End-of-Day report
Timeframe: Freitag 08-05-2020 18:00 - Montag 11-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Sodinokibi ransomware can now encrypt open and locked files
The Sodinokibi (REvil) ransomware has added a new feature that makes it easier to encrypt all files, even those that are opened and locked by another process.
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-can-now-encrypt-open-and-locked-files/
Thunderspy: Nicht patchbare Sicherheitslücken in Thunderbolt
Mit einem Schraubendreher und einem SPI-Programmer lassen sich zentrale Sicherheitsfunktionen von Thunderbolt deaktivieren.
https://www.golem.de/news/thunderspy-nicht-patchbare-sicherheitsluecken-in-thunderbolt-2005-148387-rss.html
Sphinx Malware Returns to Riddle U.S. Targets
The banking trojan has upgraded and is seeing a resurgence on the back of coronavirus stimulus payment themes.
https://threatpost.com/sphinx-riddle-us-targets-modifications/155621/
Lieferzeiten & Zahlung beim Online-Shopping: Das sind Ihre Rechte
Der Watchlist Internet werden in letzter Zeit vermehrt Online-Shops gemeldet, die zwar nicht unbedingt Fake-Shops sind, sich jedoch durch verzögerte Lieferzeiten nicht an geltende Gesetze halten. Aber welche Rechte haben Sie als Konsumentin oder Konsument eigentlich? Was können Sie machen, wenn sich ein Online-Shop nicht an die vereinbarte Lieferzeit hält? Wann müssen Sie Bestellungen bezahlen? Wie können Sie Ihre Rechte geltend machen?
https://www.watchlist-internet.at/news/lieferzeiten-zahlung-beim-online-shopping-das-sind-ihre-rechte/
Intel und Microsoft entwickeln Deep-Learning-Technik zur Malware-Analyse
Das Stamina genannte Projekt wandelt Dateien in Graustufen-Bilder um. Microsoft analysiert die Bilder auf Textur- und Struktur-Muster. Bei Tests erreicht das System eine Genauigkeit von mehr als 99 Prozent.
https://www.zdnet.de/88379578/intel-und-microsoft-entwickeln-deep-learning-technik-zur-malware-analyse/
Vulnerabilities
Vulnerabilities Patched in Page Builder by SiteOrigin Affects Over 1 Million Sites
On Monday, May 4, 2020, the Wordfence Threat Intelligence team discovered two vulnerabilities present in Page Builder by SiteOrigin, a WordPress plugin actively installed on over 1,000,000 sites. Both of these flaws allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator-s browser.
https://www.wordfence.com/blog/2020/05/vulnerabilities-patched-in-page-builder-by-siteorigin-affects-over-1-million-sites/
Security updates for Monday
Security updates have been issued by Arch Linux (chromium and firefox), Debian (libntlm, squid, thunderbird, and wordpress), Fedora (chromium, community-mysql, crawl, roundcubemail, and xen), Mageia (chromium-browser-stable), openSUSE (chromium, firefox, LibVNCServer, openldap2, opera, ovmf, php7, python-PyYAML, rpmlint, rubygem-actionview-5_1, slirp4netns, sqliteodbc, squid, thunderbird, and webkit2gtk3), Oracle (firefox, git, gnutls, kernel, libvirt, squid, and targetcli), Red Hat [...]
https://lwn.net/Articles/820196/
VMware to Patch Recent Salt Vulnerabilities in vROps
VMware is working on patches for its vRealize Operations Manager (vROps) product to fix two recently disclosed Salt vulnerabilities that have already been exploited to hack organizations. read more
https://www.securityweek.com/vmware-patch-recent-salt-vulnerabilities-vrops
Data leak, phishing security flaws disclosed in Oracle iPlanet Web Server
Security patches will not be issued to fix the problems.
https://www.zdnet.com/article/data-leak-phishing-security-flaws-exposed-in-oracle-iplanet-web-server/
Security Advisory - Improper Authentication Vulnerability in Several Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200506-02-authentication-en
Security Bulletin: CVE-2019-4667 Lack of Built in HSTS option
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4667-lack-of-built-in-hsts-option/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-rational-performance-tester/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-rational-service-tester/
Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-12406)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-ibm-websphere-application-server-liberty-vulnerability-cve-2019-12406/
Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-4720)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-ibm-websphere-application-server-liberty-vulnerability-cve-2019-4720/
Security Bulletin: A Security Vulnerability in IBM Java Runtime affects IBM Cloud Private (CVE-2020-2654)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-ibm-java-runtime-affects-ibm-cloud-private-cve-2020-2654/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-websphere-cast-iron-solution-app-connect-professional-2/
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Node.js (CVE-2019-15605, CVE-2019-15606)
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-node-js-cve-2019-15605-cve-2019-15606/
Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities.
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-cast-iron-solution-app-connect-professional-is-affected-by-apache-tomcat-vulnerabilities-3/
Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-17495)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-ibm-websphere-application-server-liberty-vulnerability-cve-2019-17495/
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cloud Private
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cloud-private/