End-of-Day report
Timeframe: Donnerstag 23-01-2020 18:00 - Freitag 24-01-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
TrickBot Now Steals Windows Active Directory Credentials
A new module for the TrickBot trojan has been discovered that targets the Active Directory database stored on compromised Windows domain controllers.
https://www.bleepingcomputer.com/news/security/trickbot-now-steals-windows-active-directory-credentials/
NSA Releases Guidance on Mitigating Cloud Vulnerabilities
The National Security Agency (NSA) has released an information sheet with guidance on mitigating cloud vulnerabilities. NSA identifies cloud security components and discusses threat actors, cloud vulnerabilities, and potential mitigation measures. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and users to review NSAs guidance on Mitigating Cloud Vulnerabilities and CISA-s page on APTs Targeting IT Service [...]
https://www.us-cert.gov/ncas/current-activity/2020/01/24/nsa-releases-guidance-mitigating-cloud-vulnerabilities
Kaspersky: Shlayer-Trojaner und Adware häufigste Bedrohungen für Mac-Nutzer
Shlayer wird auch über Links auf großen Seiten wie YouTube und Wikipedia verbreitet, warnt die Sicherheitsfirma. Der Trojaner schleuste bislang nur Adware ein.
https://heise.de/-4645548
Hackers target unpatched Citrix servers to deploy ransomware
REvil ransomware gang has been spotted abusing Citrix bug to infect victims.
https://www.zdnet.com/article/hackers-target-unpatched-citrix-servers-to-deploy-ransomware/
Vulnerabilities
Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability
A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200124-webex-unauthjoin
Fixes now available for Citrix ADC, Citrix Gateway versions 12.1 and 13.0
Today, we released permanent fixes to address the CVE-2019-19781 vulnerability for Citrix Application Delivery Controller (ADC) and Citrix Gateway versions 12.1 and 13.0. These fixes are available to download for ADC and Gateway.
https://www.citrix.com/blogs/2020/01/23/fixes-now-available-for-citrix-adc-citrix-gateway-versions-12-1-and-13-0/
MDhex: Angreifer könnten medizinische Geräte von GE Healthcare kontrollieren
Aufgrund von unsicheren Standardeinstellungen und veralteter Software mit Sicherheitslücken ist die Überwachung von Patienten gefährdet.
https://heise.de/-4645197
Security updates for Friday
Security updates have been issued by Debian (git and python-apt), Oracle (openslp), Red Hat (chromium-browser and ghostscript), SUSE (samba, slurm, and tomcat), and Ubuntu (clamav, gnutls28, and python-apt).
https://lwn.net/Articles/810459/
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0001
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2019-8835 Versions affected: WebKitGTK before 2.26.3 and WPE WebKit before 2.26.3. Credit to Anonymous working with Trend Micro-s Zero Day Initiative, Mike Zhang of Pangu Team. Impact: Processing maliciously crafted web content may lead toarbitrary code execution.
https://webkitgtk.org/security/WSA-2020-0001.html
wpCentral < 1.4.8 - Privilege Escalation
https://wpvulndb.com/vulnerabilities/10045
Security Bulletin: IBM MQ for HP NonStop Server is affected by multiple OpenSSL vulnerabilities (CVE-2019-1547,CVE-2019-1549, CVE-2019-1563)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-server-is-affected-by-multiple-openssl-vulnerabilities-cve-2019-1547cve-2019-1549-cve-2019-1563/
Security Bulletin: IBM MQ Appliance affected by NSS and libgcrypt vulnerabilities (CVE-2018-12404 and CVE-2018-0495)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-affected-by-nss-and-libgcrypt-vulnerabilities-cve-2018-12404-and-cve-2018-0495/
Security Bulletin: IBM MQ Appliance is affected by an MIT Kerberos 5 vulnerability (CVE-2017-11462)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-mit-kerberos-5-vulnerability-cve-2017-11462/
Security Bulletin: IBM MQ Appliance is affected by an unauthorised access vulnerability (CVE-2019-4621)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-unauthorised-access-vulnerability-cve-2019-4621/
Security Bulletin: IBM MQ Appliance could allow a local attacker to bypass security restrictions (CVE-2019-4620)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-allow-a-local-attacker-to-bypass-security-restrictions-cve-2019-4620/
Security Bulletin: IBM MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2019-1552
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-server-is-affected-by-openssl-vulnerability-cve-2019-1552/
Security Bulletin: CVE-2019-2989 vulnerabilitiy in IBM Java Runtime affects IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-2989-vulnerabilitiy-in-ibm-java-runtime-affects-ibm-process-designer-used-in-ibm-business-automation-workflow-and-ibm-business-process-manager/