[CERT-daily] Tageszusammenfassung - 14.12.2020

Daily end-of-shift report team at cert.at
Mon Dec 14 18:09:28 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 11-12-2020 18:00 − Montag 14-12-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Backdoor in SolarWinds Orion ∗∗∗
---------------------------------------------
Nach einem erfolgreichen Angriff auf den IT-Security-Dienstleister FireEye in der vergangen Woche, wurden neue Informationen zu dem Vorfall veröffentlicht. Wie nun bekannt wurde, erfolgten die Angriffe mittels einer sogenannten "Supply-Chain-Attack"; sowohl SolarWinds als auch FireEye berichten, dass die AngreiferInnen bei einem erfolgreichen Angriff auf SolarWinds eine Hintertür in Updates für das Produkt "SolarWinds Orion" eingeschleust haben. Betroffen sind [...]
---------------------------------------------
https://cert.at/de/aktuelles/2020/12/backdoor-in-solarwinds-orion


∗∗∗ pfSense Firewall Configuration Audit with pfAudit ∗∗∗
---------------------------------------------
pfSense is a very popular free and open source firewall solution. It does not only provide classic firewall services but has plenty of features like VPN server or can offer DNS, DHCP, proxy services [...]
---------------------------------------------
https://blog.rootshell.be/2020/12/14/pfsense-firewall-configuration-audit-with-pfaudit/


∗∗∗ PyMICROPSIA: New Information-Stealing Trojan from AridViper ∗∗∗
---------------------------------------------
We've identified a new information-stealing Trojan we call PyMICROPSIA, related to the previously identified MICROPSIA malware family.
---------------------------------------------
https://unit42.paloaltonetworks.com/pymicropsia/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Patchday: Google schließt gefährliche Lücken in Android 8.0 bis 11 ∗∗∗
---------------------------------------------
Es sind wichtige Sicherheitsupdates für eine Reihe von Android-Versionen erschienen. Angreifer könnten unter anderem Schadcode ausführen.
---------------------------------------------
https://heise.de/-4988647


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (lxml, openexr, openssl, and openssl1.0), Fedora (libpri, libxls, mediawiki, nodejs, opensc, php-wikimedia-assert, php-zordius-lightncandy, squeezelite, and wireshark), openSUSE (curl, openssh, openssl-1_0_0, python-urllib3, and rpmlint), Red Hat (libexif, libpq, and thunderbird), Slackware (p11), SUSE (kernel, Kubernetes, etcd, helm, openssl, openssl-1_0_0, and python), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, [...]
---------------------------------------------
https://lwn.net/Articles/840110/


∗∗∗ Zero-Day-Lücke im WordPress-SMTP-Plug-in erlaubt das Zurücksetzen von Admin-Passwörtern ∗∗∗
---------------------------------------------
Das Plug-in speichert eine Log-Datei in einem unter Umständen unsicheren Verzeichnis. Hacker erhalten so Zugriff auf die Datei, die auch Links zum Zurücksetzen von Administrator-Passwörtern aufzeichnet. Inzwischen steht ein Patch für die Schwachstelle zur Verfügung.
---------------------------------------------
https://www.zdnet.de/88390454/zero-day-luecke-im-wordpress-smtp-plug-in-erlaubt-das-zuruecksetzen-von-admin-passwoertern/


∗∗∗ BIND vulnerability CVE-2020-8624 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K91090139


∗∗∗ Apache Struts vulnerability CVE-2012-0392 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K13434228


∗∗∗ Apache Struts vulnerability CVE-2012-0391 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K20127031


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-security-siteprotector-system-3/


∗∗∗ Security Bulletin: IBM Resilient Platform could allow formula injection in Excel (CVE-2020-4633) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-platform-could-allow-formula-injection-in-excel-cve-2020-4633-2/


∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-node-js-vulnerability-2/


∗∗∗ Security Bulletin: Security Vulnerabilities in GNU glibc affect IBM Cloud Pak for Data – GNU glibc (CVE-2020-1751) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-gnu-glibc-affect-ibm-cloud-pak-for-data-gnu-glibc-cve-2020-1751/


∗∗∗ Security Bulletin: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validation of input. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-codec-could-allow-a-remote-attacker-to-obtain-sensitive-information-caused-by-the-improper-validation-of-input/


∗∗∗ Security Bulletin: Apache Hadoop could allow a remote attacker to obtain sensitive information that could affect IBM Streams. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-hadoop-could-allow-a-remote-attacker-to-obtain-sensitive-information-that-could-affect-ibm-streams/


∗∗∗ Security Bulletin: App Connect Enterprise Certified Container may be vulnerable to man in the middle attack through use of OpenSSL (CVE-2019-1551) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-may-be-vulnerable-to-man-in-the-middle-attack-through-use-of-openssl-cve-2019-1551/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server October 2020 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-october-2020-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/


∗∗∗ Security Bulletin: Java vulnerability CVE-2020-2590 affecting IBM Streams ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerability-cve-2020-2590-affecting-ibm-streams/


∗∗∗ Security Bulletin: Open Source Security issues for NPS service provider ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-open-source-security-issues-for-nps-service-provider/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list