[CERT-daily] Tageszusammenfassung - 28.08.2020

Fri Aug 28 18:10:15 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 27-08-2020 18:00 − Freitag 28-08-2020 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Zahlen ohne PIN – Forscher knacken Visas NFC-Bezahlfunktion ∗∗∗
---------------------------------------------
Kontaktlos und ohne PIN bezahlten Forscher mit einer Visa-Karte quasi beliebig teure Produkte.
---------------------------------------------
https://heise.de/-4881555


∗∗∗ Achtung vor betrügerischen Werbeanzeigen auf Facebook, Instagram und Google! ∗∗∗
---------------------------------------------
Überall lauert Werbung, die uns dazu bringen will, ein bestimmtes Produkt zu kaufen oder eine Dienstleistung in Anspruch zu nehmen. Doch nicht jede Werbung ist seriös. Unter den vielen legitimen Werbetreibenden finden sich auch immer wieder Kriminelle. Das gilt für Soziale Medien genauso wie für Anzeigen, die bei einer Google-Suche ganz oben auftauchen. Wir zeigen Ihnen auf was Sie achten müssen, um unseriöse Werbeanzeigen zu entlarven!
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-vor-betruegerischen-werbeanzeigen-auf-facebook-instagram-und-google/


∗∗∗ Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning ∗∗∗
---------------------------------------------
Microsoft Defender ATP leverages AMSI’s visibility into scripts and harnesses the power of machine learning to detect and stop post-exploitation activities that largely rely on scripts.
---------------------------------------------
https://www.microsoft.com/security/blog/2020/08/27/stopping-active-directory-attacks-and-other-post-exploitation-behavior-with-amsi-and-machine-learning/


∗∗∗ Exploring the Ubiquiti UniFi Cloud Key Gen2 Plus ∗∗∗
---------------------------------------------
Scoping attack surface, setting up debugging for UniFi Protect and UniFi Management Portal APIs, and finding unauthenticated API vulnerabilities
---------------------------------------------
https://medium.com/tenable-techblog/exploring-the-ubiquiti-unifi-cloud-key-gen2-plus-f5b0f7ca688


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Multiple NETGEAR switching hubs vulnerable to cross-site request forgery ∗∗∗
---------------------------------------------
GS716Tv2 and GS724Tv3 provided by NETGEAR contain a cross-site request forgery vulnerability.
---------------------------------------------
https://jvn.jp/en/jp/JVN29903998/


∗∗∗ Cisco NX-OS Software Call Home Command Injection Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of specific Call Home configuration parameters when the software is configured for transport method HTTP.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-callhome-cmdinj-zkxzSCY


∗∗∗ [webapps] Wordpress Plugin Autoptimize 2.7.6 - Arbitrary File Upload (Authenticated) ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/48770


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-5/


∗∗∗ Security Bulletin: IBM Resilient users may experience a denial of service of the SOAR Platform due to a insufficient input validation (CVE-2019-4579) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-users-may-experience-a-denial-of-service-of-the-soar-platform-due-to-a-insufficient-input-validation-cve-2019-4579/


∗∗∗ Security Bulletin: Information Disclosure vulnerability in IBM Spectrum Protect Server (CVE-2020-4591) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-ibm-spectrum-protect-server-cve-2020-4591/


∗∗∗ Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition for Content Collecor for SAP Applications ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-ibm-sdk-java-technology-edition-for-content-collecor-for-sap-applications-2/


∗∗∗ Security Bulletin: IBM Resilient users may experience a denial of service of the SOAR Platform due to a insufficient input validation (CVE-2019-4533) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-users-may-experience-a-denial-of-service-of-the-soar-platform-due-to-a-insufficient-input-validation-cve-2019-4533/


∗∗∗ Security Bulletin: Information disclosure vulnerability in WebSphere Application Server – Liberty affects IBM MobileFirst Platform Foundation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-liberty-affects-ibm-mobilefirst-platform-foundation/


∗∗∗ Security Bulletin: Vulnerability exposure ( deferred from Oracle Jan 2020 Java CPU ) in IBM Java SDK affects IBM Operations Analytics Predictive Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-exposure-deferred-from-oracle-jan-2020-java-cpu-in-ibm-java-sdk-affects-ibm-operations-analytics-predictive-insights/


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jul 2020 – Includes Oracle Jul 2020 CPU plus one additional vulnerability affects Content Collecor for SAP Applications ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2020-includes-oracle-jul-2020-cpu-plus-one-additional-vulnerability-affects-content-collecor-for-sap-applications-2/


∗∗∗ Security Bulletin: Denial of Service vulnerability in IBM Spectrum Protect Server (CVE-2020-4559) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnerability-in-ibm-spectrum-protect-server-cve-2020-4559/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily