[CERT-daily] Tageszusammenfassung - 19.05.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 18-05-2020 18:00 − Dienstag 19-05-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ NXNSAttack: Effizienter Angriff auf Nameserver ∗∗∗
---------------------------------------------
Eine neue Form von Denial-of-Service-Angriff nutzt die DNS-Architektur, um mit wenig Aufwand viel Serverlast und Traffic zu erzeugen.
---------------------------------------------
https://www.golem.de/news/nxnsattack-effizienter-angriff-auf-nameserver-2005-148594-rss.html


∗∗∗ Phishers are trying to bypass Office 365 MFA via rogue apps ∗∗∗
---------------------------------------------
Phishers are trying to bypass the multi-factor authentication (MFA) protection on users’ Office 365 accounts by tricking them into granting permissions to a rogue application. The app allows attackers to access and modify the contents of the victim’s account, but also to retain that access indefinitely, Cofense researchers warn.
---------------------------------------------
https://www.helpnetsecurity.com/2020/05/19/office-365-bypass-mfa/


∗∗∗ Hohe Kosten statt Krediten auf kreditvolks-online.com ∗∗∗
---------------------------------------------
Die betrügerische Website kreditvolks-online.com wirbt momentan mit günstigen Krediten um Kundschaft. Die Kriminellen hinter der Website missbrauchen dabei beispielsweise das Logo der Volksbank, der Bawag P.S.K., der Commerzbank oder der Deutsche Kreditbank AG, um Vertrauen zu stiften. Bevor angebliche Kredite ausgezahlt werden, müssen zahlreiche Gebühren bezahlt werden. Eine tatsächliche Auszahlung findet schlussendlich nie statt und alle Zahlungen sind verloren!
---------------------------------------------
https://www.watchlist-internet.at/news/hohe-kosten-statt-krediten-auf-kreditvolks-onlinecom/


∗∗∗ FBI warns about attacks on Magento online stores via old plugin vulnerability ∗∗∗
---------------------------------------------
FBI says hackers have been planting card skimmers on online stores by exploiting a 2017 bug in the MAGMI plugin.
---------------------------------------------
https://www.zdnet.com/article/fbi-warns-about-attacks-on-magento-online-stores-via-old-plugin-vulnerability/


∗∗∗ Hundreds of thousands of QNAP devices vulnerable to remote takeover attacks ∗∗∗
---------------------------------------------
A firmware patch has been released last year, in November.
---------------------------------------------
https://www.zdnet.com/article/hundreds-of-thousands-of-qnap-devices-vulnerable-to-remote-takeover-attacks/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ VU#534195: Bluetooth devices supporting LE and specific BR/EDR implementations are vulnerable to method confusion attacks ∗∗∗
---------------------------------------------
[...] It is possible for an unauthenticated, adjacent attacker to man-in-the-middle (MITM) attack the pairing process and force each victim device into a different Association Model, possibly granting the attacker the ability to initiate any Bluetooth operation on either attacked device.
---------------------------------------------
https://kb.cert.org/vuls/id/534195


∗∗∗ VU#647177: Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks ∗∗∗
---------------------------------------------
[...] It is possible for an unauthenticated, adjacent attacker to impersonate a previously paired/bonded device and successfully authenticate without knowing the link key. This could allow an attacker to gain full access to the paired device by performing a Bluetooth Impersonation Attack (BIAS).
---------------------------------------------
https://kb.cert.org/vuls/id/647177


∗∗∗ Sicherheitsupdate: Nitro PDF Pro könnte Daten leaken ∗∗∗
---------------------------------------------
Die Entwickler der PDF-Anwendung Nitro PDF Pro haben mehrere Sicherheitslücken geschlossen.
---------------------------------------------
https://heise.de/-4724062


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (dpdk and exim4), Fedora (openconnect, perl-Mojolicious, and php), Red Hat (kernel and kpatch-patch), Slackware (sane), and Ubuntu (bind9, dpdk, exim4, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-oem, linux-oracle, linux-snapdragon, and linux, linux-aws, linux-lts-xenial, linux-raspi2, linux-snapdragon).
---------------------------------------------
https://lwn.net/Articles/820859/


∗∗∗ F-Secure Linux Security: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/05/warnmeldung_tw-t20-0085.html


∗∗∗ LibreOffice: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/05/warnmeldung_tw-t20-0084.html


∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by a cross-site request forgery vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-a-cross-site-request-forgery-vulnerability/


∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Solr (lucene) affect IBM InfoSphere Information Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-solr-lucene-affect-ibm-infosphere-information-server/


∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in WebSphere Application Server Liberty ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/


∗∗∗ Security Bulletin: InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-kubernetes/


∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by a cross-site scripting vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-a-cross-site-scripting-vulnerability/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an SQLite vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-sqlite-vulnerability-3/


∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged user to cause denial of service in kernal ( CVE-2020-4411) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-where-an-unprivileged-user-to-cause-denial-of-service-in-kernal-cve-2020-4411/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an SQLite vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-sqlite-vulnerability-2/


∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect B2B API of IBM Sterling B2B Integrator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-b2b-api-of-ibm-sterling-b2b-integrator-2/


∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged user to cause denial of service( CVE-2020-4412) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-where-an-unprivileged-user-to-cause-denial-of-service-cve-2020-4412/


∗∗∗ Rowhammer hardware vulnerability CVE-2020-10255 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K60570139


∗∗∗ Adobe Creative Cloud: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0476


∗∗∗ Internet Systems Consortium BIND: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0474


∗∗∗ Dovecot: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0479


∗∗∗ Ruby on Rails: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0477


∗∗∗ MISP: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0480

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily