[CERT-daily] Tageszusammenfassung - 25.03.2020

Wed Mar 25 18:13:13 CET 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 24-03-2020 18:00 − Mittwoch 25-03-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Ginp Mobile Banker Targets Spain with "Coronavirus Finder" Lure ∗∗∗
---------------------------------------------
In todays deluge of malicious campaigns exploiting the COVID-19 topic, handlers of the Android banking trojan Ginp stand out with operation Coronavirus Finder.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ginp-mobile-banker-targets-spain-with-coronavirus-finder-lure/


∗∗∗ Three More Ransomware Families Create Sites to Leak Stolen Data ∗∗∗
---------------------------------------------
Three more ransomware families have created sites that are being used to leak the stolen data of non-paying victims and further illustrates why all ransomware attacks must be considered data breaches.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/


∗∗∗ Firmware-Bug zerstört SSDs nach genau 40.000 Stunden ∗∗∗
---------------------------------------------
Hewlett Packard warnt davor, dass alle Daten nach Ablauf der Zeit unwiederbringlich gelöscht werden.
---------------------------------------------
https://futurezone.at/produkte/firmware-bug-zerstoert-ssds-nach-genau-40000-stunden/400792907


∗∗∗ Traffic to Malicious Websites Spiking as more Employees Take Up Work from Home ∗∗∗
---------------------------------------------
Heimdal™ Security’s Incident Response and Research team has recently uncovered evidence of what a potentially dangerous campaign directed at employees working from home. With many cities under lockdown due to the COVID-19 pandemic, companies were mandated to allow the employees to work from home, in a bid to stop the spread of the virus. Since [...]
---------------------------------------------
https://heimdalsecurity.com/blog/malicious-websites-work-from-home/


∗∗∗ TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services ∗∗∗
---------------------------------------------
The malware authors behind TrickBot banking Trojan have developed a new Android app that can intercept one-time authorization codes sent to Internet banking customers via SMS or relatively more secure push notifications, and complete fraudulent transactions. The Android app, called "TrickMo" by IBM X-Force researchers, is under active development and has exclusively targeted German users [...]
---------------------------------------------
https://thehackernews.com/2020/03/trickbot-two-factor-mobile-malware.html


∗∗∗ Microsoft Defender: "Scan-Skip-Bug" mit Update KB4052623 anscheinend beseitigt ∗∗∗
---------------------------------------------
Das von Microsoft für den Windows Defender veröffentlichte Update KB4052623 scheint die Meldung, dass Elemente beim Scan übersprungen wurden, zu eliminieren.
---------------------------------------------
https://heise.de/-4690575


∗∗∗ VMware Again Fails to Patch Privilege Escalation Vulnerability in Fusion ∗∗∗
---------------------------------------------
VMware has released an update for the macOS version of Fusion to fix a privilege escalation vulnerability for which it initially released an incomplete patch. However, one of the researchers who found it says the patch is "still bad".
---------------------------------------------
https://www.securityweek.com/vmware-again-fails-patch-privilege-escalation-vulnerability-fusion


∗∗∗ Videolabs Patches Code Execution, DoS Vulnerabilities in libmicrodns Library ∗∗∗
---------------------------------------------
Vulnerabilities that Videolabs recently addressed in its libmicrodns library could lead to denial of service (DoS) and arbitrary code execution, Cisco Talos’ security researchers warn.
---------------------------------------------
https://www.securityweek.com/videolabs-patches-code-execution-dos-vulnerabilities-libmicrodns-library


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Critical RCE Bug Affects Millions of OpenWrt-based Network Devices ∗∗∗
---------------------------------------------
A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as CVE-2020-7982, the vulnerability resides in the OPKG package manager of OpenWrt that exists in the [...]
---------------------------------------------
https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html


∗∗∗ Apple Releases Security Updates ∗∗∗
---------------------------------------------
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: iTunes 12.10.5 for Windows iOS 13.4 and iPadOS 13.4 Safari 13.1 watchOS 6.2 tvOS 13.4 macOS [...]
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2020/03/25/apple-releases-security-updates


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (e2fsprogs, ruby2.1, and weechat), Fedora (java-1.8.0-openjdk and webkit2gtk3), openSUSE (apache2-mod_auth_openidc, glibc, mcpp, nghttp2, and skopeo), Oracle (libvncserver and thunderbird), and SUSE (keepalived).
---------------------------------------------
https://lwn.net/Articles/815937/


∗∗∗ BlackBerry Powered by Android Security Bulletin – March 2019 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000055800


∗∗∗ Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0262


∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200325-01-phone-en


∗∗∗ Security Advisory - Improper Access Control Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200325-02-smartphone-en


∗∗∗ Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-01-vrp-en


∗∗∗ Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Log4j vulnerability (CVE-2019-17571) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-apache-log4j-vulnerability-cve-2019-17571/


∗∗∗ Security Bulletin: Security vulnerability is identified in Apache POI server where Rational Asset Manager is deployed (CVE-2019-12415) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-is-identified-in-apache-poi-server-where-rational-asset-manager-is-deployed-cve-2019-12415/


∗∗∗ Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact (CVE-2019-4441) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-websphere-application-server-shipped-with-ibm-tivoli-netcool-impact-cve-2019-4441/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling External Authentication Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-external-authentication-server-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime 1.8 affect IBM Sterling Secure Proxy ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-1-8-affect-ibm-sterling-secure-proxy-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-doors-web-access-2/


∗∗∗ Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2019-4305) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-websphere-application-server-liberty-shipped-with-ibm-tivoli-netcool-impact-cve-2019-4305/


∗∗∗ Security Bulletin: CVE-2019-4732 vulnerabilitiy in IBM Java Runtime affects IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4732-vulnerabilitiy-in-ibm-java-runtime-affects-ibm-process-designer-used-in-ibm-business-automation-workflow-and-ibm-business-process-manager/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling External Authentication Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-external-authentication-server/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime 1.8 affect IBM Sterling Secure Proxy ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-1-8-affect-ibm-sterling-secure-proxy/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily