[CERT-daily] Tageszusammenfassung - 05.08.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 04-08-2020 18:00 − Mittwoch 05-08-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle ∗∗∗
---------------------------------------------
Posted by Mateusz Jurczyk, Project Zero. This post is the fourth of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices.
---------------------------------------------
https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-4-completing-aslr-oracle.html


∗∗∗ Richtlinien gegen Sicherheitslücken in Legacy-Programmiersprachen veröffentlicht ∗∗∗
---------------------------------------------
Das Politecnico di Milano und Trend Micro haben einen Leitfaden für das Entwickeln mit Legacy-Programmiersprachen für Betriebstechnik in der Industrie erstellt.
---------------------------------------------
https://heise.de/-4863229


∗∗∗ Sophos: Ransomware WastedLocker trickst Sicherheitsanwendungen aus ∗∗∗
---------------------------------------------
Die Hintermänner haben offenbar sehr gute Kenntnisse über interne Funktionen von Windows. Sie nutzen diese, um Dateien im Windows-Cache statt direkt auf der Festplatte zu verschlüsseln. Damit vereiteln sie eine verhaltensbasierte Analyse ihrer Schadsoftware.
---------------------------------------------
https://www.zdnet.de/88382004/sophos-ransomware-wastedlocker-trickst-sicherheitsanwendungen-aus/


∗∗∗ Unseriöse Angebote werben mit ORF-Promis ∗∗∗
---------------------------------------------
Immer wieder werden Promis dazu genutzt, um unseriöse Angebote zu bewerben. Aktuell werden vor allem Bilder von ORF-Stars und von nachgemachten Nachrichten-Logos verwendet, um Menschen in die Falle zu locken. Die gefälschten Werbungen werden Ihnen dabei beim Handy-Spielen angezeigt und sollen Sie dazu bringen Apps für Spieleautomaten herunterzuladen.
---------------------------------------------
https://www.watchlist-internet.at/news/unserioese-angebote-werben-mit-orf-promis/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Hackers can abuse Microsoft Teams updater to install malware ∗∗∗
---------------------------------------------
Microsoft Teams can still double as a Living off the Land binary (LoLBin) and help attackers retrieve and execute malware from a remote location.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-can-abuse-microsoft-teams-updater-to-install-malware/


∗∗∗ The Official Facebook Chat Plugin Created Vector for Social Engineering Attacks ∗∗∗
---------------------------------------------
On June 26, 2020, our Threat Intelligence team discovered a vulnerability in The Official Facebook Chat Plugin, a WordPress plugin installed on over 80,000 sites.
---------------------------------------------
https://www.wordfence.com/blog/2020/08/the-official-facebook-chat-plugin-created-vector-for-social-engineering-attacks/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (net-snmp), Fedora (mingw-curl), openSUSE (firefox, ghostscript, and opera), Oracle (libvncserver and postgresql-jdbc), Scientific Linux (postgresql-jdbc), SUSE (firefox, kernel, libX11, xen, and xorg-x11-libX11), and Ubuntu (apport, grub2, grub2-signed, libssh, libvirt, mysql-8.0, ppp, tomcat8, and whoopsie).
---------------------------------------------
https://lwn.net/Articles/828114/


∗∗∗ BlackBerry Powered by Android Security Bulletin - July 2020 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000065044


∗∗∗ GRUB2 Arbitrary Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY


∗∗∗ Security Advisory - Information Leak Vulnerabilities in Huawei FusionCompute Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-01-fc-en


∗∗∗ Security Advisory - Local Privilege Escalation Vulnerability in Huawei FusionCompute Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-01-fusioncompute-en


∗∗∗ Security Advisory - Denial of Service Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-01-smartphone-en


∗∗∗ Security Advisory - Protection Mechanism Failure Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-01-failure-en


∗∗∗ Security Advisory - Elevation of Privilege Vulnerability in Some Microsoft Windows Systems ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-01-windows-en


∗∗∗ Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows SMBv1 ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-01-smb-en


∗∗∗ Security Bulletin: jackson-databind (Publicly disclosed vulnerability) found in Network Performance Insight (CVE-2019-14892, CVE-2019-14893) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-publicly-disclosed-vulnerability-found-in-network-performance-insight-cve-2019-14892-cve-2019-14893/


∗∗∗ Security Bulletin: CVE-2014-3577 HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2014-3577-httpcomponents-httpclient-before-4-3-5-and-httpasyncclient-before-4-0-2-does-not-properly-verify-that-the-server-hostname-matches-a-domain-name/


∗∗∗ Security Bulletin: CVE-2020-4481 HTTP properties vulnerable to an XXE attack ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-4481-http-properties-vulnerable-to-an-xxe-attack/


∗∗∗ Security Bulletin: vulnerabilities in in IBM® Runtime Environment Java™ Version 8 affect IBM WIoTP MessageGateway (CVE-2020-2805, CVE-2020-2803, CVE-2020-2781, CVE-2020-2755, CVE-2020-2754) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-in-ibm-runtime-environment-java-version-8-affect-ibm-wiotp-messagegateway-cve-2020-2805-cve-2020-2803-cve-2020-2781-cve-2020-2755-cve-2020-2754-2/


∗∗∗ Security Bulletin: CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2009-2625-cve-2012-0881-cve-2013-4002-cve-2014-0107-multiple-xml-handling-issues-in-xerces-and-xalan/


∗∗∗ Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js http-proxy module denial of service ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-node-js-http-proxy-module-denial-of-service/


∗∗∗ Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-2949-may-affect-ibm-sdk-java-technology-edition-2/


∗∗∗ Security Bulletin: CVE-2015-5254 Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2015-5254-apache-activemq-5-x-before-5-13-0-does-not-restrict-the-classes-that-can-be-serialized-in-the-broker/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-bus-and-ibm-app-connect-enterpise-v11-4/


∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4243) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4243/


∗∗∗ IBM Spectrum Protect: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0785

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily