[CERT-daily] Tageszusammenfassung - 30.06.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 29-06-2020 18:00 − Dienstag 30-06-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Sysmon and Alternate Data Streams, (Mon, Jun 29th) ∗∗∗
---------------------------------------------
Sysmon version 11.10, released a couple of days ago, adds support for capturing content of Alternate Data Streams.
---------------------------------------------
https://isc.sans.edu/diary/rss/26292


∗∗∗ Adventures in ATM Hacking ∗∗∗
---------------------------------------------
Previously, I had some experience with PoS (Point of Sale) devices and entertained myself with kiosks at hacking conferences, but never had touched an ATM before. My companion on this saga had already some fun hacking with these devices and had some precious insights to guide us during our engagement.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/adventures-in-atm-hacking/


∗∗∗ Enigmail warnt Nutzer vor manuellem Update auf Thunderbird 78 ∗∗∗
---------------------------------------------
Enigmail-Nutzer sollen mit dem Erscheinen von Thunderbird 78 nicht manuell auf diese Version aktualisieren – die E-Mail-Verschlüsselung ist noch nicht fertig.
---------------------------------------------
https://heise.de/-4799240


∗∗∗ BSI aktualisiert den Mindeststandard für Web-Browser ∗∗∗
---------------------------------------------
Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat am 30. Juni 2020 den Mindeststandard für Web-Browser aktualisiert.
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Webbrowser_300620.html


∗∗∗ Vorsicht, wenn Ihr Tinder-Match über lukrative Investitionsmöglichkeiten spricht ∗∗∗
---------------------------------------------
Der Watchlist Internet sind schon sehr viele Fälle bekannt, wo Menschen auf unseriösen Investment-Plattformen sehr viel Geld verloren haben. Aufmerksam wird man auf derartige Plattformen durch gefälschte Zeitungsbeiträge oder E-Mail-Angebote. Kriminelle bewerben ihre Plattformen aber auch vermehrt über Tinder-NutzerInnen, die von sehr gewinnbringenden Investitionsmöglichkeiten schwärmen und zu Zahlungen animieren.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-wenn-ihr-tinder-match-ueber-lukrative-investitionsmoeglichkeiten-spricht/


∗∗∗ A hacker gang is wiping Lenovo NAS devices and asking for ransoms ∗∗∗
---------------------------------------------
Ransom notes signed by Cl0ud SecuritY hacker group are being found on old LenovoEMC NAS devices.
---------------------------------------------
https://www.zdnet.com/article/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms/


∗∗∗ Detecting adversarial behaviour by applying NLP techniques to command lines ∗∗∗
---------------------------------------------
[...] Methodology designed to automatically detect whether a system has been compromised needs to be able to tell the difference between benign and malicious command line operations. In order to build mechanisms capable of classifying command lines in this way, we first need to understand what they do – in other words, we need to be able to parse them in a similar way to how we parse natural languages. This article describes the process we’ve been using to develop methodology capable of parsing and categorizing command lines at F-Secure.
---------------------------------------------
https://blog.f-secure.com/command-lines/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication ∗∗∗
---------------------------------------------
When Security Assertion Markup Language (SAML) authentication is enabled and the Validate Identity Provider Certificate option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability.
---------------------------------------------
https://security.paloaltonetworks.com/CVE-2020-2021


∗∗∗ Sicherheitsupdates sind da: Jetzt Root-Lücke in Netgear-Routern patchen ∗∗∗
---------------------------------------------
Angreifer könnten Router von Netgear attackieren und Schadcode ausführen. Abgesicherte Firmware-Versionen sind verfügbar.
---------------------------------------------
https://heise.de/-4799957


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (coturn, drupal7, libvncserver, mailman, php5, and qemu), openSUSE (curl, graphviz, mutt, squid, tomcat, and unbound), Red Hat (chromium-browser, file, kernel, microcode_ctl, ruby, and virt:rhel), Slackware (firefox), and SUSE (mariadb-100, mutt, unzip, and xmlgraphics-batik).
---------------------------------------------
https://lwn.net/Articles/824822/


∗∗∗ Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-middleware-software-affect-ibm-cloud-pak-for-automation/


∗∗∗ Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4557 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4557/


∗∗∗ Security Bulletin: Security vulnerability in Java SE affects Rational Build Forge (CVE-2019-2949) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-java-se-affects-rational-build-forge-cve-2019-2949/


∗∗∗ Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4557 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4557-2/


∗∗∗ Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact (CVE-2019-12406) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-websphere-application-server-shipped-with-ibm-tivoli-netcool-impact-cve-2019-12406/


∗∗∗ Security Bulletin: IBM API Connect is impacted by vulnerabilities in PHP (CVE-2020-7066, CVE-2020-7065, CVE-2020-7064) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-php-cve-2020-7066-cve-2020-7065-cve-2020-7064/


∗∗∗ Security Bulletin: A vulnerability in OpenSSL affects IBM Rational ClearQuest (CVE-2019-1551) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-openssl-affects-ibm-rational-clearquest-cve-2019-1551/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Rational Build Forge. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-rational-build-forge/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Agile Lifecycle Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-ibm-agile-lifecycle-manager-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-middleware-software-affect-ibm-cloud-pak-for-automation-2/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11 (CVE-2019-2949) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affect-ibm-integration-bus-and-ibm-app-connect-enterpise-v11-cve-2019-2949/


∗∗∗ Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearQuest (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-the-ibm-java-runtime-affects-ibm-rational-clearquest-cve-2020-2654/


∗∗∗ OpenJPEG: Schwachstelle ermöglicht nicht spezifizierten Angriff ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0645


∗∗∗ Squid: Schwachstelle ermöglicht Darstellen falscher Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0644

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily