[CERT-daily] Tageszusammenfassung - 04.05.2020
Daily end-of-shift report
team at cert.at
Mon May 4 18:31:09 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 30-04-2020 18:00 − Montag 04-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ New phishing campaign packs an info-stealer, ransomware punch ∗∗∗
---------------------------------------------
A new phishing campaign is distributing a double-punch of a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-phishing-campaign-packs-an-info-stealer-ransomware-punch/
∗∗∗ Jetzt patchen! Angreifer attackieren Oracle WebLogic Server ∗∗∗
---------------------------------------------
Derzeit haben es Angreifer unter anderem auf eine kritische Sicherheitslücke in Oracle WebLogic Server abgesehen.
---------------------------------------------
https://heise.de/-4713619
∗∗∗ Power Supply Can Turn Into Speaker for Data Exfiltration Over Air Gap ∗∗∗
---------------------------------------------
A researcher has demonstrated that threat actors could exfiltrate data from an air-gapped device over an acoustic channel even if the targeted machine does not have any speakers, by abusing the power supply.
---------------------------------------------
https://www.securityweek.com/power-supply-can-turn-speaker-data-exfiltration-over-air-gap
∗∗∗ Vorsicht vor gefährlichen VPN-Diensten ∗∗∗
---------------------------------------------
VPN-Dienste sind momentan gefragt wie nie zuvor. „Virtuelle private Netzwerke“ erhalten besonders durch verstärktes Home-Office Zulauf. Sie ermöglichen beispielsweise sicheren Zugriff auf Firmennetzwerke von zu Hause aus. Doch Vorsicht: Die hohe Nachfrage wird von Kriminellen ausgenützt. Sie kopieren Websites echter VPN-Dienste und laden gefährliche Schadsoftware auf die Systeme ihrer Opfer!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-gefaehrlichen-vpn-diensten/
∗∗∗ CursedChrome turns your browser into a hackers proxy ∗∗∗
---------------------------------------------
CursedChrome shows how hackers can take full control over your Chrome browser using just one extension.
---------------------------------------------
https://www.zdnet.com/article/cursedchrome-turns-your-browser-into-a-hackers-proxy/
∗∗∗ Angriffe auf Salt, LineageOS, Ghost und Digicert ∗∗∗
---------------------------------------------
Hacker nutzen Schwachstellen aus, um Systeme zu attackieren. Im Blickpunkt stehen aktuell der SaltStack, das Handy-Betriebssystem LineageOS, die Bloggerplattform Ghost und der Zertifizierungsanbieter Digicert.
---------------------------------------------
https://www.zdnet.de/88379335/angriffe-auf-salt-lineageos-ghost-und-digicert/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (git, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, python-twisted-web, and thunderbird), Debian (dom4j, miniupnpc, otrs2, pound, ruby2.1, vlc, w3m, and yodl), Fedora (git, java-latest-openjdk, mingw-libxml2, php-horde-horde, pxz, sqliteodbc, and xen), Gentoo (cacti, django, fontforge, and libu2f-host), openSUSE (cacti, cacti-spine, chromium, python-typed-ast, and salt), Red Hat (gnutls and kernel), SUSE (kernel), and Ubuntu (edk2).
---------------------------------------------
https://lwn.net/Articles/819200/
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (mailman, openldap, pound, tomcat8, and trafficserver), Fedora (chromium, java-11-openjdk, kernel, openvpn, pxz, and rubygem-json), openSUSE (apache2, bouncycastle, chromium, git, python-typed-ast, resource-agents, ruby2.5, samba, squid, webkit2gtk3, and xen), Slackware (seamonkey), SUSE (LibVNCServer and permissions), and Ubuntu (mysql-5.7, mysql-8.0).
---------------------------------------------
https://lwn.net/Articles/819394/
∗∗∗ TP-Link Patches Multiple Vulnerabilities in NC Cloud Cameras ∗∗∗
---------------------------------------------
TP-Link has released firmware updates to address several vulnerabilities in its NC series cloud cameras, including bugs that could lead to the remote execution of arbitrary commands.
---------------------------------------------
https://www.securityweek.com/tp-link-patches-multiple-vulnerabilities-nc-cloud-cameras
∗∗∗ Synology-SA-20:11 SRM ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to conduct denial-of-service attacks via a susceptible version of SRM.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_11
∗∗∗ Synology-SA-20:10 WordPress ∗∗∗
---------------------------------------------
Multiple vulnerabilities allow remote attackers to inject arbitrary web script or HTML via a susceptible version of WordPress.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_10
∗∗∗ Security Bulletin: Vulnerability in Xerces-C (CVE-2018-1311) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-xerces-c-cve-2018-1311/
∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-host-on-demand/
∗∗∗ Security Bulletin: OpenSSL disclosed vulnerability affects MessageGatweay (CVE-2020-1967) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-disclosed-vulnerability-affects-messagegatweay-cve-2020-1967/
∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect for Enterprise Resource Planning on Windows (CVE-2019-4732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-ibm-spectrum-protect-for-enterprise-resource-planning-on-windows-cve-2019-4732-3/
∗∗∗ Security Bulletin: Windows DLL injection vulnerability in IBM Java Runtime affects Collaboration and Deployment Services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-windows-dll-injection-vulnerability-in-ibm-java-runtime-affects-collaboration-and-deployment-services-2/
∗∗∗ Security Bulletin: IBM MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2019-1551 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-server-is-affected-by-openssl-vulnerability-cve-2019-1551/
∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-server-affects-ibm-spectrum-scale/
∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-spectrum-scale-cve-2020-2654/
∗∗∗ Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0409
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list