End-of-Day report
Timeframe: Mittwoch 01-04-2020 18:00 - Donnerstag 02-04-2020 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
Office 365 Phishing Uses CSS Tricks to Bypass Email Gateways
A phishing campaign using Office 365 voicemail lures to trick them into visiting landing pages designed to steal their personal information or infect their computers with malware.
https://www.bleepingcomputer.com/news/security/office-365-phishing-uses-css-tricks-to-bypass-email-gateways/
Pekraut - German RAT starts gnawing
Feature-rich remote access malware Pekraut emerges. The rodent seems to be of German origin and is ready to be released. We analyzed the malware in-depth.
https://www.gdatasoftware.com/blog/2020/04/35849-pekraut-german-rat-starts-gnawing
Cyber-Kriminelle nutzen Corona-Krise vermehrt aus
Das Bundesamt für Sicherheit in der Informationstechnik (BSI) beobachtet aktuell eine Zunahme von Cyber-Angriffen mit Bezug zum Corona-Virus auf Unternehmen und Bürger.
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2020/Cyber-Kriminell_02042020.html
Vulnerabilities
Apache HTTP Server 2.4 vulnerabilities, Fixed in Apache httpd 2.4.42
low: mod_proxy_ftp use of uninitialized value (CVE-2020-1934): mod_proxy_ftp use of uninitialized value with maliciosu FTP backend. low: mod_rewrite CWE-601 open redirect (CVE-2020-1927): Some mod_rewrite configurations vulnerable to open redirect.
https://httpd.apache.org/security/vulnerabilities_24.html
Security updates for Thursday
Security updates have been issued by Arch Linux (chromium, kernel, linux-hardened, linux-lts, and pam-krb5), Debian (haproxy, libplist, and python-bleach), Fedora (tomcat), Gentoo (ghostscript-gpl, haproxy, ledger, qtwebengine, and virtualbox), Red Hat (haproxy, nodejs:12, qemu-kvm-rhev, and rh-haproxy18-haproxy), SUSE (memcached and qemu), and Ubuntu (apport).
https://lwn.net/Articles/816633/
2020-04-02: Vulnerabilities in Telephone Gateway TG/S 3.2
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921&LanguageCode=en&DocumentPartId=&Action=Launch
2020-04-02: SECURITY System 800xA Information Manager - Remote Code Execution
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232&LanguageCode=en&DocumentPartId=&Action=Launch
2020-04-02: SECURITY System 800xA Weak Registry Permissions
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121221&LanguageCode=en&DocumentPartId=&Action=Launch
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.5.0 ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF10 + ICAM 3.0 - 4.0
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-68-5-0-esr-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if10-icam-3-0-4-0/
Security Bulletin: CVE-2019-2989 vulnerabilitiy in IBM Java Runtime affects IBM Integration Designer used in IBM Business Automation Workflow and IBM Business Process Manager
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-2989-vulnerabilitiy-in-ibm-java-runtime-affects-ibm-integration-designer-used-in-ibm-business-automation-workflow-and-ibm-business-process-manager/
Security Bulletin: CVE-2019-4732 vulnerabilitiy in IBM Java Runtime affects IBM Integration Designer used in IBM Business Automation Workflow and IBM Business Process Manager
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4732-vulnerabilitiy-in-ibm-java-runtime-affects-ibm-integration-designer-used-in-ibm-business-automation-workflow-and-ibm-business-process-manager/
Security Bulletin: IBM Process Federation Server REST API is subject to DoS attacks
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-process-federation-server-rest-api-is-subject-to-dos-attacks/