End-of-Day report
Timeframe: Donnerstag 16-01-2020 18:00 - Freitag 17-01-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection
The TrickBot Trojan has received an update that adds a UAC bypass targeting the Windows 10 operating system so that it infects users without displaying any visible prompts.
https://www.bleepingcomputer.com/news/security/trickbot-now-uses-a-windows-10-uac-bypass-to-evade-detection/
Dutch Govt Suggests Turning Off Citrix ADC Devices, Mitigations May Fail
Mitigation recommendations for CVE-2019-19781, a currently unpatched critical flaw affecting Citrix Application Delivery Controller (ADC) and Citrix Gateway, do not have the expected effect on all product versions.
https://www.bleepingcomputer.com/news/security/dutch-govt-suggests-turning-off-citrix-adc-devices-mitigations-may-fail/
FTCODE Ransomware - New Version Includes Stealing Capabilities
Recently, the Zscaler ThreatLabZ team came across PowerShell-based ransomware called -FTCODE,- which targets Italian-language users. An earlier version of FTCODE ransomware was being downloaded using a document file that contained malicious macros. In the recent campaign, the ransomware is being downloaded using VBScript.
https://www.zscaler.com/blogs/research/ftcode-ransomware--new-version-includes-stealing-capabilities
404 Exploit Not Found: Vigilante Deploying Mitigation for CitrixNetScaler Vulnerability While Maintaining Backdoor
As noted in Rough Patch: I Promise Itll Be 200 OK, our FireEye Mandiant Incident Response team has been hard at work responding to intrusions stemming from the exploitation of CVE-2019-19781. After analyzing dozens of successful exploitation attempts against Citrix ADCs that did not have the Citrix mitigation steps implemented, we-ve recognized multiple groups of post-exploitation activity. Within these, something caught our eye: one particular threat actor that-s been deploying a [...]
http://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html
Hinweise auf mögliche Verwundbarkeiten der Medizin-Telematik
Open-Source-Bibliotheken, die im Telematik-Konnektor von T-Systems zum Einsatz kommen, weisen hunderte bekannter Sicherheitslücken auf.
https://heise.de/-4635791
WeLeakInfo, the site which sold access to passwords stolen in data breaches, is brought down by the FBI
Law enforcement agencies have seized control of the domain of WeLeakInfo, a website offering cheap access to billions of personal credentials stolen from approximately 10,000 data breaches.
https://www.grahamcluley.com/weleakinfo-seized/
Vulnerabilities
Schneider Electric Modicon Controllers
This advisory contains mitigations for several improper check for unusual or exceptional conditions vulnerabilities in Schneider Electric Modicon PLC controllers.
https://www.us-cert.gov/ics/advisories/icsa-20-016-01
Security updates for Friday
Security updates have been issued by Arch Linux (chromium), Fedora (gnulib, ImageMagick, jetty, ocsinventory-agent, phpMyAdmin, python-django, rubygem-rmagick, thunderbird, and xar), Mageia (e2fsprogs, kernel, and libjpeg), openSUSE (icingaweb2), Oracle (git, java-11-openjdk, and thunderbird), Red Hat (.NET Core), Scientific Linux (git, java-11-openjdk, and thunderbird), SUSE (fontforge and LibreOffice), and Ubuntu (kamailio and thunderbird).
https://lwn.net/Articles/809916/
HPESBNS03981 rev.1 - HPE ViewPoint on NonStop, Local Disclosure of Sensitive Information
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03981en_us
HPESBNS03976 rev.1 - HPE NonStop using Sudo
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us
Pivotal Spring Framework: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-0057
Trend Micro Produkte: Mehrere Schwachstellen ermöglichen Erlangen von Administratorrechten
http://www.cert-bund.de/advisoryshort/CB-K20-0055
Linux Kernel: Schwachstelle ermöglicht Offenlegung von Informationen
http://www.cert-bund.de/advisoryshort/CB-K20-0058