End-of-Day report
Timeframe: Montag 23-03-2020 18:00 - Dienstag 24-03-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Hackers Hijack Routers- DNS to Spread Malicious COVID-19 Apps
A new cyber attack is hijacking routers DNS settings so that web browsers display alerts for a fake COVID-19 information app from the World Health Organization that is the Vidar information-stealing malware.
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
Unknown Hackers Use New Milum RAT in WildPressure Campaign
A new piece of malware that shows no similarities with samples used in known campaigns is currently used to attack computers in various organizations. Researchers named the threat Milum and dubbed the operation WildPressure.
https://www.bleepingcomputer.com/news/security/unknown-hackers-use-new-milum-rat-in-wildpressure-campaign/
Tekya Malware Threatens Millions of Android Users via Google Play
The ad-fraud malware lurks in dozens of childrens and utilities apps.
https://threatpost.com/tekya-malware-android-google-play/154064/
Memcached has a crash-me bug, but hey, only about 83,000 public-facing servers appear to be running it
Yes, you may have detected some sarcasm An annoying security flaw been disclosed and promptly fixed in the fairly popular memcached distributed data-caching software.
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/24/memcached_denial_of_service/
Betrügerische Raiffeisen-E-Mails im Umlauf
Aktuell erhalten Raiffeisen-KundInnen eine Benachrichtigung, dass die smsTAN deaktiviert wird und ELBA-NutzerInnen z. B. auf pushTAN umsteigen können. Für weitere Informationen zur Umstellung werden sie aufgefordert, sich ins Online Banking einzuloggen. Seien Sie bei E-Mails der Raiffeisen Bank zum Thema smsTAN und pushTAN besonders vorsichtig und kontrollieren Sie sorgfältig, ob die Aufforderung tatsächlich von der Raiffeisen Bank stammt. Es sind auch betrügerische [...]
https://www.watchlist-internet.at/news/betruegerische-raiffeisen-e-mails-im-umlauf/
Vulnerabilities
Notfallpatch für Adobe Creative Cloud Application
Eine kritische Sicherheitslücke in Creative Cloud Application von Adobe macht Windows-Computer angreifbar.
https://heise.de/-4689478
Security updates for Tuesday
Security updates have been issued by Debian (tomcat8), Fedora (chromium and okular), openSUSE (texlive-filesystem), Oracle (tomcat6), Scientific Linux (libvncserver, thunderbird, and tomcat6), Slackware (gd), SUSE (cloud-init, postgresql10, python36, and strongswan), and Ubuntu (ibus and vim).
https://lwn.net/Articles/815882/
Kritische Sicherheitslücke in Microsoft Windows (Adobe Type Manager Library) - Workarounds verfügbar
Microsoft hat außerhalb des monatlichen Patch-Zyklus ein Security Advisory für eine kritische Sicherheitslücke in der Adobe Type Manager Library veröffentlicht. Laut Microsoft und CERT/CC wird die Schwachstelle bereits aktiv ausgenutzt, [...]
https://cert.at/de/warnungen/2020/3/kritische-sicherheitslucke-in-microsoft-windows-adobe-type-manager-library-workarounds-verfugbar
systemd-journald vulnerability CVE-2019-3815
https://support.f5.com/csp/article/K22040951
Apache vulnerability CVE-2020-8840
https://support.f5.com/csp/article/K15320518
Paessler PRTG: Schwachstelle ermöglicht nicht spezifizierten Angriff
http://www.cert-bund.de/advisoryshort/CB-K20-0256
Kubernetes: Mehrere Schwachstellen ermöglichen Denial of Service
http://www.cert-bund.de/advisoryshort/CB-K20-0253
Security Bulletin: IBM Tivoli Netcool Impact is affected by an Arbitrary Script Injection vulnerability (CVE-2019-4681)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-arbitrary-script-injection-vulnerability-cve-2019-4681/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-netcool-impact-2/
Security Bulletin: IBM Content Navigator is vulnerable to a session management vulnerability.
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-vulnerable-to-a-session-management-vulnerability/
Security Bulletin: IBM Content Navigator includes the host IP address in an HTTP response.
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-includes-the-host-ip-address-in-an-http-response/
Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Netcool Impact (CVE-2019-2989)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-tivoli-netcool-impact-cve-2019-2989/
Security Bulletin: IBM API Connect is impacted by weak cryptographic algorithms (CVE-2019-4553)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-weak-cryptographic-algorithms-cve-2019-4553/
Security Bulletin: IBM API Connect is potentially impacted by vulnerabilities in MySQL
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-potentially-impacted-by-vulnerabilities-in-mysql/
Security Bulletin: IBM API Connect's Developer Portal is impacted by a denial of service vulnerability in MySQL (CVE-2019-2805)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-developer-portal-is-impacted-by-a-denial-of-service-vulnerability-in-mysql-cve-2019-2805/
Security Bulletin: IBM API Connect is impacted by an unspecified vulnerability in Java(CVE-2019-2989)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-an-unspecified-vulnerability-in-javacve-2019-2989/
Security Bulletin: A security vulnerability has been disclosed in Expat, which is installed as part of IBM Tivoli Network Manager (CVE-2019-15903).
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-disclosed-in-expat-which-is-installed-as-part-of-ibm-tivoli-network-manager-cve-2019-15903/