[CERT-daily] Tageszusammenfassung - 08.09.2020

Daily end-of-shift report team at cert.at
Tue Sep 8 19:13:53 CEST 2020 

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 07-09-2020 18:00 − Dienstag 08-09-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Windows 10 themes can be abused to steal Windows accounts ∗∗∗
---------------------------------------------
Specially crafted Windows 10 themes and theme packs can be used in Pass-the-Hash attacks to steal Windows account credentials from unsuspecting users.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/windows-10-themes-can-be-abused-to-steal-windows-accounts/


∗∗∗ Office: About OLE and ZIP Files, (Mon, Sep 7th) ∗∗∗
---------------------------------------------
A reader asked if a particular Emotet sample was a malformed ZIP file. It is not, and I will explain why you might think it is in this diary entry.
---------------------------------------------
https://isc.sans.edu/diary/rss/26540


∗∗∗ Japan, France, New Zealand Warn of Sudden Uptick in Emotet Trojan Attacks ∗∗∗
---------------------------------------------
Cybersecurity agencies across Asia and Europe have issued multiple security alerts regarding the resurgence of email-based Emotet malware attacks targeting businesses in France, Japan, and New Zealand.
---------------------------------------------
https://thehackernews.com/2020/09/emotet-malware-attack.html


∗∗∗ Was sind Tech-Support Scams? Und: Wie Sie sich davor schützen! ∗∗∗
---------------------------------------------
Ein Tech-Support Scam ist eine Betrugsmasche, wo sich Kriminelle als Service-MitarbeiterInnen von Microsoft oder Apple ausgeben und ein Computerproblem vortäuschen. Die Kontaktaufnahme erfolgt entweder durch die Kriminellen per Telefon oder die Opfer rufen aufgrund eines Pop-Ups selbst bei einer vermeintlichen Service-Stelle an. In beiden Fällen wird eine Fernwartungssoftware installiert, um Zugangsdaten zu erspähen, Schadsoftware zu installieren oder Daten zu löschen oder [...]
---------------------------------------------
https://www.watchlist-internet.at/news/was-sind-tech-support-scams-und-wie-sie-sich-davor-schuetzen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe InDesign (APSB20-52), Adobe Framemaker (APSB20-54) and Adobe Experience Manager (APSB20-56). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1916


∗∗∗ Windows 10 Sandbox activation enables zero-day vulnerability ∗∗∗
---------------------------------------------
A reverse engineer discovered a new zero-day vulnerability in most Windows 10 editions that allows creating files in restricted areas of the operating system.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/windows-10-sandbox-activation-enables-zero-day-vulnerability/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (imagemagick, lemonldap-ng, and zeromq3), Fedora (ark, cryptsetup, gnutls, kernel, kernel-headers, and kernel-tools), openSUSE (firefox, kernel, and thunderbird), Red Hat (cloud-init, go-toolset:rhel8, libcroco, librepo, php:7.3, postgresql:10, and thunderbird), SUSE (firefox and go1.14), and Ubuntu (linux, linux-aws, linux-aws-5.3, linux-aws-5.4, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-azure-5.4, linux-gcp, linux-gcp-4.15, linux-gcp-5.4, [...]
---------------------------------------------
https://lwn.net/Articles/830941/


∗∗∗ SAP Patchday September 2020 ∗∗∗
---------------------------------------------
Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in SAP Produkten und Anwendungskomponenten ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität der Anwendungen zu gefährden.
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-0870


∗∗∗ Citrix StoreFront Security Update ∗∗∗
---------------------------------------------
An issue has been discovered in Citrix StoreFront that, if exploited, would allow an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.
---------------------------------------------
https://support.citrix.com/article/CTX277455


∗∗∗ SSA-770698: User Information Disclosure Vulnerability in Siveillance Video Client ∗∗∗
---------------------------------------------
The Siveillance Video Client contains an information disclosure vulnerability that could allow an attacker to obtain valid adminstrator login names and use this information to launch further attacks.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-770698.txt


