End-of-Day report
Timeframe: Donnerstag 14-05-2020 18:00 - Freitag 15-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
ProLock Ransomware teams up with QakBot trojan for network access
ProLock is a relatively new malware on the ransomware scene but has quickly attracted attention by targeting businesses and local governments and demanding huge ransoms for file decryption.
https://www.bleepingcomputer.com/news/security/prolock-ransomware-teams-up-with-qakbot-trojan-for-network-access/
RATicate drops info stealing malware and RATs on industrial targets
Security researchers from Sophos have identified a hacking group that abused NSIS installers to deploy remote access tools (RATs) and information-stealing malware in attacks targeting industrial companies.
https://www.bleepingcomputer.com/news/security/raticate-drops-info-stealing-malware-and-rats-on-industrial-targets/
Angriffe auf Hochleistungsrechner: Waren es Krypto-Miner?
Zahlreiche Hochleistungsrechenzentren sind nach Angriffen vom Netz. Hinweise deuten auf Krypto-Mining, doch für den Chef des LRZ greift das zu kurz.
https://heise.de/-4722488
The Unattributable "db8151dd" Data Breach
I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer. Its about a data breach with almost 90GB of personal information in it across tens of millions of records - including mine. Heres what I know: [...]
https://www.troyhunt.com/the-unattributable-db8151dd-data-breach/
Erpressungsmails mit echtem Passwort im Umlauf
In letzter Zeit häufen sich Beschwerden von Internet-NutzerInnen zu Erpressungsmails. Die Erpresser geben dabei an, ein Masturbationsvideo von den Betroffenen zu besitzen und fordern dazu auf einen bestimmten Betrag in Form von Bitcoins zu bezahlen. Die AdressatInnen sind von dieser Masche besonders verunsichert, da die Hacker ein echtes Passwort als scheinbaren Beweis kennen. Doch es besteht kein Grund zur Sorge. Die Erpresser haben weder ihren Computer gehackt, noch belastendes Material [...]
https://www.watchlist-internet.at/news/erpressungsmails-mit-echtem-passwort-im-umlauf/
Mirai and Hoaxcalls Botnets Target Legacy Symantec Web Gateways
New Hoaxcalls and Mirai botnet campaigns found targeting end-of-life Symantec Secure Web Gateways via Remote Code Execution vulnerability.The post Mirai and Hoaxcalls Botnets Target Legacy Symantec Web Gateways appeared first on Unit42.
https://unit42.paloaltonetworks.com/hoaxcalls-mirai-target-legacy-symantec-web-gateways/
Vulnerabilities
Security updates for Friday
Security updates have been issued by Debian (apt, inetutils, and log4net), Fedora (kernel, mailman, and viewvc), Gentoo (chromium, freerdp, libmicrodns, live, openslp, python, vlc, and xen), Oracle (.NET Core, container-tools:1.0, and kernel), Red Hat (kernel-rt), Scientific Linux (kernel), SUSE (kernel, libvirt, python-PyYAML, and syslog-ng), and Ubuntu (json-c).
https://lwn.net/Articles/820634/
Vulnerabilities in SoftPAC Virtual Controller Expose OT Networks to Attacks
Vulnerabilities discovered by a researcher at industrial cybersecurity firm Claroty in Opto 22-s SoftPAC virtual programmable automation controller (PAC) expose operational technology (OT) networks to attacks.
https://www.securityweek.com/vulnerabilities-softpac-virtual-controller-expose-ot-networks-attacks
Cisco Firepower Threat Defense Software Generic Routing Encapsulation Tunnel IPv6 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-2-sS2h7aWe
Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-dos-4v5nmWtZ
Cisco Firepower Threat Defense Software VPN System Logging Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-Rdpe34sd8
Cisco MDS 9000 Series Switches Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-mds-ovrld-dos
Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-N2vQZASR
Security Bulletin: Vulnerability in embedded IBM Websphere Application Server Liberty affects IBM Watson Compare and Comply for IBM Cloud Pak for Data
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-embedded-ibm-websphere-application-server-liberty-affects-ibm-watson-compare-and-comply-for-ibm-cloud-pak-for-data-2/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server April 2020 CPU that is bundled with IBM WebSphere Application Server Patterns
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-april-2020-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/
Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-service-registry-and-repository-and-websphere-service-registry-and-repository-studio-april-2020-cpu-plus-deferred-cve/
Security Bulletin: Multiple vulnerabilities have been identified in OpenSSL, a product which ships with IBM Tivoli Nework Manager
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-openssl-a-product-which-ships-with-ibm-tivoli-nework-manager/
Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting that affects Liberty for Java for IBM Cloud (CVE-2020-4303, CVE-2020-4304)
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-is-vulnerable-to-cross-site-scripting-that-affects-liberty-for-java-for-ibm-cloud-cve-2020-4303-cve-2020-4304/
PostgreSQL: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten
http://www.cert-bund.de/advisoryshort/CB-K20-0471