End-of-Day report
Timeframe: Mittwoch 25-03-2020 18:00 - Donnerstag 26-03-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
News
Angespannter Arbeitsmarkt sorgt für betrügerische Job-Angebote
Aufgrund der durch das Coronavirus bedingten Arbeitsmarktsituation, suchen viele InternetuserInnen momentan online nach Jobs oder einer zusätzlichen Verdienstmöglichkeit. Dies nützen Kriminelle gezielt aus, indem Sie betrügerische Job-Angebote im Internet inserieren. Die Fake-Berufe können zu Geldwäsche führen, Pyramidensysteme sein oder zu gefährlichen Investments verleiten.
https://www.watchlist-internet.at/news/angespannter-arbeitsmarkt-sorgt-fuer-betruegerische-job-angebote/
WordPress Malware Distributed via Pirated Coronavirus Plugins
The threat actors behind the WordPress WP-VCD malware have started to distribute modified versions of Coronavirus plugins that inject a backdoor into a web site.
https://www.bleepingcomputer.com/news/security/wordpress-malware-distributed-via-pirated-coronavirus-plugins/
Malware spotlight: Nemty
If the last five years or so have proven anything, it is that ransomware is here to stay as a threat in the cybersecurity wild. This should not be used as rationale to simply ignore the deluge of new types of malware that are discovered weekly, as the recently discovered malware family Nemty has [...]
https://resources.infosecinstitute.com/malware-spotlight-nemty/
As Zoom Booms Incidents of -ZoomBombing- Become a Growing Nuisance
Numerous instances of online conferences being disrupted by pornographic images, hate speech or even threats can be mitigated using some platform tools.
https://threatpost.com/as-zoom-booms-incidents-of-zoombombing-become-a-growing-nuisance/154187/
Alternative ways for security professionals and IT to achieve modern security controls in today-s unique remote work scenarios
Increased remote work has many organizations rethinking network and security strategies. In this post we share guidance on how to manage security in this changing environment.
https://www.microsoft.com/security/blog/2020/03/26/alternative-security-professionals-it-achieve-modern-security-controls-todays-unique-remote-work-scenarios/
Assemble the Cookies
When we investigate compromised websites, it-s not unusual to find malicious files that have been obfuscated through forms of encoding or encryption - however, these are not the only methods that attackers use to obfuscate code. Obfuscation via Predefined PHP Variables Here-s an example of obfuscation that doesn-t use encoding or encryption in any way: [...]
https://blog.sucuri.net/2020/03/assemble-the-cookies.html
Apple iOS users served mobile malware in Poisoned News campaign
As we all devour online news sources in the current climate, cyberattackers are waiting to spring.
https://www.zdnet.com/article/apple-ios-users-served-mobile-malware-in-operation-poisoned-news-campaign/
4G networks vulnerable to denial of service attacks, subscriber tracking
Don-t think you-re protected on upcoming 5G networks, either.
https://www.zdnet.com/article/100-of-4g-networks-vulnerable-to-denial-of-service-attacks-researchers-claim/
Vulnerabilities
Security updates for Thursday
Security updates have been issued by CentOS (firefox, icu, kernel-rt, libvncserver, python-imaging, python-pip, python-virtualenv, thunderbird, tomcat, tomcat6, and zsh), Debian (icu and okular), Fedora (libxslt and php), Gentoo (bluez, chromium, pure-ftpd, samba, tor, weechat, xen, and zsh), Oracle (libvncserver), Red Hat (ipmitool and zsh), and SUSE (python-cffi, python-cryptography and python-cffi, python-cryptography, python-xattr).
https://lwn.net/Articles/816039/
Svg Image - Critical - Cross site scripting - SA-CONTRIB-2020-008
https://www.drupal.org/sa-contrib-2020-008
Security Advisory - Use-after-free Vulnerability in Some Huawei Smart Phone
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200325-01-smartphone-en
Vulnerabilities Patched in IMPress for IDX Broker
https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-impress-for-idx-broker/
Red Hat OpenShift: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-0264
Security Bulletin: Security: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for ACH Services (CVE-2019-4732)
https://www.ibm.com/blogs/psirt/security-bulletin-security-a-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-ach-services-cve-2019-4732/
Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM)(CVE-2019-12418, CVE-2019-17563)
https://www.ibm.com/blogs/psirt/security-bulletin-open-source-apache-tomcat-vulnerabilities-affect-ibm-tivoli-application-dependency-discovery-manager-taddmcve-2019-12418-cve-2019-17563/
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2019-4304)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-websphere-application-server-liberty-shipped-with-ibm-tivoli-netcool-impact-cve-2019-4304/
Security Bulletin: Vulnerability in IBM Java Runtime affects Rational Business Developer
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-rational-business-developer/
Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4276)
https://www.ibm.com/blogs/psirt/security-bulletin-privilege-escalation-vulnerability-in-websphere-application-server-cve-2020-4276/