Tageszusammenfassung - 08.05.2020

End-of-Day report

Timeframe: Donnerstag 07-05-2020 18:00 - Freitag 08-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter

News

Blue Mockingbird Monero-Mining Campaign Exploits Web Apps

The cybercriminals are using a deserialization vulnerability, CVE-2019-18935, to achieve remote code execution before moving laterally through the enterprise.

https://threatpost.com/blue-mockingbird-monero-mining/155581/


Navigating the MAZE: Tactics, Techniques and Procedures Associated WithMAZE Ransomware Incidents

Targeted ransomware incidents have brought a threat of disruptive and destructive attacks to organizations across industries and geographies. FireEye Mandiant Threat Intelligence has previously documented this threat in our investigations of trends across ransomware incidents, FIN6 activity, implications for OT networks, and other aspects of post-compromise ransomware deployment.

http://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html

Vulnerabilities

Security updates for Friday

Security updates have been issued by Debian (firefox-esr, salt, and webkit2gtk), Fedora (firefox, mingw-gnutls, nss, and teeworlds), Mageia (firefox, libvncserver, matio, qt4, roundcubemail, samba, thunderbird, and vlc), Oracle (firefox and squid), SUSE (firefox, ghostscript, openldap2, rmt-server, syslog-ng, and webkit2gtk3), and Ubuntu (firefox).

https://lwn.net/Articles/819969/


Ruby on Rails: Schwachstelle ermöglicht Offenlegung von Informationen

http://www.cert-bund.de/advisoryshort/CB-K20-0436


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-itcam-for-soa-2/


Security Bulletin: Vulnerabilities exist in IBM Data Risk Manager (CVE-2020-4427, CVE-2020-4428, CVE-2020-4429, and CVE-2020-4430)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-exist-in-ibm-data-risk-manager-cve-2020-4427-cve-2020-4428-cve-2020-4429-and-cve-2020-4430/


Security Bulletin: Security vulnerabilities in Dojo and jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)

https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-dojo-and-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-2/


Security Bulletin: Multiple security vulnerabilities in Swagger UI affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-swagger-ui-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-2/


Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-april-2020-cpu-plus-deferred-cve-2019-2949-and-cve-2020-2654/


Security Bulletin: Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation.

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/