End-of-Day report
Timeframe: Dienstag 28-07-2020 18:00 - Mittwoch 29-07-2020 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
News
VermieterInnen aufgepasst: Besonders in der Urlaubszeit wollen BetrügerInnen an Ihr Geld!
Betrug im Internet zielt manchmal auf ganz bestimmte Personengruppen ab. Gerade jetzt in der Urlaubszeit sind auch Zimmer- oder Ferienwohnung-VermieterInnen sowie Hoteliers im Visier von BetrügerInnen. Die Kriminellen geben sich dabei als interessierte Gäste aus und versuchen durch Scheckbetrug an das Geld der VermieterInnen zu kommen.
https://www.watchlist-internet.at/news/vermieterinnen-aufgepasst-besonders-in-der-urlaubszeit-wollen-betruegerinnen-an-ihr-geld/
Betrüger-Mails: Emotet klaut Dateianhänge für mehr Authentizität
Aufgepasst: Emotet hat dazu gelernt und versteckt sich nun in noch glaubhafteren Mails.
https://heise.de/-4857724
Netwalker malware: What it is, how it works and how to prevent it | Malware spotlight
Netwalker is a data encryption malware that represents an evolution of the well-known Kokoklock ransomware and has been active since September 2019. This article will detail the specific technical features of the Netwalker ransomware.
https://resources.infosecinstitute.com/netwalker-malware-what-it-is-how-it-works-and-how-to-prevent-it-malware-spotlight/
MMS Exploit Part 3: Constructing the Memory Corruption Primitives
Posted by Mateusz Jurczyk, Project Zero. This post is the third of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices.
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-3-constructing-primitives.html
Vulnerabilities
Magento gets security updates for severe code execution bugs
Adobe today released security updates to fix two code execution vulnerabilities affecting Magento Commerce and Magento Open Source, rated as important and critical severity.
https://www.bleepingcomputer.com/news/security/magento-gets-security-updates-for-severe-code-execution-bugs/
Critical Arbitrary File Upload Vulnerability Patched in wpDiscuz Plugin
On June 19th, our Threat Intelligence team discovered a vulnerability present in Comments - wpDiscuz, a WordPress plugin installed on over 80,000 sites. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site-s server.
https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/
Security updates for Wednesday
Security updates have been issued by Debian (curl, firefox-esr, luajit, and salt), Fedora (clamav, java-1.8.0-openjdk, and java-11-openjdk), Gentoo (claws-mail, dropbear, ffmpeg, libetpan, mujs, mutt, and rsync), openSUSE (qemu), Red Hat (openstack-tripleo-heat-templates), SUSE (freerdp, ldb, rubygem-puma, samba, and webkit2gtk3), and Ubuntu (mysql-5.7, mysql-8.0 and sympa).
https://lwn.net/Articles/827376/
Security Bulletin: Legacy Components of IBM Netcool Configuration Manager have been updated.
https://www.ibm.com/blogs/psirt/security-bulletin-legacy-components-of-ibm-netcool-configuration-manager-have-been-updated/
Security Bulletin: Apache CXF vulnerability identified in IBM Tivoli Application Dependency Discovery Manager (CVE-2020-1954)
https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-vulnerability-identified-in-ibm-tivoli-application-dependency-discovery-manager-cve-2020-1954/
Security Bulletin: IBM Planning Analytics has addressed multiple Security Vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-has-addressed-multiple-security-vulnerabilities-2/
Security Bulletin: IBM Maximo Asset Management is vulnerable to Information Disclosure (CVE-2020-4463)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-information-disclosure-cve-2020-4463/
Security Bulletin: Multiple Vulnerabilities in IBM Security Key Lifecycle Manager
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-security-key-lifecycle-manager/
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2019 - Includes Oracle Oct 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2019-includes-oracle-oct-2019-cpu-affects-ibm-tivoli-composite-application-manager-for-transactions-robotic-response-time/
IBM Informix: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes
http://www.cert-bund.de/advisoryshort/CB-K20-0764
Stored Cross-Site Scripting (XSS) Vulnerability in Namirial SIGNificant SignAnyWhere
https://sec-consult.com/./en/blog/advisories/stored-cross-site-scripting-xss-vulnerability-in-namirial-significant-signanywhere/