End-of-Day report
Timeframe: Mittwoch 04-03-2020 18:00 - Donnerstag 05-03-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
News
In eigener Sache: CERT.at sucht Verstärkung (Software Entwickler für Open-Source Projekt, Teil-/Vollzeit)
Für unser international renommiertes Open-Source Projekt IntelMQ suchen wir eine/n Software Entwickler/in (Teil- oder Vollzeit 25-38,5 Stunden) zum ehestmöglichen Einstieg. Dienstort ist Wien. Details finden sich wie immer auf unserer Jobs-Seite.
https://cert.at/de/blog/2020/3/in-eigener-sache-certat-sucht-verstarkung-software-entwickler-fur-open-source-projekt-teil-vollzeit
Jackpotting malware
Introduction Jackpotting malware is not well known because it exclusively targets automated teller machines (ATMs). ... In this article, we will examine two of the most widely known types of jackpotting malware, Ploutus and Cutlet Maker. We will also look at the operation of jackpotting malware and provide recommendations on how banks can protect against it.
https://resources.infosecinstitute.com/jackpotting-malware/
Mokes and Buerak distributed under the guise of security certificates
We recently discovered a new approach to the well-known distributing malware technique: visitors to infected sites were informed that some kind of security certificate had expired.
https://securelist.com/mokes-and-buerak-distributed-under-the-guise-of-security-certificates/96324/
Guildma - innovativer Bankentrojaner aus Lateinamerika
Ein in Brasilien weitverbreiteter Bankentrojaner treibt sein Unwesen. Wir haben die Guildma-Malware analysiert und sind dabei auf einige interessante Fakten gestoßen.
https://www.welivesecurity.com/deutsch/2020/03/05/guildma-bankentrojaner-lateinamerika/
Malicious Chrome extension caught stealing Ledger wallet recovery seeds
A Chrome extension named Ledger Live was exposed today as malicious. It is currently heavily promoted via Google search ads.
https://www.zdnet.com/article/malicious-chrome-extension-caught-stealing-ledger-wallet-recovery-seeds/
Vulnerabilities
VU#782301: pppd vulnerable to buffer overflow due to a flaw in EAP packet processing
Due to a flaw in the Extensible Authentication Protocol (EAP) packet processing in the Point-to-Point Protocol Daemon (pppd), an unauthenticated remote attacker may be able to cause a stack buffer overflow, which may allow arbitrary code execution on the target system.
https://kb.cert.org/vuls/id/782301
SVG Formatter - Critical - Cross site scripting - SA-CONTRIB-2020-005
Project: SVG Formatter
Security risk: Critical
This security release fixes third-party dependencies included in or required by SVG Formatter. XSS bypass using entities and tab.This vulnerability is mitigated by the fact that an attacker must be able to upload SVG files.
https://www.drupal.org/sa-contrib-2020-005
Cisco Email Security Appliance Uncontrolled Resource Exhaustion Vulnerability
A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated remote attacker to exhaust resources on an affected device. The vulnerability is due to insufficient control over system memory allocation. An attacker could exploit this vulnerability by sending a crafted email through the targeted device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-resource-exhaust-D7RQAhnD
Sicherheitslücken: Angreifer könnten WLAN-Router von Netgear übernehmen
Wer einen WLAN-Router von Netgear besitzt, sollte das Gerät zügig aktualisieren. Eine Sicherheitslücke gilt als kritisch.
https://heise.de/-4676824
Security updates for Thursday
Security updates have been issued by CentOS (http-parser and xerces-c), Debian (tomcat7), Fedora (opensmtpd), openSUSE (openfortivpn and permissions), Red Hat (http-parser, openstack-octavia, python-waitress, and sudo), Slackware (ppp), and SUSE (kernel).
https://lwn.net/Articles/813888/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator-3/
Security Bulletin: API Connect is impacted by multiple vulnerabilities in Oracle MySQL.
https://www.ibm.com/blogs/psirt/security-bulletin-api-connect-is-impacted-by-multiple-vulnerabilities-in-oracle-mysql/
Security Bulletin: Information disclosure vulnerability in WebSphere Application Server affects IBM Watson Text to Speech and Speech to Text (IBM Watson- Speech Services 1.1)
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-affects-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-1-1/
Security Bulletin: WAS Liberty vunerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson- Speech Services 1.1)
https://www.ibm.com/blogs/psirt/security-bulletin-was-liberty-vunerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-1-1-2/
Security Bulletin: API Connect's Developer Portal is impacted by vulnerabilities in PHP
https://www.ibm.com/blogs/psirt/security-bulletin-api-connects-developer-portal-is-impacted-by-vulnerabilities-in-php/
Security Bulletin: WAS Liberty vunerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson- Speech Services 1.1)
https://www.ibm.com/blogs/psirt/security-bulletin-was-liberty-vunerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-1-1/