End-of-Day report
Timeframe: Freitag 20-09-2019 18:00 - Montag 23-09-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Zunahme von erfolgreichen Cyber-Angriffen mit Emotet - BSI rät zu Schutzmaßnahmen
Cyber-Angriffe mit der Schadsoftware Emotet haben in den vergangenen Tagen erhebliche Schäden in der deutschen Wirtschaft, aber auch bei Behörden und Organisationen verursacht. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) warnt daher erneut eindringlich vor dieser Schadsoftware und gibt ausführliche Hinweise zum Schutz vor Emotet. Auch Privatanwender stehen im Fokus der Angreifer.
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Emotet-Warnung_230919.html
Meet Stop Ransomware: The Most Active Ransomware Nobody Talks About
Have you ever heard of the STOP Ransomware? Probably not, as few write about it, most researchers dont cover it, and for the most part it targets consumers through cracked software, adware bundles, and shady sites.
https://www.bleepingcomputer.com/news/security/meet-stop-ransomware-the-most-active-ransomware-nobody-talks-about/
What you should know about Ryuk ransomware
The ransomware called Ryuk has established ransomware as a lucrative enterprise product. This sentence may sound provocative, as it is treating cybercriminals like businesspeople, but this is what Ryuk is about - making money. This strain of ransomware is estimated by Crowdstrike to have made the gang behind it over $3.7 million USD since [...]
https://resources.infosecinstitute.com/what-you-should-know-about-ryuk-ransomware/
Hello! My name is Dtrack
When we first discovered ATMDtrack, we thought we were just looking at another ATM malware family. Now we can add another family to the Lazarus group-s arsenal: ATMDtrack and Dtrack.
https://securelist.com/my-name-is-dtrack/93338/
YARA XOR Strings: an Update, (Sun, Sep 22nd)
Almost a year ago, I reported on a new feature in YARA version 3.8.0: YARA XOR Strings. The new YARA xor keyword allows for the search of strings that are XOR-encoded with a one-byte key.
https://isc.sans.edu/diary/rss/25346
Bereit für NISG & NISV? - Anforderungen an den Umgang mit Sicherheitsvorfällen
Es ist so weit - Österreich hat mit dem Beschluss der Netz- und Informationssystemsicherheitsverordnung (NISV) nun konkrete Netzwerk- und Informationssicherheitsanforderungen für Anbietern wesentlicher Dienste i.S.d. Netz- und Informationssystemsicherheitsgesetz (NISG) festgelegt.
https://www.sec-consult.com/blog/2019/09/bereit-fuer-nisg-nisv-anforderungen-an-den-umgang-mit-sicherheitsvorfaellen/
Dear network operators, please use the existing tools to fix security
The internets security and stability would be significantly improved if network operators implemented protocols that were already written into technical standards and if vendors provided better tools for fixing security.
https://www.zdnet.com/article/dear-network-operators-please-use-the-existing-tools-to-fix-security/
Vulnerabilities
Sicherheitsupdates: Jira Server und Data Center vor Schadcode-Attacken gefährdet
Verschiedene Software von Jira ist über kritische Sicherheitslücken attackierbar. Angreifer könnten die Kontrolle über Server übernehmen.
https://heise.de/-4536050
Security updates for Monday
Security updates have been issued by Debian (expat, php-pecl-http, and php7.0), Fedora (ImageMagick, jackson-annotations, jackson-bom, jackson-core, jackson-databind, and rubygem-rmagick), Mageia (chromium-browser-stable, ibus, kernel, samba, and thunderbird), openSUSE (chromium), Oracle (dovecot and kernel), Red Hat (dbus, kernel, kernel-alt, and kpatch-patch), Scientific Linux (dovecot and kernel), and SUSE (expat, ibus, kernel, kernel-source-rt, nmap, openssl, and webkit2gtk3).
https://lwn.net/Articles/800377/
Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190921-01-debug-en
Security Advisory - Race Condition Vulnerability on Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190911-01-smartphone-en
IBM Security Bulletin: IBM Security Key Lifecycle Manager stores password in clear text (CVE-2019-4566)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-key-lifecycle-manager-stores-password-in-clear-text-cve-2019-4566/
IBM Security Bulletin: Apache Commons Compress vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-12402)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-commons-compress-vulnerability-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-12402/
IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-node-js-vulnerabilities-affect-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-9511-cve-2019-9512-cve-2019-9513-cve-2019-9514-cve-2019-9515-cve/
IBM Security Bulletin: Clickjacking vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4285)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-clickjacking-vulnerability-in-websphere-application-server-liberty-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-4285/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-2684, CVE-2019-4473, CVE-2019-11771)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-2684-cve-2019-4473-cve-2019-11771/