[CERT-daily] Tageszusammenfassung - 05.02.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 04-02-2020 18:00 − Mittwoch 05-02-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Bitbucket Abused to Infect 500,000+ Hosts with Malware Cocktail ∗∗∗
---------------------------------------------
Attackers are abusing the Bitbucket code hosting service to store seven types of malware threats used in an ongoing campaign that has already claimed more than 500,000 business computers across the world.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/bitbucket-abused-to-infect-500-000-hosts-with-malware-cocktail/


∗∗∗ Betrügerische WhatsApp-Nachrichten zu iPhone-Gewinn! ∗∗∗
---------------------------------------------
Kriminelle nützen momentan WhatsApp für die massenhafte Verbreitung einer Betrugsmasche. Sie versenden eine WhatsApp-Nachricht zu einem angeblichen Gewinn aus. Wer dem Link folgt und ein gratis iPhone erhalten möchte, muss die Nachricht an mindestens zehn WhatsApp-Kontakte weiterleiten. EmpfängerInnen dürfen weder Daten bekanntgeben noch die Nachricht weiterleiten.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-whatsapp-nachrichten-zu-iphone-gewinn/


∗∗∗ Researcher: Backdoor mechanism still active in devices using HiSilicon chips ∗∗∗
---------------------------------------------
Researcher said he did not notify HiSilicon due to a lack of trust in the hardware vendor to adequately fix the issue.
---------------------------------------------
https://www.zdnet.com/article/researcher-backdoor-mechanism-discovered-in-devices-using-hisilicon-chips/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ WhatsApp Bug Allowed Attackers to Access the Local File System ∗∗∗
---------------------------------------------
Facebook patched a critical WhatsApp vulnerability that would have allowed potential attackers to read files from a users local file system, on both macOS and Windows platforms.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/whatsapp-bug-allowed-attackers-to-access-the-local-file-system/


∗∗∗ VU#261385: Cisco Discovery Protocol (CDP) enabled devices are vulnerable to denial-of-service and remote code execution ∗∗∗
---------------------------------------------
CVE-2020-3110 Ciscos Video Surveillance 8000 Series IP cameras with CDP enabled are vulnerable to a heap overflow in the parsing of DeviceID type-length-value(TLV). The CVSS score reflected below is in regards to this vulnerability. CVE-2020-3111 Cisco Voice over Internet Protocol(VoIP)phones with CDP enabled are vulnerable to a stack overflow in the parsing of PortID type-length-value(TLV). CVE-2020-3118 Ciscos CDP subsystem of devices running,or based on,Cisco IOS XR Software are vulnerable.
---------------------------------------------
https://kb.cert.org/vuls/id/261385


∗∗∗ AutomationDirect C-More Touch Panels ∗∗∗
---------------------------------------------
This advisory contains mitigations for an insufficiently protected credentials vulnerability in AutomationDirects C-More Touch Panels software management platform.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-035-01


∗∗∗ Cisco Digital Network Architecture Center Stored Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190205-dnac-xss


∗∗∗ Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected device.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-DxJsRWRx


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (storebackup), openSUSE (e2fsprogs and wicked), Red Hat (containernetworking-plugins, ipa, kernel, kernel-rt, ksh, and qemu-kvm), Scientific Linux (ipa and qemu-kvm), SUSE (libqt5-qtbase, python-reportlab, and terraform), and Ubuntu (graphicsmagick, OpenSMTPD, spamassassin, and sudo).
---------------------------------------------
https://lwn.net/Articles/811597/


∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200205-01-smartphone-en


∗∗∗ Security Advisory - Denial of Service Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200205-01-dos-en


∗∗∗ Security Advisory - Information leakage Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200205-01-leakage-en


∗∗∗ Security Advisory - Information leakage Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200205-01-firewall-en


∗∗∗ Security Bulletin: Information Disclosure in WebSphere Application Server Admin Console (CVE-2019-4670) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-application-server-admin-console-cve-2019-4670/


∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment Response Time Monitoring Agent (CVE-2019-16168) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-response-time-monitoring-agent-cve-2019-16168/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2020 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-january-2020-cpu/


∗∗∗ Security Bulletin: IBM Cloud Automation Manager is affected by an issue with insecure cookie path attribute (CVE-2019-4616) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-automation-manager-is-affected-by-an-issue-with-insecure-cookie-path-attribute-cve-2019-4616/


∗∗∗ Security Bulletin: IBM Planning Analytics Local is affected by a security vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-local-is-affected-by-a-security-vulnerability/


∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2019-16168) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2019-16168/


∗∗∗ systemd: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0096


∗∗∗ MariaDB: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0095

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily