End-of-Day report
Timeframe: Donnerstag 30-04-2020 18:00 - Montag 04-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
New phishing campaign packs an info-stealer, ransomware punch
A new phishing campaign is distributing a double-punch of a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware.
Jetzt patchen! Angreifer attackieren Oracle WebLogic Server
Derzeit haben es Angreifer unter anderem auf eine kritische Sicherheitslücke in Oracle WebLogic Server abgesehen.
Power Supply Can Turn Into Speaker for Data Exfiltration Over Air Gap
A researcher has demonstrated that threat actors could exfiltrate data from an air-gapped device over an acoustic channel even if the targeted machine does not have any speakers, by abusing the power supply.
Vorsicht vor gefährlichen VPN-Diensten
VPN-Dienste sind momentan gefragt wie nie zuvor. -Virtuelle private Netzwerke- erhalten besonders durch verstärktes Home-Office Zulauf. Sie ermöglichen beispielsweise sicheren Zugriff auf Firmennetzwerke von zu Hause aus. Doch Vorsicht: Die hohe Nachfrage wird von Kriminellen ausgenützt. Sie kopieren Websites echter VPN-Dienste und laden gefährliche Schadsoftware auf die Systeme ihrer Opfer!
CursedChrome turns your browser into a hackers proxy
CursedChrome shows how hackers can take full control over your Chrome browser using just one extension.
Angriffe auf Salt, LineageOS, Ghost und Digicert
Hacker nutzen Schwachstellen aus, um Systeme zu attackieren. Im Blickpunkt stehen aktuell der SaltStack, das Handy-Betriebssystem LineageOS, die Bloggerplattform Ghost und der Zertifizierungsanbieter Digicert.
Security updates for Friday
Security updates have been issued by CentOS (git, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, python-twisted-web, and thunderbird), Debian (dom4j, miniupnpc, otrs2, pound, ruby2.1, vlc, w3m, and yodl), Fedora (git, java-latest-openjdk, mingw-libxml2, php-horde-horde, pxz, sqliteodbc, and xen), Gentoo (cacti, django, fontforge, and libu2f-host), openSUSE (cacti, cacti-spine, chromium, python-typed-ast, and salt), Red Hat (gnutls and kernel), SUSE (kernel), and Ubuntu (edk2).
Security updates for Monday
Security updates have been issued by Debian (mailman, openldap, pound, tomcat8, and trafficserver), Fedora (chromium, java-11-openjdk, kernel, openvpn, pxz, and rubygem-json), openSUSE (apache2, bouncycastle, chromium, git, python-typed-ast, resource-agents, ruby2.5, samba, squid, webkit2gtk3, and xen), Slackware (seamonkey), SUSE (LibVNCServer and permissions), and Ubuntu (mysql-5.7, mysql-8.0).
TP-Link Patches Multiple Vulnerabilities in NC Cloud Cameras
TP-Link has released firmware updates to address several vulnerabilities in its NC series cloud cameras, including bugs that could lead to the remote execution of arbitrary commands.
Synology-SA-20:11 SRM
A vulnerability allows remote attackers to conduct denial-of-service attacks via a susceptible version of SRM.
Synology-SA-20:10 WordPress
Multiple vulnerabilities allow remote attackers to inject arbitrary web script or HTML via a susceptible version of WordPress.
Security Bulletin: Vulnerability in Xerces-C (CVE-2018-1311)
Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand
Security Bulletin: OpenSSL disclosed vulnerability affects MessageGatweay (CVE-2020-1967)
Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect for Enterprise Resource Planning on Windows (CVE-2019-4732)
Security Bulletin: Windows DLL injection vulnerability in IBM Java Runtime affects Collaboration and Deployment Services
Security Bulletin: IBM MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2019-1551
Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale
Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale (CVE-2020-2654)
Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Denial of Service