[CERT-daily] Tageszusammenfassung - 11.03.2020

Wed Mar 11 18:16:35 CET 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 10-03-2020 18:00 − Mittwoch 11-03-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ LVI Attacks: New Intel CPUs Vulnerability Puts Data Centers At Risk ∗∗∗
---------------------------------------------
Tracked as CVE-2020-0551, dubbed "Load Value Injection in the Line Fill Buffers" or LVI-LFB for short, the new speculative-execution attack could let a less privileged attacker steal sensitive information—encryption keys or passwords—from the protected memory and subsequently, take significant control over a targeted system.
---------------------------------------------
https://thehackernews.com/2020/03/intel-load-value-injection.html


∗∗∗ Forthcoming OpenSSL release ∗∗∗
---------------------------------------------
The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1e. This release will be made available on Tuesday 17th March 2020 between 1300-1700 UTC. This will contain one LOW severity fix for CVE-2019-1551
---------------------------------------------
https://mta.openssl.org/pipermail/openssl-announce/2020-March/000166.html


∗∗∗ A new and advanced Rowhammer-based attack on DDR4 memory ∗∗∗
---------------------------------------------
A new and advanced Rowhammer-based attack on DDR4 memory was announced on March 10, 2020. (CVE-2020-10255) The attack has been shown to cause memory corruption in lab environments.
---------------------------------------------
https://www.ibm.com/blogs/psirt/a-new-and-advanced-rowhammer-based-attack-on-ddr4-memory/


∗∗∗ Klicken Sie keine Links und Anhänge in E-Mails an! ∗∗∗
---------------------------------------------
„Ihr PayPal-Konto wurde eingeschränkt! … Öffnen Sie die Anhangsdatei, um Ihre Einschränkung aufzuheben!“ Diese Nachricht landet derzeit in zahlreichen E-Mail-Postfächern. Die Datei im Anhang enthält Schadsoftware, die Links führen auf Phishing-Seiten mit denen Zugangsdaten ausspioniert werden sollen. Schützen kann man sich nur, indem man nichts anklickt, sondern sich auf anderen Wegen informiert, ob die E-Mail echt sein kann.
---------------------------------------------
https://www.watchlist-internet.at/news/klicken-sie-keine-links-und-anhaenge-in-e-mails-an/


∗∗∗ Microsoft orchestrates coordinated takedown of Necurs botnet ∗∗∗
---------------------------------------------
Microsoft and partners in 35 countries move to bring down Necurs, todays largest malware botnet.
---------------------------------------------
https://www.zdnet.com/article/microsoft-orchestrates-coordinated-takedown-of-necurs-botnet/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Kritische Sicherheitslücke in Microsoft SMBv3 - Workarounds verfügbar ∗∗∗
---------------------------------------------
Microsoft hat außerhalb des monatlichen Patch-Zyklus ein Security Advisory mit Workarounds für eine kritische Sicherheitslücke in Microsoft Server Message Block 3.1.1 (SMBv3) veröffentlicht. ... Die Lücke kann über das Netzwerk ausgenützt werden und ermöglicht die Ausführung von beliebigen Befehlen mit SYSTEM Rechten. 
---------------------------------------------
https://cert.at/de/warnungen/2020/3/kritische-sicherheitslucke-in-microsoft-smbv3-workarounds-verfugbar


∗∗∗ IPAS: Security Advisories for March 2020 ∗∗∗
---------------------------------------------
Hi everyone, It’s the second Tuesday in March 2020 and today we released 9 security advisories. For full details on these advisories, please visit the Intel Security Center.
---------------------------------------------
https://blogs.intel.com/technology/2020/03/ipas-security-advisories-for-march-2020/


∗∗∗ SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-006 ∗∗∗
---------------------------------------------
This module enables you to authenticate Drupal users using an external SAML Identity Provider. If the site is configured to allow visitors to register for user accounts but administrator approval is required, the module doesnt sufficiently enforce the administrative approval requirement, in the case where the requesting user has already authenticated through SAML.
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-006


∗∗∗ Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage ∗∗∗
---------------------------------------------
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This months Patch Tuesday covers 117 vulnerabilities, 25 of which are considered critical. There is also one moderate vulnerability and 91 that are considered important.
---------------------------------------------
https://blog.talosintelligence.com/2020/03/microsoft-patch-tuesday-march-2020.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (qemu-kvm and sudo), Debian (chromium), Mageia (gpac, libseccomp, and tomcat), openSUSE (gd and postgresql10), Oracle (qemu-kvm), Red Hat (chromium-browser), Scientific Linux (qemu-kvm), Slackware (firefox), and SUSE (ipmitool, java-1_7_0-openjdk, librsvg, and tomcat).
---------------------------------------------
https://lwn.net/Articles/814574/


∗∗∗ Synology-SA-20:03 Kr00k ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to obtain sensitive information via a susceptible version of Synology Router Manager (SRM) that is equipped with Broadcom BCM43460.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_03


∗∗∗ MISP 2.4.123 released (aka the dashboard and security fix release) ∗∗∗
---------------------------------------------
A new version of MISP (2.4.123) has been released. This version includes various security related fixed, and a new Dashboard system.
---------------------------------------------
https://www.misp-project.org/2020/03/10/MISP.2.4.123.released.html


∗∗∗ Credential Disclosure in WatchGuard Fireware AD Helper Component ∗∗∗
---------------------------------------------
RedTeam Pentesting discovered a credential-disclosure vulnerability in the AD Helper component of the WatchGuard Fireware Threat Detection and Response (TDR) service, which allows unauthenticated attackers to gain Active Directory credentials for a Windows domain in plaintext.
---------------------------------------------
https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-001/


∗∗∗ Johnson Controls Kantech EntraPass ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-070-04


∗∗∗ Johnson Controls Metasys ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-070-05


∗∗∗ Rockwell Automation MicroLogix Controllers and RSLogix 500 Software ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-070-06


∗∗∗ Security Advisory - Improper Authentication Vulnerability in Huawei Smartphone ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-202003116-01-smartphone-en


∗∗∗ Security Bulletin: IBM InfoSphere Governance Catalog is affected by a cross-site scripting vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-governance-catalog-is-affected-by-a-cross-site-scripting-vulnerability/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (August 2019 CPU) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-db2-august-2019-cpu/


∗∗∗ Security Bulletin: Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-java-sdk-affects-ibm-voice-gateway/


∗∗∗ Linux kernel vulnerability CVE-2019-19072 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K42438635

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily