End-of-Day report
Timeframe: Freitag 18-10-2019 18:00 - Montag 21-10-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Avast Network Breached As Hackers Target CCleaner Again
Avast said it believes that threat actors are again looking to target CCleaner in a supply chain attack.
https://threatpost.com/avast-network-breached-as-hackers-target-ccleaner-again/149358/
Attention: Your blog may be used to spread the Emotet Trojan!
Emotet was originally a banking Trojan that targeted bank customers in Europe and stole relevant bank credentials. In 2017, Emotet changed its business model from [...]
https://blog.360totalsecurity.com/en/attention-your-blog-may-be-used-to-spread-the-emotet-trojan/
Winnti Group-s skip-2.0: A Microsoft SQL Server backdoor
Notorious cyberespionage group debases MSSQL
https://www.welivesecurity.com/2019/10/21/winnti-group-skip2-0-microsoft-sql-server-backdoor/
Vulnerabilities
Linux: Kritische Zeroday-Lücke im WLAN-Treiber
Mit speziell präparierten WLAN-Paketen könnten Angreifer Linux-Systeme kapern, die Realtek-Chips einsetzen.
https://heise.de/-4562505
Security updates for Monday
Security updates have been issued by Debian (aspell, graphite-web, imagemagick, mediawiki, milkytracker, nfs-utils, and openjdk-11), Fedora (kernel, kernel-headers, kernel-tools, mediawiki, and radare2), openSUSE (dhcp, libpcap, lighttpd, and tcpdump), Scientific Linux (java-1.8.0-openjdk), Slackware (python), SUSE (bluez, kernel, and python-xdg), and Ubuntu (aspell).
https://lwn.net/Articles/802776/
AVM FRITZ!OS: Schwachstelle ermöglicht Offenlegung von Informationen
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/10/warnmeldung_tw-t19-0150.html
Trend Micro Anti-Threat Toolkit (ATTK) < = v1.62.0.1218 Remote Code Execution 0day
https://cxsecurity.com/issue/WLB-2019100137
IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-version-8-15-0-of-node-js-included-in-ibm-cloud-event-management-2-3-0-has-several-security-vulnerabilities/
IBM Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition is affected by HTTP Server vulnerabilities
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise-edition-is-affected-by-http-server-vulnerabilities/
IBM Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (CVE-2018-1996)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-has-been-identified-in-websphere-application-server-shipped-with-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise-cve-2018-1996/
Linux kernel vulnerability CVE-2019-16089
https://support.f5.com/csp/article/K03814795?utm_source=f5support&utm_medium=RSS
Linux kernel vulnerability CVE-2019-15666
https://support.f5.com/csp/article/K53420251?utm_source=f5support&utm_medium=RSS
Authentication Bypass Vulnerability in the Management Interface of Citrix Application Delivery Controller and Citrix Gateway
https://support.citrix.com/article/CTX261055