End-of-Day report
Timeframe: Donnerstag 05-03-2020 18:00 - Freitag 06-03-2020 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
News
PwndLocker Ransomware Gets Pwned: Decryption Now Available
Emsisoft has discovered a way to decrypt files encrypted by the new PwndLocker Ransomware so that victims can recover their files without paying a ransom.
https://www.bleepingcomputer.com/news/security/pwndlocker-ransomware-gets-pwned-decryption-now-available/
Emotet Actively Using Upgraded WiFi Spreader to Infect Victims
Emotets authors ******-have upgraded the malwares Wi-Fi spreader by making it a fully-fledged module and adding new functionality as shown by multiple samples that were recently delivered to infected devices.
https://www.bleepingcomputer.com/news/security/emotet-actively-using-upgraded-wifi-spreader-to-infect-victims/
Security: Das Intel-ME-Chaos kommt
Bis zum Chaos sei es nur eine Frage der Zeit, schreiben die ME-Hacker. Intel versucht, das zu verschweigen, und kann das Security-Theater eigentlich auch gleich sein lassen.
https://www.golem.de/news/security-das-intel-me-chaos-kommt-2003-147099-rss.html
Lets Encrypt: OK, maybe nuking three million HTTPS certs at once was a tad ambitious. Lets take time out
Lets Encrypt has halted its plans to cancel all three million flawed web security certificates - after fearing the super-revocation may effectively break a chunk of the internet for netizens.
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/05/lets_encrypt_halts/
NCSC Releases Advisory on Securing Internet-Connected Cameras
The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an advisory on securing internet-connected cameras such as smart security cameras and baby monitors. An attacker could gain access to unsecured, or poorly secured, internet-connected cameras to obtain live feeds or images.The following steps can help consumers secure their devices.
https://www.us-cert.gov/ncas/current-activity/2020/03/05/ncsc-releases-advisory-securing-internet-connected-cameras
A Safe Excel Sheet Not So Safe
I discovered a nice sample yesterday. This excel sheet was found in a mail flagged as -suspicious- by a security appliance. The recipient asked to release the mail from the quarantine because -it was sent from a known contact-. Before releasing such a mail from the quarantine, the process in place is to have a quick look at the file to ensure that it is safe to be released.
https://isc.sans.edu/forums/diary/A+Safe+Excel+Sheet+Not+So+Safe/25868/
Vulnerabilities
WAGO I/O-CHECK
This advisory contains mitigations for information exposure through sent data, buffer access with incorrect length value, missing authentication for critical function, and classic buffer overflow vulnerabilities in the WAGO I/O CHECK software.
https://www.us-cert.gov/ics/advisories/icsa-20-065-01
Critical Zoho Zero-Day Flaw Disclosed
A Zoho zero day vulnerability and proof of concept (PoC) exploit code was disclosed on Twitter.
https://threatpost.com/critical-zoho-zero-day-flaw-disclosed/153484/
Security updates for Friday
Security updates have been issued by Arch Linux (chromium, opensc, opensmtpd, and weechat), Debian (jackson-databind and pdfresurrect), Fedora (sudo), openSUSE (openfortivpn and squid), Red Hat (virt:8.1 and virt-devel:8.1), Scientific Linux (http-parser and xerces-c), and SUSE (gd, kernel, postgresql10, and tomcat).
https://lwn.net/Articles/814035/
Synology-SA-20:02 ppp
A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of DiskStation Manager (DSM) or Synology Router Manager (SRM).
https://www.synology.com/en-global/support/security/Synology_SA_20_02
Security Bulletin: Rational Integration Tester HTTP/TCP Proxy component in Rational Test Virtualization Server and Rational Test Workbench affected by Netty vulnerabilities (CVE-2020-7238, CVE-2019-16869, CVE-2019-20445, CVE-2019-20444)
https://www.ibm.com/blogs/psirt/security-bulletin-rational-integration-tester-http-tcp-proxy-component-in-rational-test-virtualization-server-and-rational-test-workbench-affected-by-netty-vulnerabilities-cve-2020-7238-cve-2019-16/
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2019 - Includes Oracle Oct 2019 CPU minus CVE-2019-2949
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2019-includes-oracle-oct-2019-cpu-minus-cve-2019-2949-2/
Security Bulletin: Vulnerability in Curl used in OS image for RedHat Enterprise Linux for Cloud Pak System (CVE-2018-16842)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-curl-used-in-os-image-for-redhat-enterprise-linux-for-cloud-pak-system-cve-2018-16842/
Multiple Vulnerabilities Patched in RegistrationMagic Plugin
https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin/