End-of-Day report
Timeframe: Dienstag 24-03-2020 18:00 - Mittwoch 25-03-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Ginp Mobile Banker Targets Spain with "Coronavirus Finder" Lure
In todays deluge of malicious campaigns exploiting the COVID-19 topic, handlers of the Android banking trojan Ginp stand out with operation Coronavirus Finder.
https://www.bleepingcomputer.com/news/security/ginp-mobile-banker-targets-spain-with-coronavirus-finder-lure/
Three More Ransomware Families Create Sites to Leak Stolen Data
Three more ransomware families have created sites that are being used to leak the stolen data of non-paying victims and further illustrates why all ransomware attacks must be considered data breaches.
https://www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/
Firmware-Bug zerstört SSDs nach genau 40.000 Stunden
Hewlett Packard warnt davor, dass alle Daten nach Ablauf der Zeit unwiederbringlich gelöscht werden.
https://futurezone.at/produkte/firmware-bug-zerstoert-ssds-nach-genau-40000-stunden/400792907
Traffic to Malicious Websites Spiking as more Employees Take Up Work from Home
Heimdal- Security-s Incident Response and Research team has recently uncovered evidence of what a potentially dangerous campaign directed at employees working from home. With many cities under lockdown due to the COVID-19 pandemic, companies were mandated to allow the employees to work from home, in a bid to stop the spread of the virus. Since [...]
https://heimdalsecurity.com/blog/malicious-websites-work-from-home/
TrickBot Mobile App Bypasses 2-Factor Authentication for Net Banking Services
The malware authors behind TrickBot banking Trojan have developed a new Android app that can intercept one-time authorization codes sent to Internet banking customers via SMS or relatively more secure push notifications, and complete fraudulent transactions. The Android app, called "TrickMo" by IBM X-Force researchers, is under active development and has exclusively targeted German users [...]
https://thehackernews.com/2020/03/trickbot-two-factor-mobile-malware.html
Microsoft Defender: "Scan-Skip-Bug" mit Update KB4052623 anscheinend beseitigt
Das von Microsoft für den Windows Defender veröffentlichte Update KB4052623 scheint die Meldung, dass Elemente beim Scan übersprungen wurden, zu eliminieren.
https://heise.de/-4690575
VMware Again Fails to Patch Privilege Escalation Vulnerability in Fusion
VMware has released an update for the macOS version of Fusion to fix a privilege escalation vulnerability for which it initially released an incomplete patch. However, one of the researchers who found it says the patch is "still bad".
https://www.securityweek.com/vmware-again-fails-patch-privilege-escalation-vulnerability-fusion
Videolabs Patches Code Execution, DoS Vulnerabilities in libmicrodns Library
Vulnerabilities that Videolabs recently addressed in its libmicrodns library could lead to denial of service (DoS) and arbitrary code execution, Cisco Talos- security researchers warn.
https://www.securityweek.com/videolabs-patches-code-execution-dos-vulnerabilities-libmicrodns-library
Vulnerabilities
Critical RCE Bug Affects Millions of OpenWrt-based Network Devices
A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as CVE-2020-7982, the vulnerability resides in the OPKG package manager of OpenWrt that exists in the [...]
https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: iTunes 12.10.5 for Windows iOS 13.4 and iPadOS 13.4 Safari 13.1 watchOS 6.2 tvOS 13.4 macOS [...]
https://www.us-cert.gov/ncas/current-activity/2020/03/25/apple-releases-security-updates
Security updates for Wednesday
Security updates have been issued by Debian (e2fsprogs, ruby2.1, and weechat), Fedora (java-1.8.0-openjdk and webkit2gtk3), openSUSE (apache2-mod_auth_openidc, glibc, mcpp, nghttp2, and skopeo), Oracle (libvncserver and thunderbird), and SUSE (keepalived).
https://lwn.net/Articles/815937/
BlackBerry Powered by Android Security Bulletin - March 2019
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000055800
Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Privilegieneskalation
http://www.cert-bund.de/advisoryshort/CB-K20-0262
Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200325-01-phone-en
Security Advisory - Improper Access Control Vulnerability in Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200325-02-smartphone-en
Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191204-01-vrp-en
Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Log4j vulnerability (CVE-2019-17571)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-apache-log4j-vulnerability-cve-2019-17571/
Security Bulletin: Security vulnerability is identified in Apache POI server where Rational Asset Manager is deployed (CVE-2019-12415)
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-is-identified-in-apache-poi-server-where-rational-asset-manager-is-deployed-cve-2019-12415/
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact (CVE-2019-4441)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-websphere-application-server-shipped-with-ibm-tivoli-netcool-impact-cve-2019-4441/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling External Authentication Server
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-external-authentication-server-2/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime 1.8 affect IBM Sterling Secure Proxy
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-1-8-affect-ibm-sterling-secure-proxy-2/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-doors-web-access-2/
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2019-4305)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-websphere-application-server-liberty-shipped-with-ibm-tivoli-netcool-impact-cve-2019-4305/
Security Bulletin: CVE-2019-4732 vulnerabilitiy in IBM Java Runtime affects IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4732-vulnerabilitiy-in-ibm-java-runtime-affects-ibm-process-designer-used-in-ibm-business-automation-workflow-and-ibm-business-process-manager/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling External Authentication Server
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-external-authentication-server/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime 1.8 affect IBM Sterling Secure Proxy
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-1-8-affect-ibm-sterling-secure-proxy/