[CERT-daily] Tageszusammenfassung - 29.01.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 28-01-2020 18:00 − Mittwoch 29-01-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Critical Flaws in Magento e-Commerce Platform Allow Code-Execution ∗∗∗
---------------------------------------------
Admins are encouraged to update their websites to stave off attacks from Magecart card-skimmers and others.
---------------------------------------------
https://threatpost.com/critical-flaws-magento-ecommerce-code-execution/152343/


∗∗∗ New Snake Ransomware Targets ICS Processes ∗∗∗
---------------------------------------------
A recently uncovered piece of file-encrypting ransomware, which some believe may be linked to Iran, has been targeting processes and files associated with industrial control systems (ICS).
---------------------------------------------
https://www.securityweek.com/new-snake-ransomware-targets-ics-processes


∗∗∗ Attacker’s Tactics and Techniques in Unsecured Docker Daemons Revealed ∗∗∗
---------------------------------------------
We found an additional 1,400 unsecured Docker hosts and outline in this research some of the common tactics and techniques we found being used by attackers in compromised Docker engines.
---------------------------------------------
https://unit42.paloaltonetworks.com/attackers-tactics-and-techniques-in-unsecured-docker-daemons-revealed/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Kritische Sicherheitslücke in OpenSMTPD erlaubt(e) Codeausführung aus der Ferne ∗∗∗
---------------------------------------------
BSD- und Linux-Server, auf denen OpenSMTPD läuft, brauchen umgehend ein Update auf Version 6.6.2p1. Es fixt eine kritische Remote-Code-Execution-Lücke.
---------------------------------------------
https://heise.de/-4648501


∗∗∗ D-LINK Router: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
Router der Firma D-LINK enthalten eine Firewall und in der Regel eine WLAN-Schnittstelle. Die Geräte sind hauptsächlich für private Anwender und Kleinunternehmen konzipiert.
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/01/warnmeldung_tw-t20-0017.html


∗∗∗ 200K WordPress Sites Exposed to Takeoker Attacks by Plugin Bug ∗∗∗
---------------------------------------------
A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/200k-wordpress-sites-exposed-to-takeoker-attacks-by-plugin-bug/


∗∗∗ Apple Releases Multiple Security Updates ∗∗∗
---------------------------------------------
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: tvOS 13.3.1 Safari 13.0.5 iOS 13.3.1 and iPadOS 13.3.1 macOS Catalina 10.15.3, [...]
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2020/01/28/apple-releases-multiple-security-updates


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (apache-commons-beanutils, java-1.8.0-openjdk, libarchive, openjpeg2, openslp, python-reportlab, and sqlite), Debian (hiredis, otrs2, and unzip), openSUSE (apt-cacher-ng, git, samba, sarg, and storeBackup), Oracle (openjpeg2), Red Hat (libarchive, openjpeg2, sqlite, and virt:rhel), SUSE (aws-cli and python-reportlab), and Ubuntu (libgcrypt11, linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-oracle-5.0, linux-hwe, linux-hwe, linux-aws-hwe, [...]
---------------------------------------------
https://lwn.net/Articles/810881/


∗∗∗ FreeBSD OS: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0080


∗∗∗ Cisco Small Business Switches Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200129-smlbus-switch-disclos


∗∗∗ Cisco Small Business Switches Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smlbus-switch-dos-R6VquS2u


∗∗∗ Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabiltiies in PHP. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bladecenter-advanced-management-module-amm-is-affected-by-vulnerabiltiies-in-php/


∗∗∗ Security Bulletin: WebSphere Application Server browser stack trace vulnerability affects IBM Control Center (CVE-2019-4441) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-browser-stack-trace-vulnerability-affects-ibm-control-center-cve-2019-4441/


∗∗∗ Security Bulletin: WebSphere Application Server improper cookie setting vulnerability affects IBM Control Center (CVE-2019-4305) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-improper-cookie-setting-vulnerability-affects-ibm-control-center-cve-2019-4305/


∗∗∗ Security Bulletin: Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-12402) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-denial-of-service-vulnerability-affects-ibm-control-center-cve-2019-12402/


∗∗∗ Security Bulletin: Multiple security vulnerabilities were fixed in IBM Security Access Manager Appliance ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-were-fixed-in-ibm-security-access-manager-appliance/


∗∗∗ Security Bulletin: Java Vulnerability Impacts IBM Control Center (CVE-2019-2989) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerability-impacts-ibm-control-center-cve-2019-2989/


∗∗∗ Security Bulletin: Multiple Websphere to HTTP2 implementation vulnerabilities affect IBM Control Center ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-websphere-to-http2-implementation-vulnerabilities-affect-ibm-control-center/


∗∗∗ Security Bulletin: IBM WebSphere Application Server – Liberty improper session validation vulnerability affects IBM Control Center (CVE-2019-4304) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-improper-session-validation-vulnerability-affects-ibm-control-center-cve-2019-4304/


∗∗∗ Security Bulletin: Multiple security vulnerabilities were fixed in IBM Security Access Manager Appliance (CVE-2019-3861, CVE-019-3858) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-were-fixed-in-ibm-security-access-manager-appliance-cve-2019-3861-cve-019-3858/


∗∗∗ Security Bulletin: Vulnerability in Apache PDFBox Affects IBM Control Center (CVE-2019-0228) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-pdfbox-affects-ibm-control-center-cve-2019-0228/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily