[CERT-daily] Tageszusammenfassung - 07.10.2020

Daily end-of-shift report team at cert.at
Wed Oct 7 18:13:10 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 06-10-2020 18:00 − Mittwoch 07-10-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Backdoor Shell Dropper Deploys CMS-Specific Malware ∗∗∗
---------------------------------------------
A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and execute whatever commands they want.
---------------------------------------------
https://blog.sucuri.net/2020/10/backdoor-shell-dropper-deploys-cms-specific-malware.html


∗∗∗ Alert (AA20-280A): Emotet Malware ∗∗∗
---------------------------------------------
Emotet—a sophisticated Trojan commonly functioning as a downloader or dropper of other malware—resurged in July 2020, after a dormant period that began in February.
---------------------------------------------
https://us-cert.cisa.gov/ncas/alerts/aa20-280a


∗∗∗ New HEH botnet can wipe routers and IoT devices ∗∗∗
---------------------------------------------
The disk-wiping feature is present in the code but has not been used yet.
---------------------------------------------
https://www.zdnet.com/article/new-heh-botnet-can-wipe-routers-and-iot-devices/


∗∗∗ Betrügerische Post-Mail verbreitet Schadsoftware ∗∗∗
---------------------------------------------
Derzeit werden betrügerische E-Mails im Namen der Post willkürlich an zahlreiche EmpfängerInnen versendet. Die Kriminellen drohen den Opfern mit einer Geldstrafe, da bestimmte Kosten noch nicht bezahlt wurden.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-post-mail-verbreitet-schadsoftware/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Enter the Vault: Authentication Issues in HashiCorp Vault ∗∗∗
---------------------------------------------
Posted by Felix Wilhelm, Project Zero: In this blog post I'll discuss two vulnerabilities in HashiCorp Vault and its integration with Amazon Web Services (AWS) and Google Cloud Platform (GCP).
---------------------------------------------
https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html


∗∗∗ 90 days, 16 bugs, and an Azure Sphere Challenge ∗∗∗
---------------------------------------------
Cisco Talos reports 16 vulnerabilities in Microsoft Azure Spheres sponsored research challenge.
---------------------------------------------
https://blog.talosintelligence.com/2020/10/Azure-Sphere-Challenge.html


∗∗∗ Security Bulletin: Security vulnerabilities in OpenSSH and OpenSSL shipped with IBM Security Access Manager Appliance (CVE-2018-15473, CVE-2019-1559) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-openssh-and-openssl-shipped-with-ibm-security-access-manager-appliance-cve-2018-15473-cve-2019-1559/


∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data – Node.js (CVE-2019-15606, CVE-2019-15604, CVE-2019-15605) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-node-js-cve-2019-15606-cve-2019-15604-cve-2019-15605/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-kernel-vulnerabilities-4/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Apache commons beanutils 1.9.2 library vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-apache-commons-beanutils-1-9-2-library-vulnerability/


∗∗∗ Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in MySQL. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-developer-portal-is-impacted-by-vulnerabilities-in-mysql-2/


∗∗∗ Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to a denial of service (CVE-2020-4590) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-liberty-for-java-for-ibm-cloud-is-vulnerable-to-a-denial-of-service-cve-2020-4590/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OpenSSL vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-openssl-vulnerability-5/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-8/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Apache Commons vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-apache-commons-vulnerability-2/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-oracle-mysql-vulnerabilities-3/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list