[CERT-daily] Tageszusammenfassung - 08.01.2020
Daily end-of-shift report
team at cert.at
Wed Jan 8 18:08:17 CET 2020
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 07-01-2020 18:00 − Mittwoch 08-01-2020 18:00
Handler: Robert Waldner
Co-Handler: Dimitri Robl
=====================
= News =
=====================
∗∗∗ Project Zero: Googles Bug-Jäger wollen weniger schludrige Patches ∗∗∗
---------------------------------------------
Im laufenden Jahr wollen Googles Security-Bug-Forscher des Project Zero die Disclosure-Richtlinien ändern. Das soll betroffenen Unternehmen nicht nur Updates erleichtern, sondern vor allem die Qualität der Patches verbessern.
---------------------------------------------
https://www.golem.de/news/project-zero-googles-bug-jaeger-wollen-weniger-schludrige-patches-2001-145943-rss.html
∗∗∗ The Basics of Packed Malware: Manually Unpacking UPX Executables ∗∗∗
---------------------------------------------
In this blog post, I want to discuss what packing is, the basics of why malware developers pack their samples and how they go about doing so. Since this is an introductory post, and I myself am still learning all this stuff, we’re going to be manually unpacking a UPX-packed binary, which is one of the simplest packers out there.
---------------------------------------------
https://kindredsec.com/2020/01/07/the-basics-of-packed-malware-manually-unpacking-upx-executables/
∗∗∗ Tricky Phish Angles for Persistence, Not Passwords ∗∗∗
---------------------------------------------
The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. Anyone who takes the bait will inadvertently forward a digital token to the attackers that gives them indefinite access to the victim’s email, files and contacts — even after the victim has changed their password.
---------------------------------------------
https://krebsonsecurity.com/2020/01/tricky-phish-angles-for-persistence-not-passwords/
∗∗∗ SMS von TrackInfo zu gestopptem DHL-Paket führt in Abo-Falle ∗∗∗
---------------------------------------------
Zahlreiche LeserInnen wenden sich momentan an die Watchlist Internet, weil sie eine SMS von TrackInfo zu einem unzustellbaren Paket erhalten haben. Ein Link in der Nachricht führt auf eine gefälschte DHL-Website. Wegen zu hohen Gewichts müssten nun 2 Euro bezahlt werden. Achtung: Die Nachricht stammt von Kriminellen und soll EmpfängerInnen in eine Abo-Falle locken!
---------------------------------------------
https://www.watchlist-internet.at/news/sms-von-trackinfo-zu-gestopptem-dhl-paket-fuehrt-in-abo-falle/
=====================
= Vulnerabilities =
=====================
∗∗∗ Interpeak IPnet TCP/IP Stack (Update D) ∗∗∗
---------------------------------------------
This updated medical advisory is a follow-up to the advisory update titled ICSMA-19-274-01 Interpeak IPnet TCP/IP Stack (Update C) published November 5, 2019, on the ICS webpage on us-cert.gov. This updated medical advisory contains mitigations for stack-based buffer overflow, heap-based buffer overflow, integer underflow, improper restriction of operations within the bounds of a memory buffer, race condition, argument injection, and null pointer dereference vulnerabilities in the Interpeak [...]
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsma-19-274-01
∗∗∗ PMASA-2020-1 ∗∗∗
---------------------------------------------
SQL injection in user accounts pageAffected VersionsphpMyAdmin 4.x versions prior to 4.9.4 are affected, at least as old as 4.0.0. phpMyAdmin 5.x version 5.0.0 is affected.CVE IDCVE-2020-5504
---------------------------------------------
https://www.phpmyadmin.net/security/PMASA-2020-1/
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (firefox), Debian (python-django and wordpress), Fedora (dovecot), Mageia (opensc, radare2, and varnish), Red Hat (rh-java-common-apache-commons-beanutils), SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, java-1_8_0-ibm, java-1_8_0-openjdk, libzypp, openssl-1_0_0, sysstat, and tomcat), and Ubuntu (clamav, linux-azure, and linux-lts-xenial, linux-aws).
---------------------------------------------
https://lwn.net/Articles/808975/
∗∗∗ Fortinet FortiSIEM 5.2.5 / 5.2.6 Hardcoded Key ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2020010061
∗∗∗ Cisco AnyConnect Secure Mobility Client for Android Service Hijack Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-anyconnect-hijack
∗∗∗ Cisco Webex Video Mesh Node Command Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-webex-video
∗∗∗ Cisco Webex Centers Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-webex-centers-dos
∗∗∗ Cisco Vision Dynamic Signage Director Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-vdsd-auth-bypass
∗∗∗ Cisco UCS Director Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ucs-dir-infodis
∗∗∗ Cisco Mobility Management Entity Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-mme-dos
∗∗∗ Cisco Identity Services Engine Authorization Bypass Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ise-auth-bypass
∗∗∗ Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-iphone-xss
∗∗∗ Cisco IOS and Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ios-csrf
∗∗∗ Cisco Finesse Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-finesse-xss
∗∗∗ Cisco Emergency Responder Stored Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-er-xss
∗∗∗ Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-dcaf-xss
∗∗∗ Cisco Unified Customer Voice Portal Insecure Direct Object Reference Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-cvp-direct-obj-ref
∗∗∗ Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-cnca-xss
∗∗∗ Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-01-rsa-en
∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-01-phone-en
∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-01-smartphone-en
∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-02-smartphone-en
∗∗∗ January 6, 2020 TNS-2020-01 [R1] SimpleSAMLPHP Stand-alone Patch Available for Tenable.sc versions 5.9.x to 5.12.x ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2020-01-0
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list