End-of-Day report
Timeframe: Dienstag 19-05-2020 18:00 - Mittwoch 20-05-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Netwalker Fileless Ransomware Injected via Reflective Loading
Ransomware in itself poses a formidable threat for organizations. As a fileless threat, the risk is increased as it can more effectively evade detection. We discuss how Netwalker ransomware is deployed filelessly through reflective DLL injection.
https://blog.trendmicro.com/trendlabs-security-intelligence/netwalker-fileless-ransomware-injected-via-reflective-loading/
Studie: Kriminelle wollen nur Geld, Unternehmen stellen Daten selbst ins Feuer
Eine Analyse von knapp 4000 Cyber-Angriffen belegt, dass Passwortdiebstahl nach wie vor hoch im Kurs steht und Admins vor allem Cloud-Dienste nicht beherrschen.
https://heise.de/-4725579
10 best practices for MSPs to secure their clients and themselves from ransomware
For MSPs, securing themselves from ransomware is just as much a practice in securing clients. See how to save data-and money-with these best practices.
https://blog.malwarebytes.com/how-tos-2/2020/05/10-best-practices-for-msps-to-secure-their-clients-and-themselves-from-ransomware/
The wolf is back...
Thai Android devices and users are being targeted by a modified version of DenDroid we are calling "WolfRAT," now targeting messaging apps like WhatsApp, Facebook Messenger and Line. We assess with high confidence that this modified version is operated by the infamous Wolf Research.This actor has shown a surprising level of amateur actions, including code overlaps, open-source project copy/paste, classes never being [...]
https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html
3 Ways to Reduce Insider Cyberattacks on Industrial Control Systems
When power grids, water networks and gas utility systems are targeted by cyberattacks, systems that are essential to our everyday lives are affected. While the damage potential due to external [...]
https://blog.se.com/cyber-security/2020/05/06/three-ways-to-reduce-insider-cyberattacks-on-industrial-control-systems/
The Elementor Attacks: How Creative Hackers Combined Vulnerabilities to Take Over WordPress Sites
On May 6, our Threat Intelligence team was alerted to a zero-day vulnerability present in Elementor Pro, a WordPress plugin installed on approximately 1 million sites. That vulnerability was being exploited in conjunction with another vulnerability found in Ultimate Addons for Elementor, a WordPress plugin installed on approximately 110,000 sites.
https://www.wordfence.com/blog/2020/05/the-elementor-attacks-how-creative-hackers-combined-vulnerabilities-to-take-over-wordpress-sites/
SMS von Raiffeisen mit Link ist Fake
Momentan sind gefälschte Raiffeisen-SMS im Umlauf. Darin werden Sie aufgefordert, die PushTAN Registrierung abzuschließen. Dafür müssen Sie lediglich auf den angeführten Link klicken. Doch Vorsicht: Dieser Link führt nicht auf die echte Login-Seite, sondern auf eine Phishing-Seite.
https://www.watchlist-internet.at/news/sms-von-raiffeisen-mit-link-ist-fake/
Vulnerabilities
VMSA-2020-0010
VMware Cloud Director updates address Code Injection Vulnerability (CVE-2020-3956)
https://www.vmware.com/security/advisories/VMSA-2020-0010.html
Security updates for Wednesday
Security updates have been issued by Debian (bind9 and clamav), Fedora (kernel, moodle, and transmission), Oracle (kernel), Red Hat (ipmitool, kernel, ksh, and ruby), Slackware (bind and libexif), SUSE (dpdk, openconnect, python, and rpmlint), and Ubuntu (linux, linux-aws, linux-gcp, linux-kvm, linux-oracle, linux-riscv and linux-gke-5.0, linux-oem-osp1).
https://lwn.net/Articles/820948/
Researchers Divulge Details on Five Windows Zero Days
Zero Day Initiative Researchers Publish Five Windows Zero Days read more
https://www.securityweek.com/researchers-divulge-details-five-windows-zero-days
Security Advisory - Information Leakage Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200520-01-leakage-en
Security Advisory - Use After Free Vulnerability in Several Products
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200520-01-uaf-en
Security Bulletin: IBM Security Access Manager is vulnerable to a bypass security vulnerability (CVE-2020-4461)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-access-manager-is-vulnerable-to-a-bypass-security-vulnerability-cve-2020-4461/
Security Bulletin: A security vulnerability has been identified in SQLite shipped with IBM Watson Machine Learning Community Edition (WMLCE)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-sqlite-shipped-with-ibm-watson-machine-learning-community-edition-wmlce/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-rational-application-developer-for-websphere-software-2/
Security Bulletin: A security vulnerability has been identified in the sqlite package shipped with IBM Watson Machine Learning Community Edition (WMLCE)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-the-sqlite-package-shipped-with-ibm-watson-machine-learning-community-edition-wmlce/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-rational-application-developer-for-websphere-software/
Security Bulletin: CVE-2020-4260 SOME SECURE PROPERTIES CAN BE REVEALED VIA GENERIC PROCESSES
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-4260-some-secure-properties-can-be-revealed-via-generic-processes/
Security Bulletin: A security vulnerability has been identified in Pillow shipped with IBM Watson Machine Learning Community Edition (WMLCE) containers
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-pillow-shipped-with-ibm-watson-machine-learning-community-edition-wmlce-containers/
Security Bulletin: A security vulnerability has been identified in nanopb shipped with IBM Watson Machine Learning Community Edition (WMLCE)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-nanopb-shipped-with-ibm-watson-machine-learning-community-edition-wmlce/
Security Bulletin: A security vulnerability has been identified in FFMpeg shipped with IBM Watson Machine Learning Community Edition (WMLCE) containers
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ffmpeg-shipped-with-ibm-watson-machine-learning-community-edition-wmlce-containers/
Security Bulletin: Security vulnerabilities have been identified in BigFix Platform shipped with IBM License Metric Tool.
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-bigfix-platform-shipped-with-ibm-license-metric-tool/
HPESBHF04004 rev.1 - HPE Superdome Flex Server Remote Management Controller (RMC), Local Elevation of Privilege
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04004en_us
HPESBST03991 rev.1 - HPE Nimble Storage, Remote Access to Sensitive Information
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03991en_us
HPESBST03992 rev.1 - HPE Nimble Storage, Remote Code Execution
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03992en_us
Adobe Creative Cloud: Schwachstelle ermöglicht Offenlegung von Informationen
http://www.cert-bund.de/advisoryshort/CB-K20-0487
Wireshark: Schwachstelle ermöglicht Denial of Service
http://www.cert-bund.de/advisoryshort/CB-K20-0485