End-of-Day report
Timeframe:   Mittwoch 18-03-2020 18:00 - Donnerstag 19-03-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter
      News       
Shadowserver Foundation: Gemeinnütziges IT-Security-Team benötigt Spenden
Das Shadowserver-Team unterstützt Strafverfolgungsbehörden dabei, Cybergangstern das Handwerk zu legen. Jetzt braucht es selbst zeitnah (finanzielle) Hilfe.
https://heise.de/-4686211
RedLine Info-Stealing Malware Spread by Folding@home Phishing
A new phishing email is trying to take advantage of the Coronavirus pandemic and the race to develop medications by promoting a fake Folding@home app that installs an information-stealing malware.
https://www.bleepingcomputer.com/news/security/redline-info-stealing-malware-spread-by-folding-home-phishing/
InfoSec Conferences Canceled? We-ve Hours Of Recordings!
If you planned to attend some security conferences in the coming weeks, there are risks to have them canceled- Normally, I should be now in Germany to attend TROOPERS- Canceled! SAS2020 (-Security Analyst Summit-)- Canceled! FIRST TC Amsterdam- Canceled! And more will probably be added to the long list.
https://blog.rootshell.be/2020/03/19/infosec-conferences-canceled-weve-hours-of-recordings/
Achtung vor dem Fake-Shop hausmasters.net
Hausmasters.net bietet unzählige Haushaltswaren zu Bestpreisen mit kostenlosem Versand nach Österreich, Deutschland und in die Schweiz an. Das breite Sortiment bestehend aus Kühlschränken, Staubsaugern, Waschmaschinen und der moderne Webauftritt laden zu einem schnellen Kauf ein. Doch Vorsicht: Hier zahlen Sie per Vorkasse, erhalten dafür aber nie eine Lieferung. Es handelt sich um einen Fake-Shop.
https://www.watchlist-internet.at/news/achtung-vor-dem-fake-shop-hausmastersnet/
France warns of new ransomware gang targeting local governments
CERT France says some local governments have been infected with a new version of the Pysa (Mespinoza) ransomware.
https://www.zdnet.com/article/france-warns-of-new-ransomware-gang-targeting-local-governments/
 Vulnerabilities 
Adobe: Weitere teils kritische Updates unter anderem für Photoshop und Bridge
Nicht nur bei Acrobat und Reader hat Adobe nachgebessert, sondern auch bei Bridge, ColdFusion, Experience Manager, Photoshop und Genuine Integrity Service.
https://heise.de/-4686418
Security updates for Thursday
Security updates have been issued by Debian (gdal), Fedora (nethack), Mageia (okular, sleuthkit, and webkit2), openSUSE (salt), Oracle (icu, kernel, python-pip, python-virtualenv, and zsh), Red Hat (icu, python-imaging, thunderbird, and zsh), Scientific Linux (icu, python-imaging, and zsh), SUSE (postgresql10), and Ubuntu (apache2).
https://lwn.net/Articles/815442/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-business-developer/
Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-backup-archive-client-web-user-interface-ibm-spectrum-protect-for-space-management-and-ibm/
Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Check Services (CVE-2019-4732)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-check-services-cve-2019-4732/
Security Bulletin: IBM Java Runtime Vulnerabilities affect the IBM Spectrum Protect Backup-Archive Client and web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments (CVE-2019-4732,
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerabilities-affect-the-ibm-spectrum-protect-backup-archive-client-and-web-user-interface-ibm-spectrum-protect-for-space-management-and-ibm-spectrum-protect-fo/
Security Bulletin: IBM DataPower Gateway is potentially vulnerable to a DoS issue when processing regular expressions (CVE-2017-16231)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-is-potentially-vulnerable-to-a-dos-issue-when-processing-regular-expressions-cve-2017-16231/
Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Snapshot for VMware (CVE-2019-4304, CVE-2019-4305, CVE-2019-4441, CVE-2014-3603)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-snapshot-for-vmware-cve-2019-4304-cve-2019-4305-cve-2019-4441-cve-2014-3603/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-host-on-demand/
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2019-1547, CVE-2019-1549, CVE-2019-1563, CVE-2019-1552)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2019-1547-cve-2019-1549-cve-2019-1563-cve-2019-1552/
Security Bulletin: Potential exposure of sensitive data in IBM DataPower Gateway (CVE-2020-4203)
https://www.ibm.com/blogs/psirt/security-bulletin-potential-exposure-of-sensitive-data-in-ibm-datapower-gateway-cve-2020-4203/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect OS Images for Red Hat Linux Systems (Oct2019 updates)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-os-images-for-red-hat-linux-systems-oct2019-updates/
Red Hat Enterprise Linux: Schwachstelle ermöglicht Codeausführung
http://www.cert-bund.de/advisoryshort/CB-K20-0241
Drupal: Mehrere Schwachstelle ermöglichen Cross-Site Scripting
http://www.cert-bund.de/advisoryshort/CB-K20-0240