[CERT-daily] Tageszusammenfassung - 29.05.2020

Daily end-of-shift report team at cert.at
Fri May 29 18:16:43 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 28-05-2020 18:00 − Freitag 29-05-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ 200K sites with buggy WordPress plugin exposed to wipe attacks ∗∗∗
---------------------------------------------
Two high severity security vulnerabilities found in the PageLayer plugin can let attackers to potentially wipe the contents or take over WordPress sites using vulnerable plugin versions.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/200k-sites-with-buggy-wordpress-plugin-exposed-to-wipe-attacks/


∗∗∗ Sicherheit: OpenSSH kündigt RSA mit SHA-1 ab ∗∗∗
---------------------------------------------
Obwohl SHA-1 angreifbar ist, kommt es immer noch häufig zum Einsatz. Auch bei SSH. Das soll sich ändern.
---------------------------------------------
https://www.golem.de/news/sicherheit-openssh-kuendigt-rsa-mit-sha-1-an-2005-148789-rss.html


∗∗∗ Inside the Hoaxcalls Botnet: Both Success and Failure ∗∗∗
---------------------------------------------
The DDoS group sets itself apart by using exploits -- but it doesnt always pan out.
---------------------------------------------
https://threatpost.com/inside-hoaxcalls-botnet-success-failure/156107/


∗∗∗ Goodbye Mworm, Hello Nworm: TrickBot Updates Propagation Module ∗∗∗
---------------------------------------------
TrickBot, one of the most commonly distributed malwares used in phishing emails, just updated its mworm module, making it harder to detect.
---------------------------------------------
https://unit42.paloaltonetworks.com/goodbye-mworm-hello-nworm-trickbot-updates-propagation-module/


∗∗∗ Kaspersky warnt vor Angriffen auf deutsche Industrieunternehmen ∗∗∗
---------------------------------------------
Sie richten sich gegen die Lieferkette. Neben Deutschland sind auch Großbritannien und Japan betroffen. Die unbekannten Täter greifen Firmen mit maßgeschneiderten Phishing-Mails an und schleusen eine Malware ein, die Authentifizierungsdaten für Windows-Konten stiehlt.
---------------------------------------------
https://www.zdnet.de/88380387/kaspersky-warnt-vor-angriffen-auf-deutsche-industrieunternehmen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ VMSA-2020-0011 ∗∗∗
---------------------------------------------
VMware ESXi, Workstation, Fusion, VMware Remote Console and Horizon Client updates address multiple security vulnerabilities (CVE-2020-3957, CVE-2020-3958, CVE-2020-3959)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2020-0011.html


∗∗∗ VMSA-2020-0007.1 ∗∗∗
---------------------------------------------
VMware vRealize Log Insight addresses Cross Site Scripting (XSS) and Open Redirect vulnerabilities (CVE-2020-3953, CVE-2020-3954)
[...]
5. Change log
2020-04-14 VMSA-2020-0007
Initial security advisory.
2020-05-28: VMSA-2020-0007.1
It was determined that the fixes for CVE-2020-3953 included in 8.1.0 were not complete. This has been corrected in the 8.1.1 release.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2020-0007.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libexif and tomcat8), Fedora (python38), openSUSE (libxslt), Oracle (git), Red Hat (bind, freerdp, and git), Scientific Linux (git), SUSE (qemu and tomcat), and Ubuntu (apt, json-c, kernel, linux, linux-raspi2, linux-raspi2-5.3, and openssl).
---------------------------------------------
https://lwn.net/Articles/821794/


∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-spss-statistics-4/


∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability/


∗∗∗ Security Bulletin: Reverse tabnabbing vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4490 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-reverse-tabnabbing-vulnerability-affects-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4490/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-security-siteprotector-system/


∗∗∗ Security Bulletin: IBM MQ for HPE NonStop Server is affected by vulnerability CVE-2020-4352 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4352/


∗∗∗ Security Bulletin: IBM Planning Analytics has addressed multiple Security Vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-has-addressed-multiple-security-vulnerabilities/


∗∗∗ Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0514


∗∗∗ Red Hat Enterprise Linux: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0513

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list