End-of-Day report
Timeframe: Montag 18-11-2019 18:00 - Dienstag 19-11-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Linux, Windows Users Targeted With New ACBackdoor Malware
Researchers have discovered a new multi-platform backdoor that infects Windows and Linux systems allowing the attackers to run malicious code and binaries on the compromised machines.
https://www.bleepingcomputer.com/news/security/linux-windows-users-targeted-with-new-acbackdoor-malware/
Buran Ransomware Infects PCs via Microsoft Excel Web Queries
A new spam campaign has been spotted distributing the Buran Ransomware through IQY file attachments. When opened, these Microsoft Excel Web Query attachments will execute a remote command that installs the ransomware onto a victims computer.
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Coin Stealer Found in Monero Linux Binaries From Official Site
The Monero Project is currently investigating a potential compromise of the official website after a coin stealer was found in the Linux 64-bit command line (CLI) Monero binaries downloaded from the download page.
https://www.bleepingcomputer.com/news/security/coin-stealer-found-in-monero-linux-binaries-from-official-site/
Elasticsearch: Datenleak bei Conrad
Der Elektronikhändler Conrad meldet, dass ein Angreifer Zugang zu Kundendaten und Kontonummern gehabt habe. Grund dafür war eine ungesicherte Elasticsearch-Datenbank.
https://www.golem.de/news/elasticsearch-datenleak-bei-conrad-1911-145091-rss.html
Windows Debugging & Exploiting Part 2 - WinDBG 101
Hello again! After our previous post about the environment setup, now it is time to cover the main tool of this project, the WinDBG.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/windows-debugging-exploiting-part-2-windbg-101/
When Bank Communication is Indistinguishable from Phishing Attacks
You know how banks really, really want to avoid their customers falling victim to phishing scams? And how they put a heap of effort into education to warn folks about the hallmarks of phishing scams? And how banks are the shining beacons of light when it comes to demonstrating security [...]
https://www.troyhunt.com/when-bank-communication-is-indistinguishable-from-phishing-attacks/
Vulnerability in ABB Plant Historian Disclosed 5 Years After Discovery
It took Swiss-based industrial technology solutions provider ABB five years to inform customers of a critical vulnerability affecting one of its products, and the researcher who found it says this increased the chances of threat actors discovering and exploiting the security flaw.
https://www.securityweek.com/vulnerability-abb-plant-historian-disclosed-5-years-after-discovery
Vorsicht bei angeblichen Gewinnspielen von Magenta, A1, Drei oder Liwest
Aktuell verbreiten Kriminelle über unterschiedliche Kanäle Fake-Gewinnspiele. Sie werden entweder per E-Mail, SMS oder mittels Pop-Up im Browser benachrichtigt, dass Sie angeblich ein Smartphone gewonnen haben. Um den Gewinn zu erhalten, muss nur eine kurze Umfrage beantwortet und ein kleiner Geldbetrag für den Versand bezahlt werden. Vorsicht: Es handelt sich um eine Abo-Falle.
https://www.watchlist-internet.at/news/vorsicht-bei-angeblichen-gewinnspielen-von-magenta-a1-drei-oder-liwest/
Vulnerabilities
Schwere Sicherheitslücke in WhatsApp entdeckt
In WhatsApp wurde eine Schwachstelle gefunden, die es Angreifern ermöglicht, Dateien zu stehlen und Nachrichten auszulesen.
https://futurezone.at/apps/schwere-sicherheitsluecke-in-whatsapp-entdeckt/400679165
Lernplattform Moodle: Entwickler schließen kritische Schwachstellen
Moodle-Admins aufgepasst: Neue Versionen schließen mehrere, teils als "Serious" bewertete Lücken.
https://heise.de/-4591094
Security updates for Tuesday
Security updates have been issued by Debian (python-psutil, slurm-llnl, symfony, and thunderbird), Fedora (gd and ghostscript), and SUSE (ceph, haproxy, java-11-openjdk, and ncurses).
https://lwn.net/Articles/805149/
Lexmark Services Monitor 2.27.4.0.39 Directory Traversal
https://cxsecurity.com/issue/WLB-2019110124
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-2/
Security Bulletin: Vulnerabilities in Curl affect PowerSC (CVE-2019-5435, CVE-2019-5436)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2019-5435-cve-2019-5436/
HPESBHF03963 rev.1 - Certain HPE ProLiant Servers with Intel CSME, AMT, SPS, TXE,
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03963en_us
HPESBHF03968 rev.1 - HPE Gen10 ProLiant, Apollo, and Synergy Servers using Intel CPU Transactional Synchronization Extensions (TSX) Asynchronous Abort (TAA), Local Disclosure of Information
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03968en_us
HPESBHF03969 rev.1 - HPE ProLiant Gen10 Servers using certain Intel Xeon Scalable Processors, Voltage Modulation, Local Denial of Service
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03969en_us
HPESBHF03971 rev.1 - HPE Servers using certain Intel Processors, SMM and TXT, Local Escalation of Privilege
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03971en_us
HPESBST03964 rev.1 - HPE Nimble Storage, Multiple Remote Vulnerabilities
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03964en_us
Google Chrome: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K19-0998