End-of-Day report
Timeframe: Freitag 27-03-2020 18:00 - Montag 30-03-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
News
Sicherheitsupdates: BIG-IP Appliances von F5 angreifbar
Die Entwickler von F5 haben mehrere Sicherheitslücken in verschiedenen Produkten geschlossen.
https://heise.de/-4693455
A mysterious hacker group is eavesdropping on corporate email and FTP traffic
Hacker group uses zero-day in DrayTek Vigor enterprise routers and VPN gateways to record network traffic.
https://www.zdnet.com/article/a-mysterious-hacker-group-is-eavesdropping-on-corporate-ftp-and-email-traffic/
Source code of Dharma ransomware pops up for sale on hacking forums
The source code of one of todays most profitable and advanced ransomware strains is up for sale on two Russian-language hacking forums.
https://www.zdnet.com/article/source-code-of-dharma-ransomware-pops-up-for-sale-on-hacking-forums/
Vulnerabilities
Security updates for Monday
Security updates have been issued by Debian (php-horde-form and tika), Fedora (dcraw and libmodsecurity), Gentoo (libidn2 and screen), openSUSE (cloud-init, cni, cni-plugins, conmon, fuse-overlayfs, podman, opera, phpMyAdmin, python-mysql-connector-python, ruby2.5, strongswan, and tor), Oracle (ipmitool), Scientific Linux (ipmitool), SUSE (spamassassin and tomcat), and Ubuntu (twisted and webkit2gtk).
https://lwn.net/Articles/816267/
Synology-SA-20:04 Drupal
A vulnerability allows remote attackers to inject arbitrary web script or HTML via a susceptible version of Drupal.
https://www.synology.com/en-global/support/security/Synology_SA_20_04_Drupal
D-LINK Router: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-0272