End-of-Day report
Timeframe: Donnerstag 25-06-2020 18:00 - Freitag 26-06-2020 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Golang Worm Widens Scope to Windows, Adds Payload Capacity
A first-stage malware loader spotted in active campaigns has added additional exploits and a new backdoor capability.
https://threatpost.com/worm-golang-malware-windows-payloads/156924/
Browser-Hersteller verkürzen Zertifikats-Lebensdauer auf ein Jahr
Ab September dürfen HTTPS-Zertifikate nur noch auf maximal ein Jahr ausgestellt werden.
https://heise.de/-4796599
Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files
This credit card skimmer hides in plain sight, quite literally, as it resides inside the metadata of image files.
https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/
Achtung: Auf Instagram kursieren betrügerische Nachrichten
Seit kurzem melden uns Instagram-NutzerInnen, betrügerische Nachrichten, in denen sie aufgefordert werden, einem Link zu folgen. Achtung: Kriminelle, die diese Privatnachrichten zahlreich und willkürlich versenden, wollen nur an Ihre Zugangsdaten kommen!
https://www.watchlist-internet.at/news/achtung-auf-instagram-kursieren-betruegerische-nachrichten/
Angebliche E-Mail der Bundesregierung enthält Ransomware
Die Serie von Ransomware-Angriffen auf deutsche Unternehmen setzt sich fort. Eine neue Ransomware-Kampagne in Deutschland nutzt als Köder eine gefälschte E-Mail im Namen der Bundesregierung.
https://www.zdnet.de/88381006/angebliche-e-mail-der-bundesregierung-enthaelt-ransomware/
Vulnerabilities
Micropatch is Available for Windows LNK Remote Code Execution Vulnerability (CVE-2020-1299)
Windows 7 and Server 2008 R2 users without Extended Security Updates have just received a micropatch for CVE-2020-1299, another "Stuxnet-like" critical LNK remote code execution issue that can get code executed on users computer just by viewing a folder with Windows Explorer.This vulnerability was patched by Microsoft with June 2020 Updates, but Windows 7 and Server 2008 users without Extended Security Updates remained vulnerable.
https://blog.0patch.com/2020/06/micropatch-is-available-for-windows-lnk.html
Security updates for Friday
Security updates have been issued by Debian (alpine), Fedora (fwupd, microcode_ctl, mingw-libjpeg-turbo, mingw-sane-backends, suricata, and thunderbird), openSUSE (uftpd), Red Hat (nghttp2), SUSE (ceph, curl, mutt, squid, tigervnc, and unbound), and Ubuntu (linux kernel and nvidia-graphics-drivers-390, nvidia-graphics-drivers-440).
https://lwn.net/Articles/824579/
Security Bulletin: Multiple vulnurabilities discovered in IBM® SDK, Java- can affect Rational Software Architect Design Manager
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnurabilities-discovered-in-ibm-sdk-java-can-affect-rational-software-architect-design-manager/
Security Bulletin: Information Disclosure in IBM Spectrum Protect Plus (CVE-2020-4565)
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-ibm-spectrum-protect-plus-cve-2020-4565/
Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearCase (CVE-2020-2654)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-the-ibm-java-runtime-affects-ibm-rational-clearcase-cve-2020-2654/
Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2019-1551)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-rational-clearcase-cve-2019-1551/
Security Bulletin: NVIDIA Windows GPU Display Driver has resolved several security vulnerabilities as described below.
https://www.ibm.com/blogs/psirt/security-bulletin-nvidia-windows-gpu-display-driver-has-resolved-several-security-vulnerabilities-as-described-below/
Security Bulletin: NVIDIA Windows GPU Display driver is vulnerable to several security vulnerabilities.
https://www.ibm.com/blogs/psirt/security-bulletin-nvidia-windows-gpu-display-driver-is-vulnerable-to-several-security-vulnerabilities/
Security Bulletin: A security vulnerability in Node.js affects IBM Integration Bus & IBM App Connect Enterprise V11 (CVE-2019-10744)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-affects-ibm-integration-bus-ibm-app-connect-enterprise-v11-cve-2019-10744/