[CERT-daily] Tageszusammenfassung - 13.01.2020

Daily end-of-shift report team at cert.at
Mon Jan 13 18:09:47 CET 2020 

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 10-01-2020 18:00 − Montag 13-01-2020 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Citrix CVE-2019-19781 aktiv ausgenutzt ∗∗∗
---------------------------------------------
Ende 2019 wurde eine Sicherheitslücke in diversen Citrix-Geräten bekannt (CVE-2019-19781), die das Ausführen beliebiger Befehle über das Netzwerk ohne jegliche Authentifikation ermöglicht (unauthenticated RCE). Am 10. Jänner 2020 wurde der erste Exploit für diese Lücke auf GitHub veröffentlicht und sie wird (spätestens) seit diesem Zeitpunkt aktiv ausgenutzt.
---------------------------------------------
https://cert.at/de/blog/2020/1/citrix-cve-2019-19781-aktiv-ausgenutzt


∗∗∗ Network Traffic Analysis for Incident Response: Internet Protocol with Wireshark ∗∗∗
---------------------------------------------
The Internet Protocol (IP) is the most widely-used network-level protocol. Common transport-level protocols, the Transport Control Protocol (TCP) and the User Datagram Protocol (UDP), are encapsulated within IP packets. The purpose of IP is to make networks like the internet possible. Within a subnet, it is possible to route traffic [...]
---------------------------------------------
https://resources.infosecinstitute.com/network-traffic-analysis-for-incident-response-internet-protocol-with-wireshark/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (file and firefox), Debian (apache-log4j1.2), Fedora (chromium, dovecot, GraphicsMagick, kubernetes, libvpx, makepasswd, matio, and slurm), Mageia (libtomcrypt, ming, oniguruma, opencv, pcsc-lite, phpmyadmin, and thunderbird), openSUSE (chromium, chromium, re2, and mozilla-nspr, mozilla-nss), Red Hat (chromium-browser, firefox, and rabbitmq-server), Slackware (mozilla), and SUSE (crowbar-core, crowbar-openstack, [...]
---------------------------------------------
https://lwn.net/Articles/809312/


∗∗∗ Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-01-rsa-en


∗∗∗ Security Vulnerabilities fixed in Thunderbird 68.4.1 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list