End-of-Day report
Timeframe: Freitag 17-04-2020 18:00 - Montag 20-04-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Microsoft helped stop a botnet controlled via an LED light console
Microsoft says that its Digital Crimes Unit (DCU) discovered and helped take down a botnet of 400,000 compromised devices controlled with the help of an LED light control console.
https://www.bleepingcomputer.com/news/security/microsoft-helped-stop-a-botnet-controlled-via-an-led-light-console/
KPOT Analysis: Obtaining the Decrypted KPOT EXE, (Sun, Apr 19th)
https://isc.sans.edu/diary/rss/26014
KPOT AutoIt Script: Analysis, (Mon, Apr 20th)
https://isc.sans.edu/diary/rss/26012
Finding Zoom Meeting Details in the Wild
The popular web conference platform Zoom has been in the storm for a few weeks. With the COVID19 pandemic, more and more people are working from home and the demand for web conference tools has been growing.
https://blog.rootshell.be/2020/04/18/finding-zoom-meeting-details-in-the-wild/
Clipboard hijacking malware found in 725 Ruby libraries
Security researchers from ReversingLabs say theyve discovered 725 Ruby libraries uploaded on the official RubyGems repository that contained malware meant to hijack users clipboards. The malicious packages were uploaded on RubyGems between February 16 and 25 by two accounts [...]
https://www.zdnet.com/article/clipboard-hijacking-malware-found-in-725-ruby-libraries/
PayPal über Google Pay: Lücke von Februar anscheinend klammheimlich behoben
Die Lücke, die unautorisierte PayPal-Abbuchungen via Google Pay erlaubte, wurde anscheinend - erst kürzlich - von PayPal gefixt.
https://heise.de/-4704339
Warten auf Patches: Schwachstellen in Nagios XI gefährden Netzwerke
Die Monitoring-Software für komplexe IT-Infrastrukturen Nagios XI ist verwundbar. Abhilfe gibt es noch nicht.
https://heise.de/-4704444
Several Botnets Using Zero-Day Vulnerability to Target Fiber Routers
Multiple botnets are targeting a zero-day vulnerability in fiber routers in an attempt to ensnare them and leverage their power for malicious purposes, security researchers warn.
https://www.securityweek.com/several-botnets-using-zero-day-vulnerability-target-fiber-routers
In eigener Sache: CERT.at/nic.at sucht Verstärkung (Research Engineer Internet, Vollzeit)
Unser Research- & Developmentteam sucht für ein Projekt mit CERT.at und Security-Bezug eine/n Research Engineer (m/w, Vollzeit mit 38,5 Stunden) zum ehestmöglichen Einstieg. Dienstort ist Wien. Details finden sich auf der nic.at Jobs-Seite.
https://cert.at/de/blog/2020/4/in-eigener-sache-certatnicat-sucht-verstarkung-research-engineer-internet-vollzeit
Vulnerabilities
CVE-2019-9506 Encryption Key Negotiation of Bluetooth Vulnerability
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
https://fortiguard.com/psirt/FG-IR-19-224
Kritische Sicherheitslücke in mehreren Xilinx-FPGAs
Bei Xilinx-FPGAs der Serie 7 (Spartan-7, Artix-7, Kintex-7, Virtex-7) und Virtex-6 lässt sich die Verschlüsselung der Bitstream-Konfigurationsdaten aushebeln.
https://heise.de/-4706002
Security updates for Monday
Security updates have been issued by Arch Linux (openvpn), Debian (awl, file-roller, jackson-databind, and shiro), Fedora (chromium, git, and libssh), Mageia (php, python-bleach, and webkit2), openSUSE (chromium, gstreamer-rtsp-server, and mp3gain), Oracle (thunderbird and tigervnc), SUSE (thunderbird), and Ubuntu (file-roller and webkit2gtk).
https://lwn.net/Articles/817987/
Prestashop 1.7.6.4 XSS / CSRF / Remote Code Execution
https://cxsecurity.com/issue/WLB-2020040108
Toshiba Electronic Devices & Storage software registers unquoted service paths
https://jvn.jp/en/jp/JVN13467854/
Security Bulletin: Information disclosure vulnerability in WebSphere Application Server shipped with Jazz for Service Management (CVE-2019-4441)
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-shipped-with-jazz-for-service-management-cve-2019-4441/
Security Bulletin: Windows DLL injection vulnerability with IBM Java Affects SPSS Modeler
https://www.ibm.com/blogs/psirt/security-bulletin-windows-dll-injection-vulnerability-with-ibm-java-affects-spss-modeler-2/
Security Bulletin: Multiple vulnerabilities in Nimbus-JOSE-JWT affect IBM Spectrum Symphony
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-nimbus-jose-jwt-affect-ibm-spectrum-symphony/
Squid: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-0347
Citrix Hypervisor Multiple Security Updates
https://support.citrix.com/article/CTX270837