End-of-Day report
Timeframe: Donnerstag 17-10-2019 18:00 - Freitag 18-10-2019 18:00
Handler: n/a
Co-Handler: n/a
News
STOP Ransomware Decryptor Released for 148 Variants
The release of Emsisofts STOP Ransomware decryption service is a huge achievement and will be a life saver for both the victims and the helpers on BleepingComputer. It should be noted, though, that while this decryptor can help with the majority of STOP variants, anyone who was infected after August 2019 cannot be helped.
https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/
REvil Ransomware Affiliates Partner with Corporate Intruders
Experienced network intruders and ransomware groups have struck an alliance helping each other monetize their skills by spreading malware to company networks.
https://www.bleepingcomputer.com/news/security/revil-ransomware-affiliates-partner-with-corporate-intruders/
Ordinypt: Resurgence
Recently, the Ordinypt malware has seen a resurgence in the wild, disguised as fake job applications sent via email to human resource departments in German companies. The malware uses social engineering to infect the user-s files and trick them into paying cryptocurrency to restore the infected files.
https://www.gdatasoftware.com/blog/2019/10/35358-resurgence
Quick Malicious VBS Analysis, (Fri, Oct 18th)
Lets have a look at a VBS sample found yesterday. It started as usual with a phishing email that contained a link to a malicious ZIP archive. This technique is more and more common to deliver the first stage via a URL because it reduces the risk to have the first file blocked by classic security controls.
https://isc.sans.edu/diary/rss/25430
Fake UpdraftPlus Plugins
We often find various fake WordPress plugins installed by hackers during website cleanups. Recently, we-ve noticed a new wave of infections that install fake plugins with backdoor functionality.
https://blog.sucuri.net/2019/10/fake-updraftplus-plugins.html
Samsung to patch S10 fingerprint sensor bug next week
Samsung promises software patch next week; recommends not using custom screen covers in the meantime.
https://www.zdnet.com/article/samsung-to-patch-s10-fingerprint-sensor-bug-next-week/
Vulnerabilities
AVEVA Vijeo Citect and Citect SCADA
This advisory contains mitigations for a stack-based buffer overflow vulnerability in the AVEVA Vijeo Citect and Citect SCADA.
https://www.us-cert.gov/ics/advisories/icsa-19-290-01
Horner Automation Cscape
This advisory contains mitigations for improper input validation and out-of-bounds write vulnerabilities in Horner Automations Cscape control system application programming software.
https://www.us-cert.gov/ics/advisories/icsa-19-290-02
VMSA-2019-0017
VMware SD-WAN by VeloCloud update addresses information disclosure vulnerability (CVE-2019-5533)
https://www.vmware.com/security/advisories/VMSA-2019-0017.html
Security updates for Friday
Security updates have been issued by Debian (poppler, sudo, and wordpress), Oracle (java-1.8.0-openjdk), Red Hat (java-1.8.0-openjdk), Scientific Linux (java-1.8.0-openjdk, java-11-openjdk, and kernel), and SUSE (kernel and postgresql10).
https://lwn.net/Articles/802622/
Synology-SA-19:34 WordPress
These vulnerabilities allow remote attackers to inject arbitrary web script or HTML, obtain sensitive information, or access intranet resources via a susceptible version of WordPress.
https://www.synology.com/en-global/support/security/Synology_SA_19_34
InfoZIP vulnerability CVE-2019-13232
https://support.f5.com/csp/article/K80311892