[CERT-daily] Tageszusammenfassung - 20.05.2020

Daily end-of-shift report team at cert.at
Wed May 20 18:20:19 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 19-05-2020 18:00 − Mittwoch 20-05-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Netwalker Fileless Ransomware Injected via Reflective Loading ∗∗∗
---------------------------------------------
Ransomware in itself poses a formidable threat for organizations. As a fileless threat, the risk is increased as it can more effectively evade detection. We discuss how Netwalker ransomware is deployed filelessly through reflective DLL injection.
---------------------------------------------
https://blog.trendmicro.com/trendlabs-security-intelligence/netwalker-fileless-ransomware-injected-via-reflective-loading/


∗∗∗ Studie: Kriminelle wollen nur Geld, Unternehmen stellen Daten selbst ins Feuer ∗∗∗
---------------------------------------------
Eine Analyse von knapp 4000 Cyber-Angriffen belegt, dass Passwortdiebstahl nach wie vor hoch im Kurs steht und Admins vor allem Cloud-Dienste nicht beherrschen.
---------------------------------------------
https://heise.de/-4725579


∗∗∗ 10 best practices for MSPs to secure their clients and themselves from ransomware ∗∗∗
---------------------------------------------
For MSPs, securing themselves from ransomware is just as much a practice in securing clients. See how to save data—and money—with these best practices.
---------------------------------------------
https://blog.malwarebytes.com/how-tos-2/2020/05/10-best-practices-for-msps-to-secure-their-clients-and-themselves-from-ransomware/


∗∗∗ The wolf is back... ∗∗∗
---------------------------------------------
Thai Android devices and users are being targeted by a modified version of DenDroid we are calling "WolfRAT," now targeting messaging apps like WhatsApp, Facebook Messenger and Line. We assess with high confidence that this modified version is operated by the infamous Wolf Research.This actor has shown a surprising level of amateur actions, including code overlaps, open-source project copy/paste, classes never being [...]
---------------------------------------------
https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html


∗∗∗ 3 Ways to Reduce Insider Cyberattacks on Industrial Control Systems ∗∗∗
---------------------------------------------
When power grids, water networks and gas utility systems are targeted by cyberattacks, systems that are essential to our everyday lives are affected. While the damage potential due to external [...]
---------------------------------------------
https://blog.se.com/cyber-security/2020/05/06/three-ways-to-reduce-insider-cyberattacks-on-industrial-control-systems/


∗∗∗ The Elementor Attacks: How Creative Hackers Combined Vulnerabilities to Take Over WordPress Sites ∗∗∗
---------------------------------------------
On May 6, our Threat Intelligence team was alerted to a zero-day vulnerability present in Elementor Pro, a WordPress plugin installed on approximately 1 million sites. That vulnerability was being exploited in conjunction with another vulnerability found in Ultimate Addons for Elementor, a WordPress plugin installed on approximately 110,000 sites.
---------------------------------------------
https://www.wordfence.com/blog/2020/05/the-elementor-attacks-how-creative-hackers-combined-vulnerabilities-to-take-over-wordpress-sites/


∗∗∗ SMS von Raiffeisen mit Link ist Fake ∗∗∗
---------------------------------------------
Momentan sind gefälschte Raiffeisen-SMS im Umlauf. Darin werden Sie aufgefordert, die PushTAN Registrierung abzuschließen. Dafür müssen Sie lediglich auf den angeführten Link klicken. Doch Vorsicht: Dieser Link führt nicht auf die echte Login-Seite, sondern auf eine Phishing-Seite.
---------------------------------------------
https://www.watchlist-internet.at/news/sms-von-raiffeisen-mit-link-ist-fake/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ VMSA-2020-0010 ∗∗∗
---------------------------------------------
VMware Cloud Director updates address Code Injection Vulnerability (CVE-2020-3956)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2020-0010.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (bind9 and clamav), Fedora (kernel, moodle, and transmission), Oracle (kernel), Red Hat (ipmitool, kernel, ksh, and ruby), Slackware (bind and libexif), SUSE (dpdk, openconnect, python, and rpmlint), and Ubuntu (linux, linux-aws, linux-gcp, linux-kvm, linux-oracle, linux-riscv and linux-gke-5.0, linux-oem-osp1).
---------------------------------------------
https://lwn.net/Articles/820948/


∗∗∗ Researchers Divulge Details on Five Windows Zero Days ∗∗∗
---------------------------------------------
Zero Day Initiative Researchers Publish Five Windows Zero Days read more
---------------------------------------------
https://www.securityweek.com/researchers-divulge-details-five-windows-zero-days


∗∗∗ Security Advisory - Information Leakage Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200520-01-leakage-en


∗∗∗ Security Advisory - Use After Free Vulnerability in Several Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200520-01-uaf-en


∗∗∗ Security Bulletin: IBM Security Access Manager is vulnerable to a bypass security vulnerability (CVE-2020-4461) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-access-manager-is-vulnerable-to-a-bypass-security-vulnerability-cve-2020-4461/


∗∗∗ Security Bulletin: A security vulnerability has been identified in SQLite shipped with IBM Watson Machine Learning Community Edition (WMLCE) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-sqlite-shipped-with-ibm-watson-machine-learning-community-edition-wmlce/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-rational-application-developer-for-websphere-software-2/


∗∗∗ Security Bulletin: A security vulnerability has been identified in the sqlite package shipped with IBM Watson Machine Learning Community Edition (WMLCE) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-the-sqlite-package-shipped-with-ibm-watson-machine-learning-community-edition-wmlce/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-rational-application-developer-for-websphere-software/


∗∗∗ Security Bulletin: CVE-2020-4260 SOME SECURE PROPERTIES CAN BE REVEALED VIA GENERIC PROCESSES ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-4260-some-secure-properties-can-be-revealed-via-generic-processes/


∗∗∗ Security Bulletin: A security vulnerability has been identified in Pillow shipped with IBM Watson Machine Learning Community Edition (WMLCE) containers ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-pillow-shipped-with-ibm-watson-machine-learning-community-edition-wmlce-containers/


∗∗∗ Security Bulletin: A security vulnerability has been identified in nanopb shipped with IBM Watson Machine Learning Community Edition (WMLCE) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-nanopb-shipped-with-ibm-watson-machine-learning-community-edition-wmlce/


∗∗∗ Security Bulletin: A security vulnerability has been identified in FFMpeg shipped with IBM Watson Machine Learning Community Edition (WMLCE) containers ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ffmpeg-shipped-with-ibm-watson-machine-learning-community-edition-wmlce-containers/


∗∗∗ Security Bulletin: Security vulnerabilities have been identified in BigFix Platform shipped with IBM License Metric Tool. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-bigfix-platform-shipped-with-ibm-license-metric-tool/


∗∗∗ HPESBHF04004 rev.1 - HPE Superdome Flex Server Remote Management Controller (RMC), Local Elevation of Privilege ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04004en_us


∗∗∗ HPESBST03991 rev.1 - HPE Nimble Storage, Remote Access to Sensitive Information ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03991en_us


∗∗∗ HPESBST03992 rev.1 - HPE Nimble Storage, Remote Code Execution ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03992en_us


∗∗∗ Adobe Creative Cloud: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0487


∗∗∗ Wireshark: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0485

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list