End-of-Day report
Timeframe:   Freitag 11-10-2019 18:00 - Montag 14-10-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a
      News       
The Week in Ransomware - October 11th 2019 - Decryptors Released!
We had some interesting news this week, such as the HildaCrypt ransomware releasing their keys, RobbinHood Ransomware bragging about their past exploits, a Muhstik Ransomware victim hacking back and stealing the decryption keys, and a Nemty decryptor being released.
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-11th-2019-decryptors-released/
Sodinokibi Ransomware: Following the Affiliate Money Trail
After a Sodinokibi ransomware affiliate posted partial transaction IDs for ransomware payments, researchers were able to use that information to follow the money trail for affiliates and in some cases, how they spend their illicit earnings.
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-following-the-affiliate-money-trail/
Simjacker: SIM-Karten in 29 Ländern anfällig für SMS-Angriff
Mit einer präparierten SMS können Daten aus dem Mobiltelefon ausgelesen werden. Die Sicherheitsfirma Adaptive Mobile hat den Simjacker genannten Angriff entdeckt und die betroffenen Staaten veröffentlicht. Demnach nutzte in drei Ländern eine Überwachungsfirma die Lücke aktiv aus.
https://www.golem.de/news/simjacker-sim-karten-in-29-laendern-anfaellig-fuer-sms-angriff-1910-144399-rss.html
Pass the AppleJeus
A new macOS backdoor written by the infamous Lazarus APT group needs analyzing. Here, we examine its infection vector, method of persistence, capabilities, and more!
https://objective-see.com/blog/blog_0x49.html
Another successful edition of the European Cyber Security Challenge concluded in Romania
The sixth edition of the European Cyber Security Challenge (ECSC), organised from 9 to 11 October in Bucharest at the Palace of the Parliament, the heaviest building and the second-largest building in the world, has concluded. Team Romania - followed by Italy and Austria - has proven successful in completing the most advanced and complex cybersecurity challenges and is thereby the proud winner of ECSC2019.
https://www.enisa.europa.eu/news/enisa-news/another-successful-edition-of-the-european-cyber-security-challenge-concluded-in-romania
Most SSL certificate misissuance caused by software bugs and rule misinterpretations
Academic study analyzed 379 incidents of incorrectly-issued SSL certificates from a total of 1,300+ known cases.
https://www.zdnet.com/article/most-ssl-certificate-misissuance-caused-by-software-bugs-and-rule-misinterpretations/
 Vulnerabilities 
Upcoming Security Updates for Adobe Acrobat and Reader (APSB19-49)
A prenotification security advisory (APSB19-49) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, October 15, 2019. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well as the Adobe PSIRT Blog.
https://blogs.adobe.com/psirt/?p=1793
Security updates for Monday
Security updates have been issued by Arch Linux (chromium, sdl, and unbound), Debian (clamav, libdatetime-timezone-perl, openssl, tcpdump, and tzdata), Fedora (cutter-re, jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-parent, libapreq2, ming, opendmarc, radare2, and thunderbird), openSUSE (chromium), Oracle (kernel), and SUSE (axis, jakarta-commons-fileupload, kernel, sles12sp3-docker-image, sles12sp4-image, system-user-root, and webkit2gtk3).
https://lwn.net/Articles/802268/
Critical Flaw in Sophos Cyberoam Appliances Allows Remote Code Execution
A critical vulnerability patched recently by Sophos in its Cyberoam firewall appliances allows a remote, unauthenticated attacker to execute arbitrary commands with root privileges.
https://www.securityweek.com/critical-flaw-sophos-cyberoam-appliances-allows-remote-code-execution
Swift 5.1.1 for Ubuntu
https://support.apple.com/kb/HT210647
Reflected XSS vulnerability in OpenProject (CVE-2019-17092)
https://sec-consult.com/en/blog/advisories/reflected-xss-vulnerability-in-openproject-cve-2019-17092/