End-of-Day report
Timeframe: Montag 30-12-2019 18:00 - Donnerstag 02-01-2020 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Ransomware in Node.js, (Thu, Jan 2nd)
Here is a sample that I spotted two days ago. Its an interesting one because its a malware that implements ransomware features developed in Node.js! The stage one is not obfuscated and I suspect the script to be a prototype or a test...
https://isc.sans.edu/diary/rss/25664
The Anatomy of Website Malware Part 2: Credit Card Stealers
One of the biggest malicious trends in the last few months and years are credit card stealers - also commonly referred to as credit card skimmers or cc stealers . In the second part of this Website Malware Anatomy series, I-m going to deconstruct several skimmers and show you what they look like, where they are hiding, and how they work.
https://blog.sucuri.net/2019/12/the-anatomy-of-website-malware-part-2-credit-card-stealers.html
Kaufen Sie keine Welpen auf realpuppieshome.com
Auf realpuppieshome.com werden Ihnen zahlreiche entzückende Zuchtwelpen angezeigt und zur Adoption angeboten. Die aufwendig gestaltete Website täuscht dabei ein seriöses Angebot vor. Doch nehmen Sie sich in Acht: Hier erhalten Sie das gewünschte Hundejunge nie. Stattdessen verlieren Sie Ihr Geld an Kriminelle.
https://www.watchlist-internet.at/news/kaufen-sie-keine-welpen-auf-realpuppieshomecom/
Vulnerabilities
December 30, 2019 TNS-2019-09 [R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities
Three separate third-party components (OpenSSL, Apache HTTP Server, SimpleSAMLphp) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues in Tenable.sc.
http://www.tenable.com/security/tns-2019-09
Security updates for Tuesday
Security updates have been issued by Debian (intel-microcode and libbsd), openSUSE (chromium, LibreOffice, and spectre-meltdown-checker), and SUSE (mozilla-nspr, mozilla-nss and python-azure-agent).
https://lwn.net/Articles/808319/
Security updates for Wednesday
Security updates have been issued by Debian (igraph, jhead, libgcrypt20, otrs2, and waitress) and Mageia (clamaw, exiv2, filezilla, hunspell, libidn2, pdfresurrect, roundcubemail, and xpdf).
https://lwn.net/Articles/808395/
Security updates for Thursday
Security updates have been issued by Red Hat (chromium-browser and rh-git218-git) and SUSE (java-1_8_0-ibm and openssl-1_1).
https://lwn.net/Articles/808488/
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass
Cisco Data Center Network Manager XML External Entity Read Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-xml-ext-entity
Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-unauth-access
Cisco Data Center Network Manager SQL Injection Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
Cisco Data Center Network Manager Path Traversal Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-path-trav
Cisco Data Center Network Manager Command Injection Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-comm-inject
Security Advisory - Missing Integrity Checking Vulnerability on Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191225-01-digital-en
Security Advisory - Information Leak Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191030-01-phone-en
Security Advisory - Improper Credentials Management Vulnerability in Some Products
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200102-01-credential-en
Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200102-02-smartphone-en
Security Advisory - Denial of Service Vulnerability in Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200102-03-smartphone-en
Security Advisory - Buffer Error Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200102-01-buffer-en
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Privileged Identity Manager
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-privileged-identity-manager/
Security Bulletin: A Security Vulnerability affects IBM Cloud Private - Swagger UI (CVE-2019-17495)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-swagger-ui-cve-2019-17495/
Security Bulletin: A Security Vulnerability affects IBM Cloud Private Kubernetes (CVE-2019-11245)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-kubernetes-cve-2019-11245/
Security Bulletin: IBM Cloud Private is vulnerable to IBM WebSphere Application Server Liberty vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-ibm-websphere-application-server-liberty-vulnerabilities/
Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2014-3603)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-ibm-websphere-application-server-liberty-vulnerability-cve-2014-3603/
Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-12402)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-ibm-websphere-application-server-liberty-vulnerability-cve-2019-12402/
Security Bulletin: A Security Vulnerability affects Cloud Foundry for IBM Cloud Private (CVE-2019-16935)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-affects-cloud-foundry-for-ibm-cloud-private-cve-2019-16935/