End-of-Day report
Timeframe: Freitag 20-03-2020 18:00 - Montag 23-03-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
PwndLocker Fixes Crypto Bug, Rebrands as ProLock Ransomware
PwndLocker has rebranded as the ProLock Ransomware after fixing a crypto bug that allowed a free decryptor to be created.
https://www.bleepingcomputer.com/news/security/pwndlocker-fixes-crypto-bug-rebrands-as-prolock-ransomware/
Netwalker Ransomware Infecting Users via Coronavirus Phishing
As if people did not have enough to worry about, attackers are now targeting them with Coronavirus (COVID-19) phishing emails that install ransomware.
https://www.bleepingcomputer.com/news/security/netwalker-ransomware-infecting-users-via-coronavirus-phishing/
Latest Astaroth living-off-the-land attacks are even more invisible but not less observable
Astaroth is back sporting significant changes. The updated attack chain maintains Astaroth-s complex, multi-component nature and continues its pattern of detection evasion.
https://www.microsoft.com/security/blog/2020/03/23/latest-astaroth-living-off-the-land-attacks-are-even-more-invisible-but-not-less-observable/
Zero-Day Vulnerabilities in LILIN DVRs Exploited by Several Botnets
Cybercrime groups have been exploiting vulnerabilities in digital video recorders (DVRs) made by Taiwan-based surveillance solutions provider LILIN to increase the size of their botnets.
https://www.securityweek.com/zero-day-vulnerabilities-lilin-dvrs-exploited-several-botnets
Achtung bei Einkäufen auf mimty.de und evenlife.de
Unzählige InternetuserInnen melden die Online-Shops mimty.de und evenlife.de momentan an die Watchlist Internet. Die Webseiten sind exakt gleich aufgebaut und bieten Atemschutzmasken, Desinfektionssprays und ähnliches an. Die Shopiago GmbH, die hinter den Shops steckt, gibt einen Sitz in Deutschland an, der Versand erfolgt aber stark verzögert aus dem weit entfernten Ausland oder bleibt längerfristig aus. Die Watchlist Internet rät zur Vorsicht!
https://www.watchlist-internet.at/news/achtung-bei-einkaeufen-auf-mimtyde-und-evenlifede/
How to prevent your Zoom meetings being Zoom-bombed (gate-crashed) by trolls
The coronavirus outbreak has seen an unprecedented number of people working and learning from home, and one of the tools that is making that possible is Zoom. But if you dont take care, you could find your meetings being gate-crashed or Zoom-bombed, potentially causing havoc and mayhem.
https://www.zdnet.com/article/how-to-prevent-your-zoom-meetings-being-zoom-bombed-gate-crashed-by-trolls/
Vulnerabilities
Insulet Omnipod
This advisory contains mitigations for an improper access control vulnerability in Insulets Omnipod insulin management system.
https://www.us-cert.gov/ics/advisories/icsma-20-079-01
Systech NDS-5000 Terminal Server
This advisory contains mitigations for a cross-site scripting vulnerability in Systechs NDS-5000 network server.
https://www.us-cert.gov/ics/advisories/icsa-20-079-01
FIBARO System Home Center v5.021 Remote File Include XSS
The smart home solution is vulnerable to a remote Cross-Site Scripting triggered via a Remote File Inclusion issue by including arbitrary client-side dynamic scripts (JavaScript, VBScript) due to the undocumented proxy API and its url GET parameter. This allows hijacking the current session of the user or changing the look of the page by changing the HTML.
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5563.php
PMASA-2020-4
SQL injection relating to data displayAffected VersionsphpMyAdmin 4.9.x releases prior to 4.9.5 and the 5.0.x releases prior to 5.0.2 are affected. We believe the flaw was introduced with phpMyAdmin 3.4.CVE IDCVE-2020-10803
https://www.phpmyadmin.net/security/PMASA-2020-4/
PMASA-2020-3
SQL injection relating to searchingAffected VersionsphpMyAdmin 4.9.x releases prior to 4.9.5 and the 5.0.x releases prior to 5.0.2 are affected.CVE IDCVE-2020-10802
https://www.phpmyadmin.net/security/PMASA-2020-3/
PMASA-2020-2
SQL injection with processing usernameAffected VersionsphpMyAdmin 4.9.x releases prior to 4.9.5 and the 5.0.x releases prior to 5.0.2 are affected.CVE IDCVE-2020-10804
https://www.phpmyadmin.net/security/PMASA-2020-2/
Security updates for Monday
Security updates have been issued by Debian (amd64-microcode, chromium, graphicsmagick, jackson-databind, phpmyadmin, python-bleach, and tor), Gentoo (exim and nodejs), openSUSE (chromium and thunderbird), Oracle (tomcat), Red Hat (devtoolset-8-gcc, libvncserver, runc, samba, thunderbird, and tomcat6), and SUSE (ruby2.5).
https://lwn.net/Articles/815798/
Red Hat Enterprise Linux: Schwachstelle ermöglicht Codeausführung
http://www.cert-bund.de/advisoryshort/CB-K20-0250
Security Bulletin: Jan 2020 : Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway
https://www.ibm.com/blogs/psirt/security-bulletin-jan-2020-multiple-vulnerabilities-in-ibm-java-runtime-affect-cics-transaction-gateway/
Security Bulletin: IBM Jazz for Service Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI ( CVE-2019-4717)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-management-is-vulnerable-to-cross-site-scripting-this-vulnerability-allows-users-to-embed-arbitrary-javascript-code-in-the-web-ui-cve-2019-4717/
Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-sdk-java-technology-edition-affects-ibm-performance-management-products-4/
Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-sdk-java-technology-edition-affects-ibm-performance-management-products-3/
Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-sdk-java-technology-edition-affects-ibm-performance-management-products-2/
Security Bulletin: Multiple security vulnerabilities in Swagger UI affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-swagger-ui-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm/
Security Bulletin: IBM Jazz for Service Management is vulnerable to Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-management-is-vulnerable-to-open-redirection-vulnerabilities-arise-when-an-application-incorporates-user-controllable-data-into-the-target-of-a-redirection-in/
Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-affect-ibm-websphere-application-server-in-ibm-cloud-2/
Security Bulletin: Few vulnerabilities affecting IBM Cloud Object Storage Systems (March 2020v1)
https://www.ibm.com/blogs/psirt/security-bulletin-few-vulnerabilities-affecting-ibm-cloud-object-storage-systems-march-2020v1/
Security Bulletin: Vulnerabilities affecting IBM Cloud Object Storage Systems (March 2020v2)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affecting-ibm-cloud-object-storage-systems-march-2020v2/