End-of-Day report
Timeframe: Freitag 24-04-2020 18:00 - Montag 27-04-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
BazarBackdoor: TrickBot gang-s new stealthy network-hacking malware
A new phishing campaign is delivering a new stealthy backdoor from the developers of TrickBot that is used to compromise and gain full access to corporate networks.
https://www.bleepingcomputer.com/news/security/bazarbackdoor-trickbot-gang-s-new-stealthy-network-hacking-malware/
Asnarök malware exploits firewall zero-day to steal credentials
Some Sophos firewall products were attacked with a new Trojan malware, dubbed Asnarök by researchers cyber-security firm Sophos, to steal usernames and hashed passwords starting with April 22 according to an official timeline.
https://www.bleepingcomputer.com/news/security/asnar-k-malware-exploits-firewall-zero-day-to-steal-credentials/
Shade Ransomware shuts down, releases 750K decryption keys
The operators behind the Shade Ransomware (Troldesh) have shut down their operations, released over 750,000 decryption keys, and apologized for the harm they caused their victims.
https://www.bleepingcomputer.com/news/security/shade-ransomware-shuts-down-releases-750k-decryption-keys/
Eight Common OT / Industrial Firewall Mistakes
Firewalls are easy to misconfigure. While the security consequences of such errors may be acceptable for some firewalls, the accumulated risks of misconfigured firewalls in a defense-in-depth OT network architecture are generally unacceptable.
https://threatpost.com/waterfall-eight-common-ot-industrial-firewall-mistakes/155061/
Understanding the basics of API security
This is the first of a series of articles that introduces and explains application programming interfaces (API) security threats, challenges, and solutions for participants in software development, operations, and protection.
https://www.helpnetsecurity.com/2020/04/27/basics-api-security/
GDPR.EU has er- a data leakage issue
The web site GDPR.EU is an advice site -operated by Proton Technologies AG, co-funded by - the EU Horizon Framework-. It-s full of useful advice for organisations that need to [...]
https://www.pentestpartners.com/security-blog/gdpr-eu-has-er-a-data-leakage-issue/
Vulnerabilities
Hacker nutzen Zero-Day-Lücke in Sophos-Firewall aus
Unbekannte stehlen Dateien mit Anmeldedaten von Firewall-Administratoren und lokalen Nutzern. Sophos findet keinen Hinweis auf einen Missbrauch dieser Daten. Inzwischen steht ein Notfall-Update für die Schwachstelle zur Verfügung.
https://www.zdnet.de/88379086/hacker-nutzen-zero-day-luecke-in-sophos-firewall-aus/
Duplicated Vulnerabilities in WordPress Plugins
During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post. With a bit of research, we came to the following conclusion: Many of these plugins came from the same source - and contained the same vulnerabilities.
https://blog.sucuri.net/2020/04/duplicated-vulnerabilities-in-wordpress-plugins.html
Authentication bypass in FortiMail and FortiVoiceEntreprise
An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.
https://fortiguard.com/psirt/FG-IR-20-045
High Severity Vulnerability Patched in Real-Time Find and Replace Plugin
On April 22, 2020, our Threat Intelligence team discovered a vulnerability in Real-Time Find and Replace, a WordPress plugin installed on over 100,000 sites. This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site-s administrator into performing an action, like clicking on a link in [...]
https://www.wordfence.com/blog/2020/04/high-severity-vulnerability-patched-in-real-time-find-and-replace-plugin/
Security updates for Monday
Security updates have been issued by Arch Linux (chromium), Debian (eog, jsch, libgsf, mailman, ncmpc, openjdk-11, php5, python-reportlab, radicale, and rzip), Fedora (ansible, dolphin-emu, git, gnuchess, liblas, openvpn, php, qt5-qtbase, rubygem-rake, snakeyaml, webkit2gtk3, and wireshark), Mageia (chromium-browser-stable, git, java-1.8.0-openjdk, kernel, kernel-linus, mp3gain, and virtualbox), openSUSE (crawl, cups, freeradius-server, kubernetes, and otrs), SUSE (apache2, kernel, pam_radius, [...]
https://lwn.net/Articles/818763/
JSA11021 - 2020-04 Out of Cycle Security Advisory: Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services
http://kb.juniper.net/InfoCenter/index/content&id=JSA11021&actp=RSS
HPESBHF03945 rev.1 - HPE Servers using Supplemental Update / Online ROM Flash Component for Linux, Local Execution of Arbitrary Code.
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03945en_us
OTRS: Schwachstelle ermöglicht Offenlegung von Informationen
http://www.cert-bund.de/advisoryshort/CB-K20-0372
ILIAS: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
http://www.cert-bund.de/advisoryshort/CB-K20-0370
Postfix: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
http://www.cert-bund.de/advisoryshort/CB-K20-0376
Security Bulletin: IBM Integration Bus affected by multiple Apache Tomcat (core only) vulnerabilities.
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-affected-by-multiple-apache-tomcat-core-only-vulnerabilities/
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilties
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilties-3/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Websphere Message Broker V8.
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-websphere-message-broker-v8-2/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Oct 2019 CPU (CVE-2019-2964, CVE-2019-2989 )
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-oct-2019-cpu-cve-2019-2964-cve-2019-2989-2/
Security Bulletin: There are multiple vulnerabilities in IBM® SDK Java- Technology Edition, Version 7, Version 8, that is used by IBM Workload Scheduler.
https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-version-7-version-8-that-is-used-by-ibm-workload-scheduler-2/
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-workload-scheduler/
Security Bulletin: There are multiple vulnerabilities in IBM® SDK Java- Technology Edition, Version 7, Version 8, that is used by IBM Workload Scheduler.
https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-version-7-version-8-that-is-used-by-ibm-workload-scheduler/