[CERT-daily] Tageszusammenfassung - 28.05.2020
Daily end-of-shift report
team at cert.at
Thu May 28 18:39:21 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 27-05-2020 18:00 − Donnerstag 28-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ New Octopus Scanner malware spreads via GitHub supply chain attack ∗∗∗
---------------------------------------------
Security researchers have found a new malware that finds and backdoors open-source NetBeans projects hosted on the GitHub web-based code hosting platform to spread to Windows, Linux, and macOS systems and deploy a Remote Administration Tool (RAT).
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-octopus-scanner-malware-spreads-via-github-supply-chain-attack/
∗∗∗ The zero-day exploits of Operation WizardOpium ∗∗∗
---------------------------------------------
Back in October 2019 we detected a classic watering-hole attack that exploited a chain of Google Chrome and Microsoft Windows zero-days. In this blog post we’d like to take a deep technical dive into the attack.
---------------------------------------------
https://securelist.com/the-zero-day-exploits-of-operation-wizardopium/97086/
∗∗∗ Inside a ransomware gang’s attack toolbox ∗∗∗
---------------------------------------------
Ransomwares changed a lot over the years - heres a peek into a criminal gangs current toolbox [...]
---------------------------------------------
https://nakedsecurity.sophos.com/2020/05/28/inside-a-ransomware-gangs-attack-toolbox/
∗∗∗ NetWalker Ransomware – What You Need to Know ∗∗∗
---------------------------------------------
What is NetWalker? NetWalker (also known as Mailto) is the name given to a sophisticated family of Windows ransomware that has targeted corporate computer networks, encrypting the files it finds, and demanding that a cryptocurrency payment is made for the safe recovery of the encrypted data. Ransomware is nothing new. Why should I particularly care [...]
---------------------------------------------
https://www.tripwire.com/state-of-security/featured/netwalker-ransomware-what-need-know/
∗∗∗ Massenhaft betrügerische DHL-Nachrichten von SMSinfo ∗∗∗
---------------------------------------------
Unzählige Watchlist Internet Leserinnen und Leser melden uns momentan eine gefälschte SMS-Nachricht von DHL. Die Kriminellen geben sich als Versanddienstleister aus und behaupten in der Nachricht von SMSinfo, dass ein Teil der Portokosten fehlen würde. Die Nachricht muss ignoriert werden, denn die Zahlung des verlangten Betrags führt in eine Abo-Falle!
---------------------------------------------
https://www.watchlist-internet.at/news/massenhaft-betruegerische-dhl-nachrichten-von-smsinfo/
∗∗∗ Microsoft warns about attacks with the PonyFinal ransomware ∗∗∗
---------------------------------------------
PonyFinal infections have been reported in India, Iran, and the US.
---------------------------------------------
https://www.zdnet.com/article/microsoft-warns-about-attacks-with-the-ponyfinal-ransomware/
∗∗∗ Cybereason: Valak-Malware greift Unternehmen und den USA und Deutschland an ∗∗∗
---------------------------------------------
In nur sechs Monaten wird aus einem Malware-Loader eine Schadsoftware mit modularer Architektur. Die Verbreitung von Valak erfolgt derzeit über speziell gestaltete Word-Dateien. Das eigentliche Ziel sind Exchange-Server, um E-Mails und Zertifikate zu stehlen.
---------------------------------------------
https://www.zdnet.de/88380246/cybereason-valak-malware-greift-unternehmen-und-den-usa-und-deutschland-an/
=====================
= Vulnerabilities =
=====================
∗∗∗ Apple sends out 11 security alerts – get your fixes now! ∗∗∗
---------------------------------------------
Apples current round of updates have been officially anounced in the companys latest Security Advisory emails.
---------------------------------------------
https://nakedsecurity.sophos.com/2020/05/27/apple-sends-out-11-security-alerts-get-your-fixes-now/
∗∗∗ Password Reset Landing Page (PRLP) - Highly critical - Access bypass - SA-CONTRIB-2020-021 ∗∗∗
---------------------------------------------
This module enables you to force a password update when using password reset link. The module doesnt sufficiently validate the login URL allowing a malicious user to use a specially crafted URL to log in as another user.
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-021
∗∗∗ Drupal Commerce - Moderately critical - Access bypass - SA-CONTRIB-2020-020 ∗∗∗
---------------------------------------------
Drupal Commerce is used to build eCommerce websites and applications. Its possible to configure commerce to permit orders by anonymous users. In this configuration, customers who do not choose to create an account upon checkout completion remain anonymous, and the resulting orders are never assigned an [...]
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-020
∗∗∗ SaltStack FrameWork Vulnerabilities Affecting Cisco Products ∗∗∗
---------------------------------------------
On April 29, 2020, the Salt Open Core team notified their community regarding the following two CVE-IDs: CVE-2020-11651: Authentication Bypass Vulnerability CVE-2020-11652: Directory Traversal Vulnerability Cisco Modeling Labs Corporate Edition (CML) and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities. Cisco has released software updates that address these [...]
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (dovecot, dpdk, knot-resolver, and unbound), Mageia (ant, libexif, and php), SUSE (libmspack), and Ubuntu (php5, php7.0, php7.2, php7.3, php7.4 and unbound).
---------------------------------------------
https://lwn.net/Articles/821659/
∗∗∗ SWARCO: Critical Vulnerability in CPU LS4000 ∗∗∗
---------------------------------------------
A critical Vulnerability was found in SWARCO TRAFFIC SYSTEMS CPU LS4000
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2020-016
∗∗∗ ADVISORY: Phish Threat Outlook plugin reporting non-campaign emails are failing to send ∗∗∗
---------------------------------------------
Reporting non-campaign emails (ie spam or actual phishing emails) through the Phish Threat Report Message add-on are not being delivered to the configured administrators.
---------------------------------------------
https://community.sophos.com/kb/en-US/135524
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4233) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4233/
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4248) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4248/
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2018-1058, CVE-2018-10936, CVE-2019-9193) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-cve-2018-1058-cve-2018-10936-cve-2019-9193/
∗∗∗ Security Bulletin: Vulnerability in the Apache CXF library used in WebSphere Application Server Liberty Core affect CICS Transaction Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-the-apache-cxf-library-used-in-websphere-application-server-liberty-core-affect-cics-transaction-gateway/
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4231) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4231/
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2019-11729, CVE-2019-11745) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-cve-2019-11729-cve-2019-11745/
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities/
∗∗∗ Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2020-4419) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-affects-the-report-builder-that-is-shipped-with-jazz-reporting-service-cve-2020-4419/
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2019-12406) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-12406/
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4245) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4245/
∗∗∗ Trend Micro InterScan Web Security Virtual Appliance: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0510
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list