[CERT-daily] Tageszusammenfassung - 18.02.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 17-02-2020 18:00 − Dienstag 18-02-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ SSL Testing Methods ∗∗∗
---------------------------------------------
Not all SSL configurations on websites are equal, and a growing number push for HTTPS everywhere. There is an increasing demand to check and quantify that little padlock in your browser. Some simple online tools provide a fast SSL report. They are SSL configuration checkers, which do not just check a certificate, which is really only part of that configuration. Instead, they perform a more thorough look.
---------------------------------------------
https://blog.sucuri.net/2020/02/ssl-testing-methods.html


∗∗∗ Gut behütet: OWASP API Security Top 10 ∗∗∗
---------------------------------------------
Zunehmend stehen APIs im Visier von Hackern. Ein Blick auf die neue OWASP-Liste zu den Schwachstellen zeigt, an welchen Stellen Entwickler gefordert sind.
---------------------------------------------
https://heise.de/-4660904


∗∗∗ Kritische Lücke in WordPress-Plugin Profile Builder macht jeden zum Site-Admin ∗∗∗
---------------------------------------------
In der aktuellen Version des WordPress-Plugin Profile Builder haben die Entwickler eine Sicherheitslücke mit Höchstwertung geschlossen.
---------------------------------------------
https://heise.de/-4663152


∗∗∗ Building a bypass with MSBuild ∗∗∗
---------------------------------------------
Living-off-the-land binaries (LoLBins) continue to pose a risk to security defenders. We analyze the usage of the Microsoft Build Engine by attackers and red team personnel. These threats demonstrate techniques T1127 (Trusted Developer Utilities) and T1500 (Compile After Delivery) of MITRE ATT&CK framework.
---------------------------------------------
https://blog.talosintelligence.com/2020/02/building-bypass-with-msbuild.html


∗∗∗ Vorsicht vor betrügerischen PayLife E-Mails ∗∗∗
---------------------------------------------
PayLife KundInnen aufgepasst: Aktuell sind Phishing-E-Mails unterwegs. Kriminelle geben sich als PayLife aus und behaupten, dass Ihre Karte gesperrt wurde. Um die Karte wieder freizuschalten, müssen Sie einen Identifikationsprozess durchlaufen und Ihre Daten bestätigen. Klicken Sie keinesfalls auf den Link, es handelt sich um Betrug!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-betruegerischen-paylife-e-mails/


∗∗∗ Bypass Windows 10 User Group Policy (and more) with this One Weird Trick ∗∗∗
---------------------------------------------
I‘m going to share an (ab)use of a Windows feature which can result in bypassing User Group Policy (as well as a few other interesting things). Bypassing User Group Policy is not the end of the world, but it’s also not something that should be allowed and depending on User Group Policy setup, could result in unfortunate security scenarios.
---------------------------------------------
https://medium.com/tenable-techblog/bypass-windows-10-user-group-policy-and-more-with-this-one-weird-trick-552d4bc5cc1b



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Vulnerability in wpCentral Plugin Leads to Privilege Escalation ∗∗∗
---------------------------------------------
Description: Improper Access Control to Privilege Escalation 
Affected Plugin: wpCentral 
Affected Versions: [...]
---------------------------------------------
https://www.wordfence.com/blog/2020/02/vulnerability-in-wpcentral-plugin-leads-to-privilege-escalation/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (systemd and thunderbird), Debian (clamav, libgd2, php7.3, spamassassin, and webkit2gtk), Fedora (kernel, kernel-headers, and sway), Mageia (firefox, kernel-linus, mutt, python-pillow, sphinx, thunderbird, and webkit2), openSUSE (firefox, nextcloud, and thunderbird), Oracle (firefox and ksh), Red Hat (curl, java-1.7.0-openjdk, kernel, and ruby), Scientific Linux (firefox and ksh), SUSE (sudo and xen), and Ubuntu (clamav, php5, php7.0, php7.2, [...]
---------------------------------------------
https://lwn.net/Articles/812763/


∗∗∗ Serious Vulnerabilities Expose SonicWall SMA Appliances to Remote Attacks ∗∗∗
---------------------------------------------
Several serious vulnerabilities have been found by a researcher in Secure Mobile Access (SMA) and Secure Remote Access (SRA) appliances made by SonicWall. The vendor has released software updates that patch the flaws.
---------------------------------------------
https://www.securityweek.com/serious-vulnerabilities-expose-sonicwall-sma-appliances-remote-attacks


∗∗∗ F-Secure Patches Old AV Bypass Vulnerability ∗∗∗
---------------------------------------------
A vulnerability addressed by F-Secure in some of its business products could have been exploited to bypass their scanning engine using malformed archives.
---------------------------------------------
https://www.securityweek.com/f-secure-patches-old-av-bypass-vulnerability


∗∗∗ Bugtraq: [TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN) ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/542235


∗∗∗ Intel processors vulnerability CVE-2019-14607 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K29100014?utm_source=f5support&utm_medium=RSS


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-content-collector-for-sap-applications/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-aix-2/


∗∗∗ Security Bulletin: IBM Operations Analytics – Log Analysis is affected by stack displayed in WebSphere Application Server (CVE-2019-4441) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operations-analytics-log-analysis-is-affected-by-stack-displayed-in-websphere-application-server-cve-2019-4441/


∗∗∗ Security Bulletin: Oct 2019 : Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-oct-2019-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cics-tx-on-cloud/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2019-2989) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-watson-explorer-and-watson-explorer-content-analytics-studio-cve-2019-2989/


∗∗∗ Security Bulletin: Bypass security restrictions in WebSphere Application Server Liberty affect IBM Operations Analytics – Log Analysis (CVE-2019-4304) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-bypass-security-restrictions-in-websphere-application-server-liberty-affect-ibm-operations-analytics-log-analysis-cve-2019-4304/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-aix/


∗∗∗ Security Bulletin: Oct 2019 : Multiple vulnerabilities in IBM Java Runtime affect TXSeries for Multiplatforms ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-oct-2019-multiple-vulnerabilities-in-ibm-java-runtime-affect-txseries-for-multiplatforms/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily