[CERT-daily] Tageszusammenfassung - 18.06.2020

Daily end-of-shift report team at cert.at
Thu Jun 18 18:35:16 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 17-06-2020 18:00 − Donnerstag 18-06-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ FF Sandbox Escape (CVE-2020-12388) ∗∗∗
---------------------------------------------
In my previous blog post I discussed an issue with the Windows Kernel’s handling of Restricted Tokens which allowed me to escape the Chrome GPU sandbox. Originally I’d planned to use Firefox for the proof-of-concept as Firefox uses the same effective sandbox level as the Chrome GPU process for its content renderers. That means a FF content RCE would give code execution in a sandbox where you could abuse the Windows Kernel Restricted Tokens issue, [...]
---------------------------------------------
https://googleprojectzero.blogspot.com/2020/06/ff-sandbox-escape-cve-2020-12388.html


∗∗∗ BofA Phish Gets Around DMARC, Other Email Protections ∗∗∗
---------------------------------------------
The June campaign was targeted and aimed at stealing online banking credentials.
---------------------------------------------
https://threatpost.com/bofa-phish-gets-around-dmarc-other-email-protections/156688/


∗∗∗ Broken phishing accidentally exploiting Outlook zero-day, (Thu, Jun 18th) ∗∗∗
---------------------------------------------
When we think of zero-days, what comes to mind are usually RCEs or other high-impact vulnerabilities. Zero-days, however, come in all shapes and sizes and many of them are low impact, as is the vulnerability were going to discuss today. What is interesting about it, apart from it allowing a sender of an e-mail to include/change a link in an e-mail when it is forwarded by Outlook, is that I noticed it being exploited in a low-quality phishing e-mail by what appears to be a complete accident.
---------------------------------------------
https://isc.sans.edu/diary/rss/26254


∗∗∗ Gefährliche SMS von Notify stiehlt Apple-ID ∗∗∗
---------------------------------------------
Zahlreiche Leserinnen und Leser melden der Watchlist Internet eine SMS-Nachricht im Namen von Apple. Als Absender ist keine Nummer sondern „Notify“ angegeben. Angeblich wurde das Apple-Konto gesperrt. Dem Link zur Freischaltung darf nicht gefolgt werden! Hier werden Apple-ID und Kreditkartendaten gestohlen und missbraucht.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaehrliche-sms-von-notify-stiehlt-apple-id/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco IP Phones Call Log Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the Web Access feature of Cisco IP Phones could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM


∗∗∗ Sicherheitsupdates: Cisco Webex Meetings kann sich an Fake-Updates verschlucken ∗∗∗
---------------------------------------------
Der Netzwerkausrüster Cisco hat wichtige Sicherheitsupdates für etwa Data Center Network Manager, verschiedene Router und Webex Meetings veröffentlicht.
---------------------------------------------
https://heise.de/-4787456


∗∗∗ CPU-Sicherheitslücken bei AMD-Kombiprozessoren: BIOS-Updates kommen ∗∗∗
---------------------------------------------
AMDs Kombiprozessoren der Jahre 2016 bis 2019, also auch Ryzen-Modellen, fehlen Sicherheitschecks, um SMM-Code im RAM zu verstecken.
---------------------------------------------
https://heise.de/-4788807


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (drupal7 and python-django), Fedora (glib-networking, kernel, kernel-headers, and nghttp2), openSUSE (adns, chromium, file-roller, and libEMF), SUSE (java-1_7_1-ibm), and Ubuntu (bind9 and nss).
---------------------------------------------
https://lwn.net/Articles/823461/


∗∗∗ Synology-SA-20:14 SRM ∗∗∗
---------------------------------------------
Multiple vulnerabilities allow remote attackers to execute arbitrary code via a susceptible version of Synology Router Manager (SRM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_14


∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0598


∗∗∗ Internet Systems Consortium BIND: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0599


∗∗∗ Microsoft Windows 10: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0601


∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0609


∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0604


∗∗∗ Security Advisory - Improper Privilege Management Vulnerability in FusionShpere Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200617-01-fusionsphere-en


∗∗∗ Security Bulletin: IBM API Connect V2018 is vulnerable to denial of service (CVE-2020-8551, CVE-2020-8552) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v2018-is-vulnerable-to-denial-of-service-cve-2020-8551-cve-2020-8552/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4469, CVE-2020-4471, CVE-2020-4470) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-spectrum-protect-plus-cve-2020-4469-cve-2020-4471-cve-2020-4470-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager (October 2019, January 2020 and April 2020 CPUs) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-operational-decision-manager-october-2019-january-2020-and-april-2020-cpus/


∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – CVE-2020-2654 (deferred from Oracle Jan 2020 CPU) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-cve-2020-2654-deferred-from-oracle-jan-2020-cpu/


∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – IBM SDK, Java Technology Edition Quarterly CPU – Apr 2020 – Includes Oracle Apr 2020 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-ibm-sdk-java-technology-edition-quarterly-cpu-apr-2020-includes-oracle-apr-2020-cpu/


∗∗∗ Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities/


∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – CVE-2019-2949 (deferred from Oracle Oct 2019 CPU) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-cve-2019-2949-deferred-from-oracle-oct-2019-cpu/


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU for IBM MQ – Jan 2020 – Includes Oracle Jan 2020 CPU minus CVE-2020-2585, CVE-2020-2654, and CVE-2020-2590 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-for-ibm-mq-jan-2020-includes-oracle-jan-2020-cpu-minus-cve-2020-2585-cve-2020-2654-and-cve-2020-2590/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list