End-of-Day report
Timeframe: Donnerstag 27-02-2020 18:00 - Freitag 28-02-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Nemty Ransomware Actively Distributed via Love Letter Spam
Security researchers have spotted an ongoing malspam campaign using emails disguised as messages from secret lovers to deliver Nemty Ransomware payloads on the computers of potential victims.
https://www.bleepingcomputer.com/news/security/nemty-ransomware-actively-distributed-via-love-letter-spam/
Site Takeover Campaign Exploits Multiple Zero-Day Vulnerabilities
Early yesterday, the Flexible Checkout Fields for WooCommerce plugin received a critical update to patch a zero-day vulnerability which allowed attackers to modify the plugin-s settings. As our Threat Intelligence team researched the scope of this attack campaign, we discovered three additional zero-day vulnerabilities in popular WordPress plugins that are being exploited as a part of this [...]
https://www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-multiple-zero-day-vulnerabilities/
Ghostcat bug impacts all Apache Tomcat versions released in the last 13 years
Ghostcat vulnerability can allow hackers to read configuration files or plant backdoors on Tomcat servers.
https://www.zdnet.com/article/ghostcat-bug-impacts-all-apache-tomcat-versions-released-in-the-last-13-years/
Vulnerabilities
Security updates for Friday
Security updates have been issued by CentOS (java-1.7.0-openjdk and ppp), Debian (libimobiledevice, libusbmuxd, and pure-ftpd), Fedora (caddy, firejail, golang-github-gorilla-websocket, golang-vitess, hugo, mingw-libpng, php, and proftpd), openSUSE (chromium, enigmail, ipmitool, libsolv, libzypp, zypper, weechat, and yast2-rmt), Oracle (java-1.7.0-openjdk and ppp), Red Hat (java-1.7.0-openjdk and ppp), Scientific Linux (java-1.7.0-openjdk and ppp), and SUSE (java-1_8_0-ibm, kernel, mariadb, [...]
https://lwn.net/Articles/813543/
HPESBST03980 rev.1 - HPE StoreFabric C-series Switches with Cisco Prime Data Center Network Manager (DCNM), Remote Authentication Bypass
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03980en_us
wpdefault - Backdoor Plugin
https://wpvulndb.com/vulnerabilities/10096
Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-2989, CVE-2020-2593 and CVE-2019-4732 )
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-sdk-affect-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-2989-cve-2020-2593-and-cve-2019-4732/
Security Bulletin: Apache Log4j vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-17571)
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-17571/
Security Bulletin: Man in the middle vulnerability CVE-2014-3603 affects Websphere Liberty and OpenLiberty used by MobileFirst Platform Foundation
https://www.ibm.com/blogs/psirt/security-bulletin-man-in-the-middle-vulnerability-cve-2014-3603-affects-websphere-liberty-and-openliberty-used-by-mobilefirst-platform-foundation/
Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center)
https://www.ibm.com/blogs/psirt/security-bulletin-node-js-vulnerabilities-affect-ibm-spectrum-control-formerly-tivoli-storage-productivity-center/
Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in TCP (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management-module-ii-imm2-is-affected-by-vulnerabilities-in-tcp-cve-2019-11477-cve-2019-11478-cve-2019-11479/
Security Bulletin: WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4663 and CVE-2019-4720)
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-vulnerabilities-affect-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-4663-and-cve-2019-4720/
Security Bulletin: Node.js handlebars vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center)
https://www.ibm.com/blogs/psirt/security-bulletin-node-js-handlebars-vulnerabilities-affect-ibm-spectrum-control-formerly-tivoli-storage-productivity-center/
Security Bulletin: MobileFirst Platform Foundation is affected by WebSphere Application Server Liberty is affected by Apache Commons Compress vulnerability (CVE-2019-12402)
https://www.ibm.com/blogs/psirt/security-bulletin-mobilefirst-platform-foundation-is-affected-by-websphere-application-server-liberty-is-affected-by-apache-commons-compress-vulnerability-cve-2019-12402/
Security Bulletin: Information disclosure vulnerability in WebSphere Application Server which is shipped with Jazz for Service Management (CVE-2019-4477)
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-which-is-shipped-with-jazz-for-service-management-cve-2019-4477/
Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-siteprotector-system-is-affected-by-apache-http-server-vulnerabilities-2/