End-of-Day report
Timeframe: Dienstag 28-04-2020 18:00 - Mittwoch 29-04-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Would You Have Fallen for This Phone Scam?
You may have heard that todays phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. But you probably didnt know that your bank may be making it super easy for thieves to impersonate the bank, by giving away information about recent transactions on your account via automated, phone-based customer support systems.
https://krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-scam/
Cloud Under Pressure: Keeping AWS Projects Secure
Amazon Web Services (AWS) allow organizations to take advantage of numerous services and capabilities. As the number of available options under the cloud infrastructure of the company grows, so too do the security risks and the possible weaknesses.
https://www.tripwire.com/state-of-security/security-data-protection/cloud/cloud-under-pressure-keeping-aws-projects-secure/
Google Researchers Find Multiple Vulnerabilities in Apples ImageIO Framework
Google Project Zero security researchers have discovered multiple vulnerabilities in ImageIO, the image parsing API used by Apple-s iOS and macOS operating systems.
https://www.securityweek.com/google-researchers-find-multiple-vulnerabilities-apples-imageio-framework
Emotet C2 and RSA Key Update - 04/28/2020 23:59
Emotet C2 and RSA Key - Update 04/28/2020 at 23:59 UTC
News: Still no Emotet back this week for spamming but once again more shennanigans with Trickbot installs doing option 42 to drop Emotet E2 as shown by Fate112 in his post here: https://twitter.com/tosscoinwitcher/status/1255259004164542464
Watch for the falling C2 combos- seems like they are doing a lot of spring cleaning as counts plummet as of late. Key and current C2 list below for each Epoch [...]
https://paste.cryptolaemus.com/emotet/2020/04/28/emotet-c2-rsa-update-04-28-20-1.html
Check Point: Android-Ransomware verschlüsselt Dateien angeblich im Namen des FBI
Die Erpressersoftware fordert im Namen der US-Bundespolizei ein Lösegeld von 500 Dollar. Sie kann aber auch die vollständige Kontrolle über ein Smartphone übernehmen und weitere schädliche Apps installieren. Check Point vermutet die Hintermänner in Russland.
https://www.zdnet.de/88379222/check-point-android-ransomware-verschluesselt-dateien-angeblich-im-namen-des-fbi/
Vulnerabilities
Cisco IOS XE SD-WAN Software Command Injection Vulnerability
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xesdwcinj-AcQ5MxCn
Security Updates Available for Magento | APSB20-22
Magento has released updates for Magento Commerce and Open Source editions. These updates resolve vulnerabilities rated Critical, Important and Moderate (severity ratings). Successful exploitation could lead to arbitrary code execution.
https://helpx.adobe.com/security/products/magento/apsb20-22.html
VMSA-2020-0008
VMware ESXi patches address Stored Cross-Site Scripting (XSS) vulnerability (CVE-2020-3955)
https://www.vmware.com/security/advisories/VMSA-2020-0008.html
Security updates for Wednesday
Security updates have been issued by Debian (kernel, openjdk-7, openjdk-8, and openldap), Fedora (openvpn), openSUSE (teeworlds and vlc), Red Hat (bind, binutils, bluez, container-tools:1.0, container-tools:2.0, container-tools:rhel8, cups, curl, dnsmasq, dpdk, e2fsprogs, edk2, evolution, exiv2, fontforge, freeradius:3.0, gcc, gdb, glibc, GNOME, grafana, GStreamer, libmad, and SDL, haproxy, ibus and glib2, irssi, kernel, kernel-rt, liblouis, libmspack, libreoffice, libsndfile, libtiff, libxml2, [...]
https://lwn.net/Articles/818950/
Advisory: Sophos XG Firewall: Asnarok Vulnerability - Actions required for SFM/CFM managed devices
This article outlines the remediation steps for XG Firewalls with severed connections to SFM and CFM central management product.
https://community.sophos.com/kb/en-US/135429
Advisory - Sophos XG Firewall v18: Upgrade from v17.5.x to v18 Build_354 will take longer than previous upgrades
https://community.sophos.com/kb/en-US/135437
April 28, 2020 TNS-2020-03 [R1] Nessus Agent 7.6.3 Fixes Multiple Third-party Vulnerabilities
http://www.tenable.com/security/tns-2020-03
Red Hat Security Advisories
https://access.redhat.com/errata/#/?q=&p=1&sort=portal_publication_date%20desc&rows=25&portal_advisory_type=Security%20Advisory
Security Bulletin: Vulnerability in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-websphere-liberty-affecting-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/
Security Bulletin: Vulnerabilities exist in Watson Explorer (CVE-2019-4720, CVE-2019-12406)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-exist-in-watson-explorer-cve-2019-4720-cve-2019-12406/
Security Bulletin: Vulnerabilities in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-websphere-liberty-affecting-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Jan 2020 CPU (CVE-2020-2583, CVE-2019-4732)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-application-manager-jan-2020-cpu-cve-2020-2583-cve-2019-4732/
Security Bulletin: A vulnerability in in IBM® Runtime Environment Java- Version affects IBM WIoTP MessageGateway (CVE-2020-2654)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-in-ibm-runtime-environment-java-version-affects-ibm-wiotp-messagegateway-cve-2020-2654/
Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2019-1551)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affects-watson-explorer-foundational-components-cve-2019-1551/
Security Bulletin: Sensitive Information Disclosed in Logs (CVE-2019-4286)
https://www.ibm.com/blogs/psirt/security-bulletin-sensitive-information-disclosed-in-logs-cve-2019-4286/
Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nss-nss-softokn-nss-util-vulnerability-cve-2019-11729-and-cve-2019-11745/
Security Bulletin: Vulnerability in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-ibm-connec-4/
Security Bulletin: Vulnerability in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-ibm-connec-3/