[CERT-daily] Tageszusammenfassung - 24.07.2020

Fri Jul 24 18:09:55 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 23-07-2020 18:00 − Freitag 24-07-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ 5 severe D-Link router vulnerabilities disclosed, patch now ∗∗∗
---------------------------------------------
5 severe D-Link vulnerabilities have been disclosed that could allow an attacker to take complete control over a router without needing to login.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/5-severe-d-link-router-vulnerabilities-disclosed-patch-now/


∗∗∗ Sicherheitslücke: Wenn das Youtube-Tutorial die Cloud-Zugangsdaten leakt ∗∗∗
---------------------------------------------
Sicherheitsforscher haben Hunderte Youtube-Tutorials ausgewertet und immer wieder Zugangsdaten entdeckt - mit diesen konnten sie sich auf AWS einloggen.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-wenn-das-youtube-tutorial-die-cloud-zugangsdaten-leakt-2007-149702-rss.html


∗∗∗ MMS Exploit Part 2: Effective Fuzzing of the Qmage Codec ∗∗∗
---------------------------------------------
This post is the second of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices.
---------------------------------------------
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-2-effective-fuzzing-qmage.html


∗∗∗ Compromized Desktop Applications by Web Technologies, (Fri, Jul 24th) ∗∗∗
---------------------------------------------
For a long time now, it has been said that "the new operating system is the browser". Today, we do everything in our browsers, we connect to the office, we process emails, documents, we chat, we perform our system maintenances, ... But many popular web applications provide also desktop client: Twitter, Facebook, Slack are good examples. Such applications just replace the classic browser and use the API [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/26384


∗∗∗ Garmin Connect: Ausfall offenbar nach Ransomware-Attacke ∗∗∗
---------------------------------------------
Eine Ransomware-Attacke hat Server von Garmin lahmgelegt. Fitnesstracker und Sportuhren lassen sich nicht synchronisieren. Der Ausfall dauert wohl mehrere Tage.
---------------------------------------------
https://heise.de/-4851576


∗∗∗ New variant of Phobos ransomware is coming ∗∗∗
---------------------------------------------
In recent years, the spread of ransomware has become increasingly severe, thousands of servers and databases around the world have been invaded and destroyed.
---------------------------------------------
https://blog.360totalsecurity.com/en/new-variant-of-phobos-ransomware-is-coming/


∗∗∗ „Letzte Mahnung“: Ignorieren Sie diese betrügerische BAWAG-Mail! ∗∗∗
---------------------------------------------
BetrügerInnen senden derzeit vermehrt E-Mails im Namen der Bank „BAWAG P.S.K.“. Darin werden Sie aufgefordert einen neuen Dienst zu aktivieren, indem Sie Ihre Bankdaten auf einer gefälschten BAWAG-Seite eingeben sollen. Achtung, diese Daten landen direkt in den Händen der Kriminelle!
---------------------------------------------
https://www.watchlist-internet.at/news/letzte-mahnung-ignorieren-sie-diese-betruegerische-bawag-mail/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Easy Breadcrumb - Moderately critical - Cross site scripting - SA-CONTRIB-2020-027 ∗∗∗
---------------------------------------------
Project: Easy BreadcrumbVersion: 8.x-1.128.x-1.10Date: 2020-July-22Security risk: Moderately critical 13∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross site scriptingDescription: This module enables you to use the current URL (path alias) and the current pages title to automatically extract the breadcrumbs segments and its respective links then show them as breadcrumbs on your website.The module doesnt sufficiently sanitize editor input in certain
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-027


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (qemu), Fedora (java-11-openjdk, mod_authnz_pam, podofo, and python27), openSUSE (cni-plugins, tomcat, and xmlgraphics-batik), Oracle (dbus and thunderbird), SUSE (freerdp, kernel, libraw, perl-YAML-LibYAML, and samba), and Ubuntu (libvncserver and openjdk-lts).
---------------------------------------------
https://lwn.net/Articles/826965/


∗∗∗ Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-platform-software-clients/


∗∗∗ Security Bulletin: IBM Verify Gateway does not sufficiently guard against unauthorized API calls (PSIRT-ADV0022379) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-does-not-sufficiently-guard-against-unauthorized-api-calls-psirt-adv0022379/


∗∗∗ Security Bulletin: IBM QRadar Advisor with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input (CVE-2020-4408) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-advisor-with-watson-app-for-ibm-qradar-siem-does-not-adequately-mask-all-passwords-during-input-cve-2020-4408/


∗∗∗ Security Bulletin: IBM Verify Gateway PAM components do not set restricted access permission for debug logs (CVE-2020-4405) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-pam-components-do-not-set-restricted-access-permission-for-debug-logs-cve-2020-4405/


∗∗∗ Privilege Escalation Vulnerability in SteelCentral Aternity Agent ∗∗∗
---------------------------------------------
https://sec-consult.com/./en/blog/advisories/privilege-escalation-vulnerability-in-steelcentral-aternity-agent-cve-2020-15592-cve-2020-15593/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily