End-of-Day report
Timeframe: Mittwoch 02-10-2019 18:00 - Donnerstag 03-10-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Sodinokibi Ransomware Builds An All-Star Team of Affiliates
The Sodinokibi Ransomware (REvil) has been making news lately as they target the enterprise, MSPs, and government entities through their hand-picked team of all-star affiliates. These affiliates appear to have had a prior history with the GandCrab RaaS and use similar distribution methods.
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-builds-an-all-star-team-of-affiliates/
A New Wave of Buggy WordPress Infections
We-ve been following an ongoing malware campaign for the past couple of years now. This campaign is renowned for its prompt addition of exploits for newly discovered WordPress theme and plugin vulnerabilities. Every other week, the attackers introduce new domain names and slightly change the obfuscation of their scripts to prevent detection.
https://blog.sucuri.net/2019/10/a-new-wave-of-buggy-wordpress-infections.html
FBI: Don-t pay ransomware demands, stop encouraging cybercriminals to target others
The FBI has some unambiguous advice for organisations on how they should handle ransomware demands: Dont pay.
https://www.tripwire.com/state-of-security/featured/fbi-dont-pay-ransomware/
Vulnerabilities
Gefährliche Lücke in Magenta-Routern entdeckt
Die bereits in UPC-Zeiten verteilte Connect Box kann von außen übernommen werden. Ein Firmware-Update soll Abhilfe schaffen.
https://futurezone.at/produkte/gefaehrliche-luecke-in-magenta-routern-entdeckt/400637039
WhatsApp Flaw Opens Android Devices to Remote Code Execution
A double-free bug could allow an attacker to achieve remote code execution; users are encouraged to update to a patched version of the messaging app.
https://threatpost.com/whatsapp-flaw-opens-android-devices-to-remote-code-execution/148888/
Security updates for Thursday
Security updates have been issued by CentOS (kernel), Debian (jackson-databind, libapreq2, and subversion), Fedora (glpi, memcached, and zeromq), openSUSE (rust), Oracle (kernel), Red Hat (patch), and SUSE (dovecot23, git, jasper, libseccomp, and thunderbird).
https://lwn.net/Articles/801226/
Localization update - Moderately critical - Insecure server configuration - SA-CONTRIB-2019-072
https://www.drupal.org/sa-contrib-2019-072
Simple AMP (Accelerated Mobile Pages) - Moderately critical - Access bypass - SA-CONTRIB-2019-071
https://www.drupal.org/sa-contrib-2019-071
Ubercart - Moderately critical - Cross site scripting - SA-CONTRIB-2019-070
https://www.drupal.org/sa-contrib-2019-070
Cisco Security Advisories
https://tools.cisco.com/security/center/publicationListing.x
IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Cross-Site Scripting (CVE-2019-4564)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-key-lifecycle-manager-is-affected-by-cross-site-scripting-cve-2019-4564/
IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by information exposure (CVE-2019-4514)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-key-lifecycle-manager-is-affected-by-information-exposure-cve-2019-4514/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-installation-manager-and-ibm-packaging-utility-7/
IBM Security Bulletin: Java Vulnerability Affects IBM Connect:Direct Web Services (CVE-2019-10246, CVE-2019-10247, CVE-2019-10241 & CVE-2018-12545)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-affects-ibm-connectdirect-web-services-cve-2019-10246-cve-2019-10247-cve-2019-10241-cve-2018-12545/
IBM Security Bulletin: IBM MQ AMQP Listeners are vulnerable to a session fixation attack (CVE-2019-4227)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-amqp-listeners-are-vulnerable-to-a-session-fixation-attack-cve-2019-4227/
HPESBST03958 rev.1 - HPE Command View Advanced Edition (CVAE) Multiple Vulnerabilities
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us
HPESBST03959 rev.1 - HPE Command View Advanced Edition (CVAE) Multiple Vulnerabilities
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us