End-of-Day report
Timeframe: Freitag 07-02-2020 18:00 - Montag 10-02-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
KBOT: sometimes they come back
We recently discovered malware that spread through injecting malicious code into Windows executable files; in other words, a virus. It is the first -living- virus in recent years that we have spotted in the wild. We named it KBOT.
https://securelist.com/kbot-sometimes-they-come-back/96157/
Emotet: Erster Hase-Igel-Loop für EmoCheck
Eine neue Emotet-Version machte ein erstes Update des Erkennungs-Tools EmoCheck fällig.
https://heise.de/-4656609
Dangerous Domain Corp.com Goes Up for Sale
As an early domain name investor, Mike OConnor had by 1994 snatched up several choice online destinations, including bar.com, cafes.com, grill.com, place.com, pub.com and television.com. Some he sold over the years, but for the past 26 years OConnor refused to auction perhaps the most sensitive domain in his stable -- corp.com.
https://krebsonsecurity.com/2020/02/dangerous-domain-corp-com-goes-up-for-sale/
Betrügerisches Raiffeisen SMS im Umlauf
Zahlreiche HandynutzerInnen empfangen aktuell angeblich eine SMS von der Raiffeisenbank. Die Funktion pushTAN sei nicht aktiviert. Um das Problem zu beheben, werden Sie aufgefordert, einem Link zu folgen. Klicken Sie nicht auf den Link, Sie gelangen auf eine gefälschte Raiffeisen-Login-Seite. Kriminelle stehlen Ihre Zugangsdaten und Ihre Telefonnummer.
https://www.watchlist-internet.at/news/betruegerisches-raiffeisen-sms-im-umlauf/
Vulnerabilities
Tutor LMS < 1.5.3 - Cross-Site Request Forgery (CSRF)
Tutor LMS WordPress plugin is vulnerable to Cross-Site Request Forgery (CSRF) attacks.
https://wpvulndb.com/vulnerabilities/10058
Geschlossene Lücke: Dell SupportAssist Client könnte Schadcode laden
Es gibt wichtige Sicherheitsupdates für Dell SupportAssist for business PCs und Dell SupportAssist for home PCs.
https://heise.de/-4656474
Sicherheitsupdate: Wiki-Software Confluence unter Windows angreifbar
Angreifer könnten die Windows-Version von Confluence attackieren und sich gegebenenfalls höhere Nutzerrechte verschaffen.
https://heise.de/-4656770
Security updates for Monday
Security updates have been issued by Debian (ipmitool, libexif, and ppp), Fedora (glib2, java-1.8.0-openjdk, java-11-openjdk, libasr, libuv, mingw-gdk-pixbuf, mingw-SDL2, nethack, nghttp2, nodejs, nodejs-mixin-deep, nodejs-set-value, nodejs-yarn, opensmtpd, python-feedgen, runc, samba, sox, and texlive-base), Mageia (chromium-browser-stable, mgetty, openslp, qtbase5, spamassassin, sudo, and xmlrpc), openSUSE (ceph and chromium), Oracle (grub2 and kernel), SUSE (docker-runc, LibreOffice, docker-runc, wicked), Ubuntu (libxml2, qtbase-opensource-src)
https://lwn.net/Articles/812118/
Security Advisory - Information Leak Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200207-01-te-en
Security Bulletin: Aspera Web Shares application is affected by NGINX Vulnerabilities (CVE-2018-16845, CVE-2018-16843, CVE-2019-7401)
https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-shares-application-is-affected-by-nginx-vulnerabilities-cve-2018-16845-cve-2018-16843-cve-2019-7401/
Security Bulletin: Aspera Web Applications (Faspex, Console, Shares) are affected by Apache Vulnerabilities (CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10098), )
https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-applications-faspex-console-shares-are-affected-by-apache-vulnerabilities-cve-2019-10081-cve-2019-10082-cve-2019-10092-cve-2019-10098/
Security Bulletin: Aspera Web Applications (Faspex, Console) are affected by Apache Vulnerabilities (CVE-2019-0196, CVE-2019-0197, CVE-2019-0215, CVE-2019-0217, CVE-2019-0220)
https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-applications-faspex-console-are-affected-by-apache-vulnerabilities-cve-2019-0196-cve-2019-0197-cve-2019-0215-cve-2019-0217-cve-2019-0220/
Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (February 2020v1)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-object-storage-systems-february-2020v1/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server January 2020 CPU that is bundled with IBM WebSphere Application Server Patterns
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-january-2020-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/
Security Bulletin: Aspera Web Application (Faspex, Console, Orchestrator, Shares) are affected by Apache vulnerabilities (CVE-2019-9517, CVE-2019-10097)
https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-application-faspex-console-orchestrator-shares-are-affected-by-apache-vulnerabilities-cve-2019-9517-cve-2019-10097/
Security Bulletin: Aspera Web Faspex application is affected by OpenSSL Vulnerability (CVE-2019-1552)
https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-faspex-application-is-affected-by-openssl-vulnerability-cve-2019-1552/
Security Bulletin: IBM Aspera WebApps (Shares, Faspex, Console, Orchestrator) and products are affected by OpenSSL Vulnerability (CVE-ID: CVE-2019-1543)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-webapps-shares-faspex-console-orchestrator-and-products-are-affected-by-openssl-vulnerability-cve-id-cve-2019-1543/
HPESBHF03978 rev.2 - HPE Superdome Flex Server, Multiple Remote Vulnerabilities
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03978en_us