End-of-Day report
Timeframe: Freitag 23-08-2019 18:00 - Montag 26-08-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Phishing-Mail: Keine 1.957,05 Euro Rückzahlung vom Finanzministerium!
Kriminelle versenden betrügerische Phishing-Mails im Namen des Bundesministeriums für Finanzen (BMF), in denen sie Konsument/innen über eine angebliche Rückzahlung über 1957 Euro informieren. Empfänger/innen dürfen den Links in der Nachricht nicht folgen und keine Daten bekanntgeben. Sie landen in den Händen Krimineller und können für weitere Verbrechen missbraucht werden.
https://www.watchlist-internet.at/news/phishing-mail-keine-195705-euro-rueckzahlung-vom-finanzministerium/
Lenovo Crapware: Vorinstallierte Systemsoftware macht Laptops angreifbar
Wer noch das Lenovo Solution Center auf seinem System hat, sollte es schnellstmöglich deinstallieren.
https://heise.de/-4505088
Jetzt patchen! Exploit-Code für Cisco-Switches in Umlauf
Es könnten Angriffe auf Switches von Cisco bevorstehen. Sicherheitsupdates gibt es bereits seit Anfang August.
https://heise.de/-4505182
Attackers are targeting vulnerable Fortigate and Pulse Secure SSL VPNs
Attackers are taking advantage of recently released vulnerability details and PoC exploit code to extract private keys and user passwords from vulnerable Pulse Connect Secure SSL VPN and Fortigate SSL VPN installations. About the vulnerabilities Attackers have been scanning for and targeting two vulnerabilities: CVE-2019-11510, an arbitrary file reading vulnerability in Pulse Connect Secure CVE-2018-13379, a path traversal flaw in the FortiOS SSL VPN web portal.
https://www.helpnetsecurity.com/2019/08/26/vulnerable-fortigate-pulse-secure-ssl-vpn/
Malicious WordPress Redirect Campaign Attacking Several Plugins
Over the past few weeks, our Threat Intelligence team has been tracking an active attack campaign targeting a selection of new and old WordPress plugin vulnerabilities. These attacks seek to maliciously redirect traffic from victims- sites to a number of potentially harmful locations.
https://www.wordfence.com/blog/2019/08/malicious-wordpress-redirect-campaign-attacking-several-plugins/
Vulnerabilities
Security updates for Monday
Security updates have been issued by Arch Linux (firefox, libreoffice-still, nginx, nginx-mainline, and subversion), Debian (commons-beanutils, h2o, libapache2-mod-auth-openidc, libmspack, qemu, squid, and tiff), Fedora (kubernetes, libmodbus, nfdump, and nodejs), openSUSE (dkgpg, libTMCG, go1.12, neovim, python, qbittorrent, schismtracker, teeworlds, thunderbird, and zstd), and SUSE (go1.11, go1.12, python-SQLAlchemy, and python-Twisted).
https://lwn.net/Articles/797286/
IBM Security Bulletin: IBM Db2 Mirror for i is affected by CVE-2019-4536
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-mirror-for-i-is-affected-by-cve-2019-4536/
IBM Security Bulletin: IBM Cloud Automation Manager is affected by a forbidden resouce redirect for bad API path CVE-2019-4132
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-automation-manager-is-affected-by-a-forbidden-resouce-redirect-for-bad-api-path-cve-2019-4132/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-itcam-for-soa-5/
IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server July 2019 CPU
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-july-2019-cpu/