Tageszusammenfassung - 01.10.2019

End-of-Day report

Timeframe: Montag 30-09-2019 18:00 - Dienstag 01-10-2019 18:00 Handler: Stephan Richter Co-Handler: n/a

News

Free Ouroboros Ransomware (Zeropadypt NextGen) Decryption Available

Victims of the Ouroboros Ransomware, otherwise known as Zeropadypt NextGen, can get their files decrypted for free with the help of a security researcher and a decryptor that has been made for different variants.

https://www.bleepingcomputer.com/news/security/free-ouroboros-ransomware-zeropadypt-nextgen-decryption-available/

Beyond the SISSDEN event horizon

Between May 2016 and April 2019, The Shadowserver Foundation participated in the SISSDEN EU Horizon 2020 project. The main goal of the project was to improve the cybersecurity posture of EU entities and end users through the development of situational awareness and sharing of actionable information. It exceeded KPIs, with 257 sensors in 59 countries, using 974 IP addresses across 119 ASNs and 383 unique /24 (Class C) networks, and collected 31TB of threat data.

https://www.shadowserver.org/news/beyond-the-sissden-event-horizon/

Decades-Old Code Is Putting Millions of Critical Devices at Risk

Nearly two decades ago, a company called Interpeak created a network protocol that became an industry standard. It also had severe bugs that are only now coming to light.

https://www.wired.com/story/urgent-11-ipnet-vulnerable-devices

Vorsicht bei zu günstigen Technik-Angeboten

sgt-sonic.store, alpha-tech.store, omega-tech.store, grand-elec.store und beta-elec.store bieten ein breites Technik-Sortiment mit unschlagbaren Angeboten. Sehen Sie jedoch von einer Bestellung ab, denn es handelt sich um Fake-Shops. Die Ware wird trotz Vorab-Zahlung nie geliefert. Sie verlieren Ihr Geld!

https://www.watchlist-internet.at/news/vorsicht-bei-zu-guenstigen-technik-angeboten/

Vulnerabilities

Noch ein Update für iOS, iPadOS und watchOS

Bei Apple kommen die Aktualisierungen Schlag auf Schlag. iOS 13.1.2, iPadOS 13.1.2 und watchOS 6.0.1 beheben erneut Fehler.

https://heise.de/-4543459

Security updates for Tuesday

Security updates have been issued by Debian (apache2, linux-4.9, netty, phpbb3, and poppler), openSUSE (chromium, djvulibre, ghostscript, python-numpy, SDL2, and varnish), Oracle (nodejs:10), Red Hat (httpd24-httpd and httpd24-nghttp2, kpatch-patch, and rh-nodejs10-nodejs), and Ubuntu (linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, and SDL 2.0).

https://lwn.net/Articles/801010/

IBM Security Bulletin: Multiple security vulnerabilities have been addressed in IBM Security Directory Server

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-have-been-addressed-in-ibm-security-directory-server/

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Rational Functional Tester

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affecting-rational-functional-tester-4/

IBM Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 and LCM8 & LCM16 KVM Switch Firmware (CVE-2018-0732 CVE-2019-1559)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-openssl-affect-gcm16-gcm32-and-lcm8-lcm16-kvm-switch-firmware-cve-2018-0732-cve-2019-1559/

HPESBHF03955 rev.1 - HPE Simplivity Omnistack, Local and Remote File Modification and Deletion

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03955en_us

HPESBST03956 rev.1 - HPE Simplivity Omnistack, Local and Remote Arbitrary Command Execution

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03956en_us

HPESBHF03954 rev.1 - HPE UioT, Remote Unauthorized Access and Access to sensitive Data

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03954en_us