End-of-Day report
Timeframe: Donnerstag 19-03-2020 18:00 - Freitag 20-03-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
WHO Chief Impersonated in Phishing to Deliver HawkEye Malware
An ongoing phishing campaign delivering emails posing as official messages from the Director-General of the World Health Organization (WHO) is actively spreading HawkEye malware payloads onto the devices of unsuspecting victims.
https://www.bleepingcomputer.com/news/security/who-chief-impersonated-in-phishing-to-deliver-hawkeye-malware/
Firefox Reenables Insecure TLS to Improve Access to COVID19 Info
Mozilla says that the support for the insecure TLS 1.0 and TLS 1.1 will be reenabled in the latest version of Firefox to maintain access to government sites with COVID19 information that havent yet upgraded to TLS 1.2 or TLS 1.3.
https://www.bleepingcomputer.com/news/security/firefox-reenables-insecure-tls-to-improve-access-to-covid19-info/
PrivEsc in Lenovo Vantage. Two minutes later
TL;DR The latest and greatest Lenovo Vantage software which ships with the most recent Lenovo devices is affected by a privilege escalation vulnerability.
https://www.pentestpartners.com/security-blog/privesc-in-lenovo-vantage-two-minutes-later/
New Mirai Variant Targets Zyxel Network-Attached Storage Devices
Unit 42 researchers discovered a new Mirai variant, dubbed Mukashi, exploiting CVE-2020-9054 to infect vulnerable versions of Zyxel network-attached storage (NAS) devices.
https://unit42.paloaltonetworks.com/new-mirai-variant-mukashi/
Security flaws found in popular password managers
Not all they-re cracked up to be? Several password vaults have been found to contain vulnerabilities, both new and previously disclosed but never patched, a study says
https://www.welivesecurity.com/2020/03/19/security-flaws-found-in-popular-password-managers/
Vulnerabilities
Security updates for Friday
Security updates have been issued by Arch Linux (bluez and chromium), Debian (icu, rails, thunderbird, and twisted), Fedora (chromium and webkit2gtk3), Gentoo (bsdiff, cacti, clamav, fribidi, libgit2, pecl-imagick, phpmyadmin, pyyaml, and tomcat), openSUSE (wireshark), Oracle (firefox, icu, python-imaging, thunderbird, and zsh), Scientific Linux (thunderbird), SUSE (firefox, nghttp2, thunderbird, and tomcat), and Ubuntu (twisted).
https://lwn.net/Articles/815591/
Ruby on Rails: Schwachstelle ermöglicht Cross-Site Scripting
http://www.cert-bund.de/advisoryshort/CB-K20-0246
Symantec Veritas NetBackup: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes
http://www.cert-bund.de/advisoryshort/CB-K20-0244
Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4304)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2019-4304/
Security Bulletin: IBM Cloud Transformation Advisor is affected by vulnerabilities in WebSphere Application Server Liberty (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/
Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4663)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2019-4663/
Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4441)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2019-4441/
Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server (CVE-2019-17573)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-cxf-affects-websphere-application-server-cve-2019-17573/
Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-node-js-vulnerabilities-2/
Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2014-3603)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2014-3603/
Security Bulletin: Information Disclosure in Cognos Business Intelligence (Cognos BI) shipped with Tivoli Common Reporting (CVE-2019-1547, CVE-2019-1549, CVE-2019-1563)
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-cognos-business-intelligence-cognos-bi-shipped-with-tivoli-common-reporting-cve-2019-1547-cve-2019-1549-cve-2019-1563/
Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4720)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2019-4720/
Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affecting-tivoli-netcool-omnibus-multiple-cves/