[CERT-daily] Tageszusammenfassung - 17.12.2020

Daily end-of-shift report team at cert.at
Thu Dec 17 18:07:45 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 16-12-2020 18:00 − Donnerstag 17-12-2020 18:00
Handler:     Robert Waldner
Co-Handler:  Dimitri Robl

=====================
=       News        =
=====================

∗∗∗ Maximizing Your Defense with Windows DNS Logging ∗∗∗
---------------------------------------------
In part 3 of 5 of this blog series, learn how to improve your log collection deployment. Follow a sample Windows log scenario and receive a deployment checklist to help optimize your DNS logging.
---------------------------------------------
https://www.domaintools.com/resources/blog/maximizing-your-defense-with-windows-dns-logging


∗∗∗ IoT: Wenn Sicherheitsrisiken unter dem Weihnachtsbaum landen ∗∗∗
---------------------------------------------
Experten haben beliebte, vernetzte Gadgets auf Sicherheitslücken und Datenhunger untersucht und Erschreckendes festgestellt.
---------------------------------------------
https://futurezone.at/netzpolitik/iot-wenn-sicherheitsrisiken-unterm-weihnachtsbaum-landen/401131698


∗∗∗ DNS Logs in Public Clouds, (Wed, Dec 16th) ∗∗∗
---------------------------------------------
The current Solarwinds/Sunburst/Fireeye incident and its associated command&control (C2) traffic to avsvmcloud[.]com domains have spurred potentially affected Solarwinds customers to searching their logs and data for any presence of this C2 domain.
---------------------------------------------
https://isc.sans.edu/diary/rss/26892


∗∗∗ The NoneNone Brute Force Attacks: Even Hackers Need QA ∗∗∗
---------------------------------------------
For the last few weeks we’ve seen and blocked an increase in brute-force, credential stuffing, and dictionary attacks targeting the WordPress xmlrpc.php endpoint, on some days exceeding 150 million attacks against 1.9 million sites in a 24-hour period.
---------------------------------------------
https://www.wordfence.com/blog/2020/12/the-nonenone-brute-force-attacks-even-hackers-need-qa/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ WordPress plugin with 5 million installs has a critical vulnerability ∗∗∗
---------------------------------------------
The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch. The vulnerable plugin, Contact Form 7, has over 5 million active installations making this upgrade a necessity for WordPress site owners out there.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/wordpress-plugin-with-5-million-installs-has-a-critical-vulnerability/


∗∗∗ CVE-2020-25695 Privilege Escalation in Postgresql ∗∗∗
---------------------------------------------
This is my first and probably only post for the year, and covers a fun privilege escalation vulnerability I found in Postgresql. This affects all supported versions of Postgresql going back to 9.5, it is likely it affects most earlier versions as well. (Notiz: fehlerbereinigte Versionen wurden am 12. Nov. 2020 veröffentlicht.)
---------------------------------------------
https://staaldraad.github.io/post/2020-12-15-cve-2020-25695-postgresql-privesc/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr, sympa, thunderbird, tomcat8, and xerces-c), Fedora (fprintd, kernel, libfprint, and synergy), Mageia (bitcoin, dpic, firefox, jasper, jupyter-notebook, sam2p, thunderbird, and x11-server), Oracle (firefox, gd, kernel, net-snmp, openssl, python-rtslib, samba, and targetcli), Red Hat (fapolicyd, openshift, Red Hat Virtualization, and web-admin-build), SUSE (xen), and Ubuntu (unzip).
---------------------------------------------
https://lwn.net/Articles/840583/


∗∗∗ Security Advisory - Out Of Bound Read Vulnerability in Huawei Smartphone ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201216-01-taurus-en


∗∗∗ Security Advisory - Use after Free Vulnerability in Huawei Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201216-01-smartphone-en


∗∗∗ Security Advisory - Information Leak Vulnerability in Huawei Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201216-01-neteco-en


∗∗∗ Security Advisory - Resource Management Errors Vulnerability in Huawei Smartphone Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201216-02-smartphone-en


∗∗∗ Security Bulletin: A GNU glibc vulnerability affects IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-gnu-glibc-vulnerability-affects-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/


∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-cve-2020-4386-6/


∗∗∗ Security Bulletin: Spring Framework vulnerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-spring-framework-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/


∗∗∗ Security Bulletin: Apache Tomcat vulnerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-tomcat-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester-2/


∗∗∗ Security Bulletin: Java Vulnerablity affects IBM Watson Speech Services for Cloud Pak for Data 1.2 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerablity-affects-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/


∗∗∗ Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Manager previously known as IBM Security Privilege Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-security-verify-privilege-manager-previously-known-as-ibm-security-privilege-manager-2/


∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Performance Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affects-rational-performance-tester/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-service-tester-3/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-z-tpf-5/


∗∗∗ F5 BIG-IP: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-1245

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list