[CERT-daily] Tageszusammenfassung - 09.03.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 06-03-2020 18:00 − Montag 09-03-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Data-Stealing FormBook Malware Preys on Coronavirus Fears ∗∗∗
---------------------------------------------
Another email campaign pretending to be Coronavirus (COVID-19) information from the World Health Organization (WHO) is distributing a malware downloader that installs the FormBook information-stealing Trojan.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/data-stealing-formbook-malware-preys-on-coronavirus-fears/


∗∗∗ Neue CPU-Sicherheitslücke in AMD-Prozessoren laut AMD gar nicht neu ∗∗∗
---------------------------------------------
Sicherheitsforscher haben laut eigenen Angaben neue Sicherheitslücken in AMDs Prozessoren gefunden – unter anderem Ryzen und Epyc sollen betroffen sein.
---------------------------------------------
https://heise.de/-4678823


∗∗∗ Inkassoschreiben über 516,24 Euro müssen nicht bezahlt werden ∗∗∗
---------------------------------------------
Aktuell werden vermehrt Mahnungen und Zahlungsaufforderungen von angeblichen Inkassobüros für Abos bei Streamingdiensten ausgesendet. Die gute Nachricht: Zahlen Sie nicht! Die schlechte Nachricht: Es wird nicht die letzte Zahlungsaufforderung gewesen sein.
---------------------------------------------
https://www.watchlist-internet.at/news/inkassoschreiben-ueber-51624-euro-muessen-nicht-bezahlt-werden/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Google Authenticator: 2FA-Codes lassen sich einfach abgreifen ∗∗∗
---------------------------------------------
Google Authenticator, Microsoft Authenticator und etliche andere Apps zur Zwei-Faktor-Authentifizierung haben keinen Schutz vor Screenshots eingerichtet. Eine Schadsoftware soll dies bereits ausnutzen.
---------------------------------------------
https://www.golem.de/news/google-authenticator-2fa-codes-lassen-sich-einfach-abgreifen-2003-147119-rss.html


∗∗∗ Talos Vulnerability Spotlight: WAGO products contain remote code execution, other vulnerabilities ∗∗∗
---------------------------------------------
Cisco Talos recently discovered several vulnerabilities in multiple products from the company WAGO. WAGO produces a line of automation software called “e!COCKPIT,” an integrated development environment that aims to speed up automation tasks and machine and system startup.
---------------------------------------------
https://blog.talosintelligence.com/2020/03/wago-vulnerability-spotlight-march-2020.html


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (seamonkey), Mageia (apache-mod_auth_openidc, binutils, chromium-browser-stable, dojo, firejail, gcc, glib2.0, glibc, http-parser, ilmbase, libarchive, libgd, libsolv, mbedtls, pcre, pdfresurrect, php, proftpd, pure-ftpd, python-bleach, ruby-rake, transfig, weechat, and xen), openSUSE (chromium, ovmf, python-bleach, and yast2-rmt), Oracle (curl, http-parser, kernel, sudo, and xerces-c), Red Hat (chromium-browser and kernel-alt) [...]
---------------------------------------------
https://lwn.net/Articles/814371/


∗∗∗ Security Bulletin: Stack is displayed in WebSphere Application Server (CVE-2019-4441) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-stack-is-displayed-in-websphere-application-server-cve-2019-4441/


∗∗∗ Security Bulletin: Vulnerability in Node.js affects IBM App Connect Enterprise V11 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-node-js-affects-ibm-app-connect-enterprise-v11/


∗∗∗ Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable to Apache Commons Beanutils in WebSphere Application Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-atlas-ediscovery-process-management-is-affected-by-a-vulnerable-to-apache-commons-beanutils-in-websphere-application-server/


∗∗∗ Security Bulletin: Cookie created without secure flag WAS Liberty (CVE-2019-4305) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cookie-created-without-secure-flag-was-liberty-cve-2019-4305/


∗∗∗ Security Bulletin: 3RD PARTY Stored Cross-Site Scripting in Tivoli Application Dependency Discovery Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-3rd-party-stored-cross-site-scripting-in-tivoli-application-dependency-discovery-manager/


∗∗∗ Security Bulletin: Bypass security restrictions in WAS Liberty ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-bypass-security-restrictions-in-was-liberty-2/


∗∗∗ Security Bulletin: [All] Python (Publicly disclosed vulnerability) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-all-python-publicly-disclosed-vulnerability/


∗∗∗ Security Bulletin: Apache CXF (Publicly disclosed vulnerability) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-publicly-disclosed-vulnerability/


∗∗∗ Security Bulletin: Python vulnerability in IBM Tivoli Application Dependency Discovery Manager (CVE-2019-16935) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-python-vulnerability-in-ibm-tivoli-application-dependency-discovery-manager-cve-2019-16935/


∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozzila Firefox (less than Firefox 68.4 ESR) have affected Synthetic Playback Agent 8.1.4.0 – 8.1.4 IF10 + ICAM 3.0 – 4.0 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozzila-firefox-less-than-firefox-68-4-esr-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if10-icam-3-0-4-0/


∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an attacker can cause a denial of service (CVE-2020-4217) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-where-an-attacker-can-cause-a-denial-of-service-cve-2020-4217/


∗∗∗ Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method ( CVE-2019-14907) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-samba-affects-ibm-spectrum-scale-smb-protocol-access-method-cve-2019-14907/


∗∗∗ Apache Tomcat vulnerability CVE-2020-1935 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K43709560

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily