End-of-Day report
Timeframe: Donnerstag 02-04-2020 18:00 - Freitag 03-04-2020 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
TFW you-get-really-excited-you-patch-diffed-a-0day-used-in-the-wild-but-then-find-out-it-is-the-wrong-vuln
I-m really interested in 0-days exploited in the wild and what we, the security community, can learn about them to make 0-day hard. I explained some of Project Zero-s ideas and goals around in-the-wild 0-days in a November blog post. On December-s Patch Tuesday, I was immediately intrigued by CVE-2019-1458, a Win32k Escalation of Privilege (EoP), said to be exploited in the wild and discovered by Anton Ivanov and Alexey Kulaev of [...]
https://googleprojectzero.blogspot.com/2020/04/tfw-you-get-really-excited-you-patch.html
Progress In 2020 Funding Challenge - Thanks To Fantastic Global Supporters, But More Help Still Needed!
Our first status update on the critical initial milestone in Shadowservers urgent 2020 funding challenge. Great progress from our awesome community, with particular thanks to philanthropist Craig Newmark, but more help still needed to fully secure our data center operations in 2020. Join with us to continue protecting victims of cybercrime and help protect the Internet.
https://www.shadowserver.org/news/progress-in-2020-funding-challenge-thanks-to-fantastic-global-supporters-but-more-help-still-needed/
Contact Form 7 Datepicker: Gefährliches WordPress-Plugin ohne Support
Angreifer könnten WordPress-Websites attackieren und Admin-Sessions übernehmen.
https://heise.de/-4696045
Researchers Discover Hidden Behavior in Thousands of Android Apps
Thousands of mobile applications for Android contain hidden behavior such as backdoors and blacklists, a group of researchers has discovered. With smartphones being part of our every-day lives, millions of applications are being used for a broad variety of activities, yet many of these engage in behaviors that are never disclosed to their users.
https://www.securityweek.com/researchers-discover-hidden-behavior-thousands-android-apps
Mahnungen und Zahlungsaufforderungen von Flirthub.de ungerechtfertigt
Zahlreiche InternetuserInnen wenden sich momentan an uns, da sie plötzlich Zahlungsaufforderungen von Flirthub.de erhalten. Angeblich hätten sie sich auf der Website der MD Service GmbH angemeldet und eine Testphase sei nun in ein Premium-Abo übergelaufen. Wir haben uns die Websites und Zahlungsaufforderungen genauer angesehen. Unser Urteil: Betroffene müssen die geforderten 265,62 Euro nicht bezahlen!
https://www.watchlist-internet.at/news/mahnungen-und-zahlungsaufforderungen-von-flirthubde-ungerechtfertigt/
Vorsicht bei gefälschten Nachrichten von SMSinfo zu Paketlieferungen
Aufgrund der Corona-Krise müssen Fachgeschäfte in Österreich geschlossen sein. Viele Menschen greifen daher auf Online-Bestellungen zurück und warten auf ihr bestelltes Paket. Das nutzen derzeit vermehrt Kriminelle aus und versenden SMS unter den Namen -SMSinfo-. Der mitgeschickte Link in dieser SMS führt zu einer gefälschten Post-Webseite auf der Sie aufgefordert werden zwei Euro zu zahlen. Geben Sie Ihre Daten hier nicht ein, denn die Nachricht stammt [...]
https://www.watchlist-internet.at/news/vorsicht-bei-gefaelschten-nachrichten-von-smsinfo-zu-paketlieferungen/
GuLoader: Malspam Campaign Installing NetWire RAT
NetWire, a publicly-available RAT, was found being distributed through a file downloader called GuLoader. We explain how its infection chain works and how to defend against it.
https://unit42.paloaltonetworks.com/guloader-installing-netwire-rat/
Microsoft: How one Emotet infection took out this organizations entire network
An Emotet victims IT disaster shows why organizations should filter internal emails and use two-factor authentication.
https://www.zdnet.com/article/microsoft-how-one-emotet-infection-took-out-this-organizations-entire-network/
Vulnerabilities
B&R Automation Studio
This advisory contains mitigations for improper privilege management, missing required cryptographic step, and path traversal vulnerabilities in B&R Automation Studio software.
https://www.us-cert.gov/ics/advisories/icsa-20-093-01
Security updates for Friday
Security updates have been issued by Debian (mediawiki and qbittorrent), Gentoo (gnutls), Mageia (bluez, kernel, python-yaml, varnish, and weechat), Oracle (haproxy and nodejs:12), SUSE (exiv2, haproxy, libpng12, mgetty, and python3), and Ubuntu (libgd2).
https://lwn.net/Articles/816757/
Security Bulletin: IBM Agile Lifecycle Manager is affected by an Apache Zookeeper vulnerability (CVE-2019-0201)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-agile-lifecycle-manager-is-affected-by-an-apache-zookeeper-vulnerability-cve-2019-0201/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Agile Lifecycle Manager
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-ibm-agile-lifecycle-manager/
Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged user could execute commands as root ( CVE-2020-4273)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-where-an-unprivileged-user-could-execute-commands-as-root-cve-2020-4273/