Tageszusammenfassung - 11.10.2019

End-of-Day report

Timeframe: Donnerstag 10-10-2019 18:00 - Freitag 11-10-2019 18:00 Handler: Robert Waldner Co-Handler: n/a

News

Remote-Angriffe und Denial-of-Service: Schwachstellen in Juniper-Netzwerktechnik

Juniper-Geräte der Serien SRX, NFX, QFX, PTX, ACX, MX, und EX sowie das Betriebssystem JUNOS weisen Schwachstellen auf die umgehend gepatcht werden sollten.

https://heise.de/-4553168

Researchers released a free decryptor for the Nemty Ransomware

Good news for the victims of the Nemty Ransomware, security researchers have released a free decryptor that could be used to recover files.

https://securityaffairs.co/wordpress/92386/malware/nemty-ransomware-decryptor.html

Examining the Ryuk Ransomware

Ryuk ransomware had a disturbingly successful debut, being used to hit at least three organizations in its first two months of activity for more than $640,000 in ransom. Several attacks followed, where the attackers demanded even greater amounts of ransom. The attackers were able to demand and receive high ransoms because of a unique trait in the Ryuk code: the ability to identify and encrypt network drives and resources, as well as delete shadow copies on the endpoint.

https://www.zscaler.com/blogs/research/examining-ryuk-ransomware

Staying Hidden on the Endpoint: Evading Detection with Shellcode

True red team assessments require a secondary objective of avoiding detection. Part of the glory of a successful red team assessment is not getting detected by anything or anyone on the system. As modern Endpoint Detection and Response (EDR) products have matured over the years, the red teams must follow suit. This blog post will provide some insights into how the FireEye Mandiant Red Team crafts payloads to bypass modern EDR products and get full command and control (C2) on their [...]

http://www.fireeye.com/blog/threat-research/2019/10/staying-hidden-on-the-endpoint-evading-detection-with-shellcode.html

Vulnerabilities

Security updates for Friday

Security updates have been issued by Debian (lucene-solr and ruby-openid), Fedora (krb5 and SDL2), openSUSE (kernel and libopenmpt), and Ubuntu (python2.7, python3.4).

https://lwn.net/Articles/802086/

IBM Security Bulletin: IBM FileNet Content Manager and Case Foundation security vulnerability in Process Orchestration Web Service logging

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-filenet-content-manager-and-case-foundation-security-vulnerability-in-process-orchestration-web-service-logging/

IBM Security Bulletin: IBM FileNet Content Manager and Case Foundation are affected by Publicly disclosed vulnerability in Java July 2019

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-filenet-content-manager-and-case-foundation-are-affected-by-publicly-disclosed-vulnerability-in-java-july-2019/