibm-app-connect-enterprise-v11-cve-2019-10744/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list