[CERT-daily] Tageszusammenfassung - 05.03.2020
Daily end-of-shift report
team at cert.at
Thu Mar 5 19:12:54 CET 2020
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 04-03-2020 18:00 − Donnerstag 05-03-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ In eigener Sache: CERT.at sucht Verstärkung (Software Entwickler für Open-Source Projekt, Teil-/Vollzeit) ∗∗∗
---------------------------------------------
Für unser international renommiertes Open-Source Projekt IntelMQ suchen wir eine/n Software Entwickler/in (Teil- oder Vollzeit 25-38,5 Stunden) zum ehestmöglichen Einstieg. Dienstort ist Wien. Details finden sich wie immer auf unserer Jobs-Seite.
---------------------------------------------
https://cert.at/de/blog/2020/3/in-eigener-sache-certat-sucht-verstarkung-software-entwickler-fur-open-source-projekt-teil-vollzeit
∗∗∗ Jackpotting malware ∗∗∗
---------------------------------------------
Introduction Jackpotting malware is not well known because it exclusively targets automated teller machines (ATMs). ... In this article, we will examine two of the most widely known types of jackpotting malware, Ploutus and Cutlet Maker. We will also look at the operation of jackpotting malware and provide recommendations on how banks can protect against it.
---------------------------------------------
https://resources.infosecinstitute.com/jackpotting-malware/
∗∗∗ Mokes and Buerak distributed under the guise of security certificates ∗∗∗
---------------------------------------------
We recently discovered a new approach to the well-known distributing malware technique: visitors to infected sites were informed that some kind of security certificate had expired.
---------------------------------------------
https://securelist.com/mokes-and-buerak-distributed-under-the-guise-of-security-certificates/96324/
∗∗∗ Guildma – innovativer Bankentrojaner aus Lateinamerika ∗∗∗
---------------------------------------------
Ein in Brasilien weitverbreiteter Bankentrojaner treibt sein Unwesen. Wir haben die Guildma-Malware analysiert und sind dabei auf einige interessante Fakten gestoßen.
---------------------------------------------
https://www.welivesecurity.com/deutsch/2020/03/05/guildma-bankentrojaner-lateinamerika/
∗∗∗ Malicious Chrome extension caught stealing Ledger wallet recovery seeds ∗∗∗
---------------------------------------------
A Chrome extension named Ledger Live was exposed today as malicious. It is currently heavily promoted via Google search ads.
---------------------------------------------
https://www.zdnet.com/article/malicious-chrome-extension-caught-stealing-ledger-wallet-recovery-seeds/
=====================
= Vulnerabilities =
=====================
∗∗∗ VU#782301: pppd vulnerable to buffer overflow due to a flaw in EAP packet processing ∗∗∗
---------------------------------------------
Due to a flaw in the Extensible Authentication Protocol (EAP) packet processing in the Point-to-Point Protocol Daemon (pppd), an unauthenticated remote attacker may be able to cause a stack buffer overflow, which may allow arbitrary code execution on the target system.
---------------------------------------------
https://kb.cert.org/vuls/id/782301
∗∗∗ SVG Formatter - Critical - Cross site scripting - SA-CONTRIB-2020-005 ∗∗∗
---------------------------------------------
Project: SVG Formatter
Security risk: Critical
This security release fixes third-party dependencies included in or required by SVG Formatter. XSS bypass using entities and tab.This vulnerability is mitigated by the fact that an attacker must be able to upload SVG files.
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-005
∗∗∗ Cisco Email Security Appliance Uncontrolled Resource Exhaustion Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated remote attacker to exhaust resources on an affected device. The vulnerability is due to insufficient control over system memory allocation. An attacker could exploit this vulnerability by sending a crafted email through the targeted device.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-resource-exhaust-D7RQAhnD
∗∗∗ Sicherheitslücken: Angreifer könnten WLAN-Router von Netgear übernehmen ∗∗∗
---------------------------------------------
Wer einen WLAN-Router von Netgear besitzt, sollte das Gerät zügig aktualisieren. Eine Sicherheitslücke gilt als kritisch.
---------------------------------------------
https://heise.de/-4676824
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (http-parser and xerces-c), Debian (tomcat7), Fedora (opensmtpd), openSUSE (openfortivpn and permissions), Red Hat (http-parser, openstack-octavia, python-waitress, and sudo), Slackware (ppp), and SUSE (kernel).
---------------------------------------------
https://lwn.net/Articles/813888/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator-3/
∗∗∗ Security Bulletin: API Connect is impacted by multiple vulnerabilities in Oracle MySQL. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-api-connect-is-impacted-by-multiple-vulnerabilities-in-oracle-mysql/
∗∗∗ Security Bulletin: Information disclosure vulnerability in WebSphere Application Server affects IBM Watson Text to Speech and Speech to Text (IBM Watson™ Speech Services 1.1) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-affects-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-1-1/
∗∗∗ Security Bulletin: WAS Liberty vunerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson™ Speech Services 1.1) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-was-liberty-vunerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-1-1-2/
∗∗∗ Security Bulletin: API Connect's Developer Portal is impacted by vulnerabilities in PHP ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-api-connects-developer-portal-is-impacted-by-vulnerabilities-in-php/
∗∗∗ Security Bulletin: WAS Liberty vunerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson™ Speech Services 1.1) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-was-liberty-vunerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-1-1/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list