[CERT-daily] Tageszusammenfassung - 23.11.2020

Daily end-of-shift report team at cert.at
Mon Nov 23 18:14:45 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 20-11-2020 18:00 − Montag 23-11-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Jetzt patchen! Exploit-Code bedroht fast 50.000 Fortinet VPNs ∗∗∗
---------------------------------------------
Die Lage um eine ein Jahr alte Lücke in VPN-Systemen von Fortinet spitzt sich zu. Sicherheitspatches sind schon lange verfügbar.
---------------------------------------------
https://heise.de/-4968392


∗∗∗ GitHub fixes high severity security flaw spotted by Google ∗∗∗
---------------------------------------------
Two weeks after Google disclosed a security flaw in GitHub, the Microsoft-owned site has fixed the issue.
---------------------------------------------
https://www.zdnet.com/article/github-fixes-high-severity-security-flaw-spotted-by-google/


∗∗∗ Botnetze suchen massenhaft nach Anmeldedaten in ungesicherten ENV-Dateien ∗∗∗
---------------------------------------------
Die speichern Konfigurationsdaten von Umgebungen wie Docker, Node.js und Symfony. Sicherheitsanbieter finden zuletzt mehr als 1100 aktive Scanner für ENV-Dateien. Hacker erhalten darüber unter Umständen Zugang zu Servern, um Daten zu stehlen und Malware einzuschleusen.
---------------------------------------------
https://www.zdnet.de/88389948/botnetze-suchen-massenhaft-nach-anmeldedaten-in-ungesicherten-env-dateien/


∗∗∗ FBI warns of increasing Ragnar Locker ransomware activity ∗∗∗
---------------------------------------------
The U.S. Federal Bureau of Investigation (FBI) Cyber Division has warned private industry partners of increased Ragnar Locker ransomware activity following a confirmed attack from April 2020.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fbi-warns-of-increasing-ragnar-locker-ransomware-activity/


∗∗∗ LightBot: TrickBot’s new reconnaissance malware for high-value targets ∗∗∗
---------------------------------------------
The notorious TrickBot has gang has released a new lightweight reconnaissance tool used to scope out an infected victims network for high-value targets.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/lightbot-trickbot-s-new-reconnaissance-malware-for-high-value-targets/


∗∗∗ TrickBot turns 100: Latest malware released with new features ∗∗∗
---------------------------------------------
The TrickBot cybercrime gang has released the hundredth version of the TrickBot malware with additional features to evade detection.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/trickbot-turns-100-latest-malware-released-with-new-features/


∗∗∗ PYSA/Mespinoza Ransomware ∗∗∗
---------------------------------------------
Over the course of 8 hours the PYSA/Mespinoza threat actors used Empire and Koadic as well as RDP to move laterally throughout the environment, grabbing credentials from as many [...]
---------------------------------------------
https://thedfirreport.com/2020/11/23/pysa-mespinoza-ransomware/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ ICS Advisory (ICSA-20-324-05) Mitsubishi Electric MELSEC iQ-R Series ∗∗∗
---------------------------------------------
Successful exploitation of this vulnerability could cause a denial-of-service condition for the affected product.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-20-324-05


∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2020-0008 ∗∗∗
---------------------------------------------
Date Reported: November 23, 2020 
Advisory ID: WSA-2020-0008 
CVE identifiers: CVE-2020-13584, CVE-2020-9948,CVE-2020-9951, CVE-2020-9952,CVE-2020-9983. 
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
---------------------------------------------
https://webkitgtk.org/security/WSA-2020-0008.html


∗∗∗ Multiple Vulnerabilities in ZTE WLAN router MF253V ∗∗∗
---------------------------------------------
https://sec-consult.com/./en/blog/advisories/multiple-vulnerabilities-in-zte-wlan-router-mf253v/


∗∗∗ HCL Domino: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1155


∗∗∗ Opera Mini für Android: Schwachstelle ermöglicht Darstellen falscher Informationen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1152


∗∗∗ Trend Micro ServerProtect: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1150


∗∗∗ WordPress Fancy Product Designer For WooCommerce 4.5.1 File Upload ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2020110179


∗∗∗ [webapps] TP-Link TL-WA855RE V5_200415 - Device Reset Auth Bypass ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/49092


∗∗∗ Security Bulletin: IBM Spectrum Protect Server allows Triple DES (3DES) ciphers to be used (CVE-2018-1785) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-server-allows-triple-des-3des-ciphers-to-be-used-cve-2018-1785/


∗∗∗ Security Bulletin: Improper Authentication of Websocket Endpoint in IBM Spectrum Protect Operations Center ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-improper-authentication-of-websocket-endpoint-in-ibm-spectrum-protect-operations-center/


∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime, IBM WebSphere Application Server Liberty, and Apache Commons affect IBM Spectrum Protect Operations Center and IBM Spectrum Protect Client Management Service ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-ibm-websphere-application-server-liberty-and-apache-commons-affect-ibm-spectrum-protect-operations-center-and-ibm-spectrum-protect-client-manag/


∗∗∗ Security Bulletin: Vulnerabilities in IBM Db2 and IBM Java Runtime affect IBM Spectrum Protect Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-db2-and-ibm-java-runtime-affect-ibm-spectrum-protect-server/


∗∗∗ Security Bulletin: Vulnerabilities in jQuery, Spring, Dom4j, MongoDB, Linux Kernel, Targetcli-fb, Jackson, Node.js, and Apache Commons affect IBM Spectrum Protect Plus ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/


∗∗∗ Security Bulletin: Static Credential Vulnerability in IBM Spectrum Protect Plus (CVE-2020-4854) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-static-credential-vulnerability-in-ibm-spectrum-protect-plus-cve-2020-4854/


∗∗∗ Security Bulletin: IBM Spectrum Protect Plus allows use of TLS Version 1.1 protocols (CVE-2020-4783) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-plus-allows-use-of-tls-version-1-1-protocols-cve-2020-4783/


∗∗∗ Security Bulletin: Vulnerability in Python affects IBM Spectrum Protect Plus Microsoft Windows File Systems agent (CVE-2020-15801) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-python-affects-ibm-spectrum-protect-plus-microsoft-windows-file-systems-agent-cve-2020-15801/


∗∗∗ Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-websphere-application-server-liberty-affects-ibm-spectrum-protect-backup-archive-client-web-user-interface-ibm-spectrum-protect-for-space-management-and-ibm/


∗∗∗ Security Bulletin: Vulnerabilities in Apache Commons and Log4j affect IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-commons-and-log4j-affect-ibm-spectrum-protect-backup-archive-client-and-ibm-spectrum-protect-for-virtual-environments/


∗∗∗ Security Bulletin: IBM Java Runtime Vulnerabilities affect the IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerabilities-affect-the-ibm-spectrum-protect-backup-archive-client-ibm-spectrum-protect-for-space-management-and-ibm-spectrum-protect-for-virtual-environments/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list