[CERT-daily] Tageszusammenfassung - 20.07.2020

Mon Jul 20 18:11:34 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 17-07-2020 18:00 − Montag 20-07-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Emotet: Erste Angriffswelle nach fünfmonatiger Pause ∗∗∗
---------------------------------------------
Nach mehrmonatiger Pause haben Forscher eine neue Emotet-Angriffswelle beobachtet. Die Ziele lagen vor allem in den USA sowie im Vereinigten Königreich.
---------------------------------------------
https://heise.de/-4847070


∗∗∗ How to use Windows 10 File History to make secure backups ∗∗∗
---------------------------------------------
With File History feature on Windows, you can back up copies of files that are in the Documents, Music, Pictures, Videos, and Desktop folders.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/how-to-use-windows-10-file-history-to-make-secure-backups/


∗∗∗ Zone.Identifier: A Coupe Of Observations, (Sat, Jul 18th) ∗∗∗
---------------------------------------------
In diary entry "Sysmon and Alternate Data Streams", we reported that Sysmon records the content of small Alternate Data Streams (containing text) in the event log.
This is useful for the Zone.Identifier ADS, a stream that is added by many browsers to mark a file as orginating from the Internet.
Modern browsers will include extra information in Zone.Identifier, like the URL: [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/26366


∗∗∗ Online-Shop-Software: Zwei-Faktor-Authentifizierung für Magento-Shops verfügbar ∗∗∗
---------------------------------------------
Admins können Online-Shops auf Magento-Basis nun effektiver gegen feindliche Übernahmen absichern.
---------------------------------------------
https://heise.de/-4847660


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Windows 10 Store wsreset tool lets attackers bypass antivirus ∗∗∗
---------------------------------------------
A technique that exploits Windows 10 Microsoft Store called wsreset.exe can delete files to bypass antivirus protection on a host without being detected.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/windows-10-store-wsreset-tool-lets-attackers-bypass-antivirus/


∗∗∗ Scanning Activity for ZeroShell Unauthenticated Access, (Sun, Jul 19th) ∗∗∗
---------------------------------------------
In the past 36 hours, an increase in scanning activity to exploit and compromise ZeroShell Linux router began. This router software had several unauthenticated remote code execution released in the past several years, the last one was CVE-2019-12725. The router latest software version can be dowloaded here.
---------------------------------------------
https://isc.sans.edu/diary/rss/26368


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libopenmpt, nginx, nss, qemu, rails, redis, ruby-sanitize, and tomcat9), Fedora (glibc, libldb, nspr, nss, samba, and webkit2gtk3), openSUSE (cairo, firefox, google-compute-engine, LibVNCServer, mumble, ntp, openconnect, openexr, openldap2, pdns-recursor, python-ipaddress, rubygem-puma, samba, singularity, slirp4netns, thunderbird, xen, and xrdp), and Oracle (.NET Core, .NET Core 3.1, java-1.8.0-openjdk, java-11-openjdk, kernel, and thunderbird).
---------------------------------------------
https://lwn.net/Articles/826537/


∗∗∗ 3 Vulnerabilities Found on AvertX IP Cameras ∗∗∗
---------------------------------------------
Security cameras make up 5% of enterprise IoT devices but account for 33% of all security issues. We found three vulnerabilities in AvertX IP cameras.
---------------------------------------------
https://unit42.paloaltonetworks.com/avertx-ip-cameras-vulnerabilities/


∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-supplier-lifecycle-mgmt-3/


∗∗∗ Security Bulletin: WML CE: Pillow before 7.1.0 has multiple out-of-bounds reads ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-pillow-before-7-1-0-has-multiple-out-of-bounds-reads/


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2020 – Includes Oracle Jan 2020 CPU affect IBM Content Classification ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2020-includes-oracle-jan-2020-cpu-affect-ibm-content-classification-3/


∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-sourcing-3/


∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-2/


∗∗∗ Security Bulletin: WML CE: In Pillow before 7.1.0, there is a Buffer Overflow ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-in-pillow-before-7-1-0-there-is-a-buffer-overflow/


∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform-3/


∗∗∗ Security Bulletin: WML CE: libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-libjpeg-turbo-2-0-4-and-mozjpeg-4-0-0-has-a-heap-based-buffer-over-read/


∗∗∗ Security Bulletin: WML CE: SQLite through 3.32.2 has has a use-after-free problem. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-sqlite-through-3-32-2-has-has-a-use-after-free-problem/


∗∗∗ Security Bulletin: A vulnerability in Jackson Databind affects IBM Operations Analytics Predictive Insights (CVE-2020-8840) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-jackson-databind-affects-ibm-operations-analytics-predictive-insights-cve-2020-8840/


∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Rails ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-rails/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily