[CERT-daily] Tageszusammenfassung - 11.05.2020

Daily end-of-shift report team at cert.at
Mon May 11 18:23:05 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 08-05-2020 18:00 − Montag 11-05-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Sodinokibi ransomware can now encrypt open and locked files ∗∗∗
---------------------------------------------
The Sodinokibi (REvil) ransomware has added a new feature that makes it easier to encrypt all files, even those that are opened and locked by another process.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-can-now-encrypt-open-and-locked-files/


∗∗∗ Thunderspy: Nicht patchbare Sicherheitslücken in Thunderbolt ∗∗∗
---------------------------------------------
Mit einem Schraubendreher und einem SPI-Programmer lassen sich zentrale Sicherheitsfunktionen von Thunderbolt deaktivieren.
---------------------------------------------
https://www.golem.de/news/thunderspy-nicht-patchbare-sicherheitsluecken-in-thunderbolt-2005-148387-rss.html


∗∗∗ Sphinx Malware Returns to Riddle U.S. Targets ∗∗∗
---------------------------------------------
The banking trojan has upgraded and is seeing a resurgence on the back of coronavirus stimulus payment themes.
---------------------------------------------
https://threatpost.com/sphinx-riddle-us-targets-modifications/155621/


∗∗∗ Lieferzeiten & Zahlung beim Online-Shopping: Das sind Ihre Rechte ∗∗∗
---------------------------------------------
Der Watchlist Internet werden in letzter Zeit vermehrt Online-Shops gemeldet, die zwar nicht unbedingt Fake-Shops sind, sich jedoch durch verzögerte Lieferzeiten nicht an geltende Gesetze halten. Aber welche Rechte haben Sie als Konsumentin oder Konsument eigentlich? Was können Sie machen, wenn sich ein Online-Shop nicht an die vereinbarte Lieferzeit hält? Wann müssen Sie Bestellungen bezahlen? Wie können Sie Ihre Rechte geltend machen?
---------------------------------------------
https://www.watchlist-internet.at/news/lieferzeiten-zahlung-beim-online-shopping-das-sind-ihre-rechte/


∗∗∗ Intel und Microsoft entwickeln Deep-Learning-Technik zur Malware-Analyse ∗∗∗
---------------------------------------------
Das Stamina genannte Projekt wandelt Dateien in Graustufen-Bilder um. Microsoft analysiert die Bilder auf Textur- und Struktur-Muster. Bei Tests erreicht das System eine Genauigkeit von mehr als 99 Prozent.
---------------------------------------------
https://www.zdnet.de/88379578/intel-und-microsoft-entwickeln-deep-learning-technik-zur-malware-analyse/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Vulnerabilities Patched in Page Builder by SiteOrigin Affects Over 1 Million Sites ∗∗∗
---------------------------------------------
On Monday, May 4, 2020, the Wordfence Threat Intelligence team discovered two vulnerabilities present in Page Builder by SiteOrigin, a WordPress plugin actively installed on over 1,000,000 sites. Both of these flaws allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser.
---------------------------------------------
https://www.wordfence.com/blog/2020/05/vulnerabilities-patched-in-page-builder-by-siteorigin-affects-over-1-million-sites/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium and firefox), Debian (libntlm, squid, thunderbird, and wordpress), Fedora (chromium, community-mysql, crawl, roundcubemail, and xen), Mageia (chromium-browser-stable), openSUSE (chromium, firefox, LibVNCServer, openldap2, opera, ovmf, php7, python-PyYAML, rpmlint, rubygem-actionview-5_1, slirp4netns, sqliteodbc, squid, thunderbird, and webkit2gtk3), Oracle (firefox, git, gnutls, kernel, libvirt, squid, and targetcli), Red Hat [...]
---------------------------------------------
https://lwn.net/Articles/820196/


∗∗∗ VMware to Patch Recent Salt Vulnerabilities in vROps ∗∗∗
---------------------------------------------
VMware is working on patches for its vRealize Operations Manager (vROps) product to fix two recently disclosed Salt vulnerabilities that have already been exploited to hack organizations. read more
---------------------------------------------
https://www.securityweek.com/vmware-patch-recent-salt-vulnerabilities-vrops


∗∗∗ Data leak, phishing security flaws disclosed in Oracle iPlanet Web Server ∗∗∗
---------------------------------------------
Security patches will not be issued to fix the problems.
---------------------------------------------
https://www.zdnet.com/article/data-leak-phishing-security-flaws-exposed-in-oracle-iplanet-web-server/


∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200506-02-authentication-en


∗∗∗ Security Bulletin: CVE-2019-4667 Lack of Built in HSTS option ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4667-lack-of-built-in-hsts-option/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-rational-performance-tester/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-rational-service-tester/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-12406) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-ibm-websphere-application-server-liberty-vulnerability-cve-2019-12406/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-4720) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-ibm-websphere-application-server-liberty-vulnerability-cve-2019-4720/


∗∗∗ Security Bulletin: A Security Vulnerability in IBM Java Runtime affects IBM Cloud Private (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-ibm-java-runtime-affects-ibm-cloud-private-cve-2020-2654/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-websphere-cast-iron-solution-app-connect-professional-2/


∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Private – Node.js (CVE-2019-15605, CVE-2019-15606) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-node-js-cve-2019-15605-cve-2019-15606/


∗∗∗ Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-cast-iron-solution-app-connect-professional-is-affected-by-apache-tomcat-vulnerabilities-3/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-17495) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-ibm-websphere-application-server-liberty-vulnerability-cve-2019-17495/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cloud Private ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cloud-private/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list