End-of-Day report
Timeframe: Mittwoch 26-02-2020 18:00 - Donnerstag 27-02-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
News
Norton LifeLock Phishing Scam Installs Remote Access Trojan
Cybercriminals behind a recently observed phishing campaign used a clever ruse in the form of a bogus NortonLifelock document to fool victims into installing a remote access tool (RAT) that is typically used for legitimate purposes.
https://www.bleepingcomputer.com/news/security/norton-lifelock-phishing-scam-installs-remote-access-trojan/
RSAC 2020: Smart Baby Monitor Vulnerable to Remote Hackers
A popular baby monitor has been found riddled with vulnerabilities that give attackers full access to personal information and sensitive video footage.
https://threatpost.com/rsac-2020-another-smart-baby-monitor-vulnerable-to-remote-hackers/153272/
Android malware can steal Google Authenticator 2FA codes
A new version of the "Cerberus" Android banking trojan will be able to steal one-time codes generated by the Google Authenticator app and bypass 2FA-protected accounts.
https://www.zdnet.com/article/android-malware-can-steal-google-authenticator-2fa-codes/
Vulnerabilities
Security updates for Thursday
Security updates have been issued by CentOS (kernel, ksh, python-pillow, and thunderbird), Debian (opensmtpd, proftpd-dfsg, and rake), Fedora (NetworkManager-ssh), openSUSE (chromium), and SUSE (libexif, mariadb, ovmf, python3, and squid).
https://lwn.net/Articles/813431/
Wireshark: Mehrere Schwachstellen ermöglichen Denial of Service
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Wireshark ausnutzen, um einen Denial of Service Angriff durchzuführen.
http://www.cert-bund.de/advisoryshort/CB-K20-0177
Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure
Security Bulletin: SQL injection vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4479)
https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerability-in-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2019-4479/
Security Bulletin: IBM MQ certified container is vulnerable to multiple vulnerabilities within IBM MQ.(CVE-2019-4655, CVE-2019-4560, CVE-2019-4614, CVE-2019-4620)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-certified-container-is-vulnerable-to-multiple-vulnerabilities-within-ibm-mq-cve-2019-4655-cve-2019-4560-cve-2019-4614-cve-2019-4620/
Security Bulletin: Vulnerability in OpenSLP affects Power Hardware Management Console (CVE-2019-5544)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openslp-affects-power-hardware-management-console-cve-2019-5544/
Security Bulletin: IBM MQ certified container is vulnerable to a denial of service vulnerability in golang (CVE-2019-17596)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-certified-container-is-vulnerable-to-a-denial-of-service-vulnerability-in-golang-cve-2019-17596/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Oct 2019 CPU (CVE-2019-2964,CVE-2019-2978,CVE-2019-2983,CVE-2019-2989)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-application-manager-oct-2019-cpu-cve-2019-2964cve-2019-2978cve-2019-2983cve-2019-2989/
Security Bulletin: Bypass security restrictions in WAS Liberty
https://www.ibm.com/blogs/psirt/security-bulletin-bypass-security-restrictions-in-was-liberty/
Security Bulletin: Vulnerabilities have been identified in OpenSSL and the Kernel shipped with the DS8000 Hardware Management Console (HMC)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been-identified-in-openssl-and-the-kernel-shipped-with-the-ds8000-hardware-management-console-hmc/