[CERT-daily] Tageszusammenfassung - 18.05.2020

Mon May 18 18:15:54 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 15-05-2020 18:00 − Montag 18-05-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Disruption on the horizon ∗∗∗
---------------------------------------------
[...] As cyber security professionals we are often caught in the wake of disruptive changes as a result of technology adoption (i.e. Cloud), changes in operational paradigms (i.e. DevOps), or regulatory/compliance developments (i.e. GDPR, CCPA, etc.).  Recognizing this, how can we proactively identify such changes before they start to impact our operations?
---------------------------------------------
https://cybersecurity.att.com/blogs/security-essentials/disruption-on-the-horizon


∗∗∗ Antivirus & Multiple Detections, (Sun, May 17th) ∗∗∗
---------------------------------------------
"When a file contains more than one signature, for example EICAR and a real virus, what will the antivirus report?".
---------------------------------------------
https://isc.sans.edu/diary/rss/26134


∗∗∗ WordPress Malware Collects Sensitive WooCommerce Data ∗∗∗
---------------------------------------------
During a recent investigation, our team found malicious code that reveals how attackers are performing reconnaissance to identify if sites are actively using WooCommerce in a compromised hosting environment. These compromised websites are victims of the ongoing wave of exploits against vulnerable WordPress plugins.
---------------------------------------------
https://blog.sucuri.net/2020/05/wordpress-malware-collects-sensitive-woocommerce-data.html


∗∗∗ Evading Detection with Excel 4.0 Macros and the BIFF8 XLS Format ∗∗∗
---------------------------------------------
Abusing legacy functionality built into the Microsoft Office suite is a tale as old as time. One functionality that is popular with red teamers and maldoc authors is using Excel 4.0 Macros to embed standard malicious behavior in Excel files and then execute phishing campaigns with these documents. These macros, which are fully documented online, can make web requests, execute shell commands, access win32 APIs, and have many other capabilities which are desirable to malware authors.
---------------------------------------------
https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/


∗∗∗ Mandrake Android Spyware Remained Undetected for 4 Years ∗∗∗
---------------------------------------------
Security researchers at Bitdefender have identified a highly sophisticated Android spyware platform that managed to remain undetected for four years.
---------------------------------------------
https://www.securityweek.com/mandrake-android-spyware-remained-undetected-4-years


∗∗∗ Ethical dilemmas with responsible disclosure ∗∗∗
---------------------------------------------
We do a LOT of disclosures, probably starting one a day on average. Between us, we spend a man day or so per week just managing disclosures. It creates pain [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/ethical-dilemmas-with-responsible-disclosure/


∗∗∗ The ProLock ransomware doesn’t tell you one important thing about decrypting your files ∗∗∗
---------------------------------------------
Have your computers been hit by the ProLock ransomware? You might want to read this before you pay any money to the criminals behind the attack.
---------------------------------------------
https://www.grahamcluley.com/prolock-ransomware-decryption/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Critical WordPress plugin bug allows for automated takeovers ∗∗∗
---------------------------------------------
Attackers can exploit a critical vulnerability in the WP Product Review Lite plugin installed on over 40,000 WordPress sites to inject malicious code and potentially take over vulnerable websites.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/critical-wordpress-plugin-bug-allows-for-automated-takeovers/


∗∗∗ PHOENIX CONTACT improper access control exists on FL NAT devices when using MAC-based port security (Update A) ∗∗∗
---------------------------------------------
[...] Update 2020-05-18: Firmware V2.90 is released and available for download.
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2019-020


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (apache-log4j1.2, exim4, libexif, and openconnect), Fedora (chromium, condor, java-1.8.0-openjdk, java-1.8.0-openjdk-aarch32, mingw-ilmbase, mingw-OpenEXR, sleuthkit, and squid), Mageia (jbig2dec, libreswan, netkit-telnet, ntp, and suricata), openSUSE (mailman and nextcloud), SUSE (autoyast2, file, git, gstreamer-plugins-base, libbsd, libvirt, libvpx, libxml2, mailman, and openexr), and Ubuntu (dovecot and json-c).
---------------------------------------------
https://lwn.net/Articles/820814/


∗∗∗ WebKitGTK 2.29.1 released! ∗∗∗
---------------------------------------------
This is the first development release leading toward 2.30 series.What’s new in the WebKitGTK 2.29.1 release? Stop using GTK theming to render form controls. Add API to disable GTK theming for scrollbars too. Fix several race conditions and threading issues in the media player. Add USER_AGENT_BRANDING build option. Add paste as plain text option to the context menu for rich editable content. Fix several crashes and rendering issues.
---------------------------------------------
https://webkitgtk.org/2020/05/18/webkitgtk2.29.1-released.html


∗∗∗ Cisco Firepower Detection Engine Secure Sockets Layer Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fpsnort


∗∗∗ Security Bulletin: Vulnerabiliity in IBM Java shipped with IBM Transformation Extender Advanced (CVE-2018-12547) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabiliity-in-ibm-java-shipped-with-ibm-transformation-extender-advanced-cve-2018-12547/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java shipped with IBM Transformation Extender Advanced (CVE-2018-1656, CVE-2018-12539) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-shipped-with-ibm-transformation-extender-advanced-cve-2018-1656-cve-2018-12539/


∗∗∗ Security Bulletin: Multiple IBM Runtime Environments Java Technology Edition vulnerabilities affect IBM Transformation Extender ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-runtime-environments-java-technology-edition-vulnerabilities-affect-ibm-transformation-extender/


∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect IBM Sterling B2B Integrator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-2/


∗∗∗ Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-1938) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-open-source-apache-tomcat-vulnerabilities-affect-ibm-tivoli-application-dependency-discovery-manager-cve-2020-1938-2/


∗∗∗ Security Bulletin: Vulnerability CVE-2020-4345 in SQL affects IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2020-4345-in-sql-affects-ibm-i/


∗∗∗ Security Bulletin: Security vulnerability in WAS Liberty used by IBM Transformation Extender Advanced (CVE-2017-1681) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-was-liberty-used-by-ibm-transformation-extender-advanced-cve-2017-1681/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java shipped with IBM Transformation Extender Advanced ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-shipped-with-ibm-transformation-extender-advanced/


∗∗∗ Security Bulletin: vulnerabilities in in IBM® Runtime Environment Java™ Version 8 affect IBM WIoTP MessageGateway (CVE-2020-2805, CVE-2020-2803, CVE-2020-2781, CVE-2020-2755, CVE-2020-2754) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-in-ibm-runtime-environment-java-version-8-affect-ibm-wiotp-messagegateway-cve-2020-2805-cve-2020-2803-cve-2020-2781-cve-2020-2755-cve-2020-2754/


∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect B2B API of IBM Sterling B2B Integrator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-b2b-api-of-ibm-sterling-b2b-integrator/


∗∗∗ Linux kernel vulnerability CVE-2019-20636 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K45501314


∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0472

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily