[CERT-daily] Tageszusammenfassung - 05.05.2020
Daily end-of-shift report
team at cert.at
Tue May 5 18:30:29 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Montag 04-05-2020 18:00 − Dienstag 05-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Weitere Zero-Day-Schwachstelle in iOS: Apps können aus Sandbox ausbrechen ∗∗∗
---------------------------------------------
Mit manipulierten XML-Kommentaren ist es Apps auf iPhone und iPad offenbar möglich, sich ungehindert beliebige Berechtigungen einzuräumen.
---------------------------------------------
https://heise.de/-4714373
∗∗∗ Dell OS Recovery: Lücke in älteren Wiederherstellungs-Images für Windows 10 ∗∗∗
---------------------------------------------
Client-Systeme von Dell, auf denen Windows 10 mit einem älteren Recovery-Image wiederhergestellt wurde, benötigen ein Sicherheitsupdate.
---------------------------------------------
https://heise.de/-4714810
∗∗∗ New VCrypt Ransomware locks files in password-protected 7ZIPs ∗∗∗
---------------------------------------------
A new ransomware called VCrypt is targeting French victims by utilizing the legitimate 7zip command-line program to create password-protected archives of data folders.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-vcrypt-ransomware-locks-files-in-password-protected-7zips/
∗∗∗ LockBit ransomware self-spreads to quickly encrypt 225 systems ∗∗∗
---------------------------------------------
A feature of the LockBit ransomware allows threat actors to breach a corporate network and deploy their ransomware to encrypt hundreds of devices in just a few hours.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-self-spreads-to-quickly-encrypt-225-systems/
∗∗∗ Airplane Hack Exposes Weaknesses of Alert and Avoidance Systems ∗∗∗
---------------------------------------------
Researchers warn commercial airplane systems can be spoofed impacting flight safety of nearby aircraft.
---------------------------------------------
https://threatpost.com/airplane-hack-exposes-weaknesses-of-alert-and-avoidance-systems/155451/
∗∗∗ New Kaiji Botnet Targets IoT, Linux Devices ∗∗∗
---------------------------------------------
The botnet uses SSH brute-force attacks to infect devices and uses a custom implant written in the Go Language.
---------------------------------------------
https://threatpost.com/kaiji-botnet-iot-linux-devices/155463/
∗∗∗ Nearly a Million WP Sites Targeted in Large-Scale Attacks ∗∗∗
---------------------------------------------
Our Threat Intelligence Team has been tracking a sudden uptick in attacks targeting Cross-Site Scripting(XSS) vulnerabilities that began on April 28, 2020 and increased over the next few days to approximately 30 times the normal volume we see in our attack data. The majority of these attacks appear to be caused by a single threat [...]
---------------------------------------------
https://www.wordfence.com/blog/2020/05/nearly-a-million-wp-sites-targeted-in-large-scale-attacks/
=====================
= Vulnerabilities =
=====================
∗∗∗ Patchday: Google macht verschiedene Android-Versionen sicherer ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für Android. Zwei Lücken gelten als kritisch.
---------------------------------------------
https://heise.de/-4714596
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ansible, ntp, and roundcube), Fedora (libldb and samba), Mageia (chromium-browser-stable, crawl, dolphin-emu, exiv2, fortune-mod, gnuchess, kernel, libsndfile, openexr, openldap, openvpn, qtbase5, ruby-json, squid, teeworlds, and webkit2), Red Hat (sqlite), and SUSE (icu, mailman, nginx, rmt-server, rpmlint, and rubygem-actionview-5_1).
---------------------------------------------
https://lwn.net/Articles/819517/
∗∗∗ Citrix ShareFile storage zones Controller multiple security updates ∗∗∗
---------------------------------------------
Security issues have been identified in customer-managed Citrix ShareFile storage zone controllers. These vulnerabilities, if exploited, would allow an unauthenticated attacker to compromise the storage zones controller potentially giving an attacker the ability to access ShareFile users’ documents and folders.
---------------------------------------------
https://support.citrix.com/article/CTX269106
∗∗∗ Security Bulletin: Java Vulnerability Impacts IBM Control Center (CVE-2019-4723) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerability-impacts-ibm-control-center-cve-2019-4723/
∗∗∗ Security Bulletin: Vulnerability in Ubuntu affects IBM Workload Scheduler 9.5 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ubuntu-affects-ibm-workload-scheduler-9-5-2/
∗∗∗ Security Bulletin: Muluple vulnerabilities in Ubuntu affect IBM Workload Scheduler 9.5 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-muluple-vulnerabilities-in-ubuntu-affect-ibm-workload-scheduler-9-5/
∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Automation Manager – Go (CVE-2019-17596) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-affects-ibm-cloud-automation-manager-go-cve-2019-17596/
∗∗∗ Security Bulletin: Vulnerability in Ubuntu affects IBM Workload Scheduler 9.5 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ubuntu-affects-ibm-workload-scheduler-9-5/
∗∗∗ Security Bulletin: Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-12406) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-denial-of-service-vulnerability-affects-ibm-control-center-cve-2019-12406/
∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Automation Manager – Node.js (CVE-2019-10747) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-affects-ibm-cloud-automation-manager-node-js-cve-2019-10747/
∗∗∗ Security Bulletin: Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-4720) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-denial-of-service-vulnerability-affects-ibm-control-center-cve-2019-4720/
∗∗∗ Security Bulletin: Multiple Vulnerabilities in Ubuntu affect IBM Workload Scheduler 9.5 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ubuntu-affect-ibm-workload-scheduler-9-5/
∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Digital Payments (CVE-2019-4732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-digital-payments-cve-2019-4732/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list