End-of-Day report
Timeframe: Montag 09-12-2019 18:00 - Dienstag 10-12-2019 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
Snatch Ransomware Reboots to Windows Safe Mode to Bypass AV Tools
Researchers discovered a new Snatch ransomware strain that will reboot computers it infects into Safe Mode to disable any resident security solutions and immediately starts encrypting files once the system loads.
https://www.bleepingcomputer.com/news/security/snatch-ransomware-reboots-to-windows-safe-mode-to-bypass-av-tools/
Dont pay off Ryuk ransomware, warn infoseccers: Its creators borked the decryptor
Oracle DBs particularly vulnerable to fake decryptions, say researchers If youre an Oracle database user and are tempted to pay off a Ryuk ransomware infection to get your files back, for pitys sake, dont. The criminals behind it have broken their own decryptor, meaning nobody will be able to unlock files scrambled by the malicious software.
https://go.theregister.co.uk/feed/www.theregister.co.uk/2019/12/10/ryuk_decryptor_broken_latest_strain/
Was Sie beim Onlineshoppen beachten müssen
Nicht mehr lang, dann ist wieder Weihnachten. Für die einen die besinnlichste Zeit im Jahr, für die anderen der pure Stress - vor allem wenn viele Geschenke besorgt werden müssen. Onlineshoppen ist da eine bequeme Lösung. Doch Onlineshoppen birgt auch einige Gefahren.
https://www.watchlist-internet.at/news/was-sie-beim-onlineshoppen-beachten-muessen/
Vulnerabilities
Security Bulletins Posted
Adobe has published security bulletins for Adobe Acrobat and Reader (APSB19-55), Adobe Photoshop (APSB19-56), Brackets (APSB19-57) and Adobe ColdFusion (APSB19-58). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided "AS IS" with no warranties and confers no rights.
https://blogs.adobe.com/psirt/?p=1813
Security updates for Tuesday
Security updates have been issued by Debian (firefox-esr, jruby, and squid3), Fedora (librabbitmq, libuv, and xpdf), openSUSE (calamares and opera), Oracle (kernel and nss), Red Hat (httpd24-httpd, kernel, kernel-alt, kpatch-patch, nss-softokn, sudo, and thunderbird), SUSE (apache2-mod_perl, java-1_8_0-openjdk, and postgresql), and Ubuntu (eglibc, firefox, and samba).
https://lwn.net/Articles/806957/
SAP Security Patch Day - December 2019
Page edited by Aditi Kulkarni This post by SAP Product Security Response Team shares information on Patch Day Security Notes that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.On 10th of December 2019, SAP Security Patch Day saw the release of 5 Security Notes. There are 2 updates to previously released Patch [...]
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397
Security Bulletin: Multiple Vulnerabilities in MongoDB affects IBM Watson Studio Local
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-mongodb-affects-ibm-watson-studio-local/
Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2019-4663)
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-is-vulnerable-to-cross-site-scripting-cve-2019-4663/
Security Bulletin: Vulnerabilities addressed in IBM Cloud Pak System (CVE-2019-4521, CVE-2019-4095)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-addressed-in-ibm-cloud-pak-system-cve-2019-4521-cve-2019-4095/
Security Bulletin: Multiple Vulnerabilities in HAProxy affects IBM Watson Studio Local
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-haproxy-affects-ibm-watson-studio-local/
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server October 2019 CPU
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-october-2019-cpu/
Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-affect-ibm-websphere-application-server-in-ibm-cloud/
Security Bulletin: Multiple Vulnerabilities in python affects IBM Watson Studio Local
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-python-affects-ibm-watson-studio-local/
Security Bulletin: IBM Integration Bus Hyper visor Edition V9.0 require customer action for security vulnerabilities in Red Hat Linux
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-hyper-visor-edition-v9-0-require-customer-action-for-security-vulnerabilities-in-red-hat-linux/
IBM Security Bulletin: PowerVC is impacted by an OpenStack Neutron vulnerability related to security group rules (CVE-2019-10876)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-powervc-is-impacted-by-an-openstack-neutron-vulnerability-related-to-security-group-rules-cve-2019-10876/
IBM Security Bulletin: PowerVC is impacted by an OpenStack Neutron denial of service vulnerability (CVE-2018-14635)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-powervc-is-impacted-by-an-openstack-neutron-denial-of-service-vulnerability-cve-2018-14635/
SSA-451445 (Last Update: 2019-12-10): Multiple Vulnerabilities in SPPA-T3000
https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf
SSA-273799 (Last Update: 2019-12-10): Vulnerability in SIMATIC products
https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf
SSA-525454 (Last Update: 2019-12-10): Vulnerabilities in XHQ Operations Intelligence
https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf
SSA-418979 (Last Update: 2019-12-10): Vulnerabilities in EN100 Ethernet Communication Module
https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf
SSA-761617 (Last Update: 2019-12-10): Multiple Vulnerabilities in SiNVR Video Management Solution
https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf
SSA-344983 (Last Update: 2019-12-10): Vulnerability in WPA2 Key Handling affecting SCALANCE W700 and SCALANCE W1700 Devices
https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf
SSA-618620 (Last Update: 2019-12-10): Vulnerabilities in Boot Loader (U-Boot) of RUGGEDCOM ROS Devices
https://cert-portal.siemens.com/productcert/pdf/ssa-618620.pdf
Samba: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K19-1048