End-of-Day report
Timeframe: Dienstag 02-06-2020 18:00 - Mittwoch 03-06-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Mukashi malware: What it is, how it works and how to prevent it | Malware spotlight
Learning from the past can be an important part of future success in any endeavor, including cyberattacks. Attack groups observe this concept and apply it when they create new attack campaigns before they are released into the wild. Mukashi is an example of a malware that uses what has worked well for attackers in [...]
https://resources.infosecinstitute.com/mukashi-malware-what-it-is-how-it-works-and-how-to-prevent-it-malware-spotlight/
System Takeover Through New SAP ASE Vulnerabilities
Organizations often store their most critical data in databases, which, in turn, are often necessarily exposed in untrusted or publicly exposed environments. This makes vulnerabilities like these essential to address and test quickly since they not only threaten the data in the database but potentially the full host that it is running on.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/system-takeover-through-new-sap-ase-vulnerabilities/
Jetzt patchen! Weltweit immer noch mehr als 1 Millionen Exim-Server attackierbar
Die National Security Agency (NSA) warnt vor Attacken auf Exim-Mailserver. Sicherheitsupdates sind schon länger verfügbar.
https://heise.de/-4772712
Large Scale Attack Campaign Targets Database Credentials
Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files. The peak of this attack campaign occurred on May 30, 2020. At this point, attacks from this campaign accounted for 75% of all attempted exploits of [...]
https://www.wordfence.com/blog/2020/06/large-scale-attack-campaign-targets-database-credentials/
Zahlreiche China-Shops werben auf Facebook mit günstiger Damenmode
Das Unternehmen -Chicv International Holding Limited- ist schon länger bekannt, da es für zahlreiche Online-Shops verantwortlich ist. Laut Erfahrungsberichten von KonsumentInnen treffen die bestellten Produkte von diesen Shops - wenn überhaupt - sehr spät ein. Sind die Waren schließlich angekommen, zeigt sich schnell, dass diese nichts mit den Bildern und Beschreibungen im Online-Shop zu tun haben.
https://www.watchlist-internet.at/news/zahlreiche-china-shops-werben-auf-facebook-mit-guenstiger-damenmode/
Sophos Web Appliance: Certificate validation failed for sites signed by Sectigo root CA
Websites that are signed by Sectigo root CA may fail to connect and a certificate validation failed due to certificate AddTrust External CA Root expired on May 30th 2020.
https://community.sophos.com/kb/en-US/135544
Vulnerabilities
Sicherheitsupdates: Firefox und Tor Browser könnten private Schlüssel leaken
Mehrere Sicherheitslücken in den Webbrowsern Firefox, Firefox ESR und Tor Browser gefährden Computer.
https://heise.de/-4772615
Vulnerability Spotlight: Two vulnerabilities in Zoom could lead to code execution
Cisco Talos recently discovered two vulnerabilities in the popular Zoom video chatting application that could allow a malicious user to execute arbitrary code on victims- machines.
https://blog.talosintelligence.com/2020/06/vuln-spotlight-zoom-code-execution-june-2020.html
Security updates for Wednesday
Security updates have been issued by Fedora (java-11-openjdk, perl-Email-MIME, perl-Email-MIME-ContentType, and slurm), openSUSE (imapfilter, mailman, and python-rpyc), Red Hat (bind and firefox), SUSE (evolution-data-server, python, qemu, and w3m), and Ubuntu (python-django).
https://lwn.net/Articles/822136/
Security Advisory - Memory Leak Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200603-01-memory-en
Security Advisory - Improper Handling of Exceptional Condition Vulnerability in Huawei Smartphones
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200603-01-smartphone-en
Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-cross-site-scripting-vulnerability/
Security Bulletin: IBM Security Guardium is affected by Use of Hard-Coded Credentials vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-use-of-hard-coded-credentials-vulnerabilities/
Security Bulletin: IBM Security Guardium is affected by an Improper Access Control vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-improper-access-control-vulnerability/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator.
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator-4/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-3/
Security Bulletin: IBM Security Guardium is affected by a Hard-coded passwords vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-hard-coded-passwords-vulnerability/
Security Bulletin: IBM Security Guardium is affected by an OS Command Injection vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-os-command-injection-vulnerabilities/
Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2020-4303, CVE-2020-4304)
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-is-vulnerable-to-cross-site-scripting-cve-2020-4303-cve-2020-4304-2/
Security Bulletin: The vanruability (net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact) found Network Performance Insight (CVE-2019-17571)
https://www.ibm.com/blogs/psirt/security-bulletin-the-vanruability-net-sf-ehcache-blocking-in-fasterxml-jackson-databind-has-an-unknown-impact-found-network-performance-insight-cve-2019-17571/
Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-2/
June 2, 2020 TNS-2020-04 [R1] Nessus Network Monitor 5.11.1 Fixes One Third-party Vulnerability
http://www.tenable.com/security/tns-2020-04
docker: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
http://www.cert-bund.de/advisoryshort/CB-K20-0524