∗∗∗ SSA-709003: Privilege Escalation Vulnerability in License Management Utility (LMU) ∗∗∗
---------------------------------------------
The latest update for the License Management Utility (LMU), which is used by multiple Siemens building technology products, fixes a vulnerability that could allow local users to escalate privileges and execute code as local SYSTEM user.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-709003.txt


∗∗∗ SSA-568969: Insecure Storage of Sensitive Information in Spectrum Power™ 4 ∗∗∗
---------------------------------------------
Vulnerabilities in Spectrum Power™ 4 could allow an unauthorized attacker to retrieve a list of software users, or in certain cases to list the contents of a directory.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-568969.txt


∗∗∗ SSA-542525: Authentication Vulnerabilities in SIMATIC HMI Products ∗∗∗
---------------------------------------------
SIMATIC HMI Products are affected by two vulnerabilities that could allow a remote attacker to discover user passwords and obtain access to the Sm at rt Server via a brute-force attack.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-542525.txt


∗∗∗ SSA-534763: Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products ∗∗∗
---------------------------------------------
Security researchers published information on a vulnerability known as Crosstalk (INTEL-SA-00320). This vulnerability affects modern Intel processors to a varying degree.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-534763.txt


∗∗∗ SSA-455843: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products ∗∗∗
---------------------------------------------
CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens and Siemens Energy products for license management.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-455843.txt


∗∗∗ SSA-436520: XSS and CSRF Vulnerabilities in Polarion Subversion Webclient ∗∗∗
---------------------------------------------
Multiple cross-site scripting (XSS) vulnerabilities were found in the subversion webclient of Polarion. In addition, the webclient doesnt have any cross-site request forgery (CSRF) protection. An attacker could inject client side script to induce the victim to issue an HTTP request that would lead to a state changing operation.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-436520.txt


∗∗∗ SSA-381684: Improper Password Protection during Authentication in SIMATIC S7-300 and S7-400 CPUs ∗∗∗
---------------------------------------------
A vulnerability has been identified in SIMATIC S7-300 and S7-400 CPU families, which could result in credential disclosure.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-381684.txt


∗∗∗ SSA-251935: Multiple Privilege Escalation Vulnerabilities in SIMATIC RTLS Locating Manager ∗∗∗
---------------------------------------------
The latest update for SIMATIC RTLS Locating Manager fixes various vulnerabilities that could allow a low-privileged local user to escalate privileges.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-251935.txt


∗∗∗ Red Hat Enterprise Linux: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-0871


∗∗∗ Security Bulletin: Novalink is impacted by denial of service high vulnerability in WebSphere Application Server Liberty CVE-2019-4720 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-denial-of-service-high-vulnerability-in-websphere-application-server-liberty-cve-2019-4720/


∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-6/


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – July 2020 – Includes Oracle July 2020 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-july-2020-includes-oracle-july-2020-cpu-affects-ibm-tivoli-composite-application-manager-for-transactions-robotic-response-time/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affecting-tivoli-netcool-omnibus-cve-2020-2654/


∗∗∗ Security Bulletin: Security Bulletin: Novalink is impacted by Publicly disclosed vulnerability in IBM Java SDK/JRE (CVE-2019-4732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-novalink-is-impacted-by-publicly-disclosed-vulnerability-in-ibm-java-sdk-jre-cve-2019-4732/


∗∗∗ Security Bulletin: Novalink is impacted Apache CXF affects middle vulnerability in WebSphere Application Server Liberty (CVE-2019-12406) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-apache-cxf-affects-middle-vulnerability-in-websphere-application-server-liberty-cve-2019-12406/


∗∗∗ Security Bulletin: Novalink is impacted by Apache CXF affects WebSphere Liberty JAX-WS middle vulnerability in WebSphere Application Server Liberty (CVE-2019-17573) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-apache-cxf-affects-websphere-liberty-jax-ws-middle-vulnerability-in-websphere-application-server-liberty-cve-2019-17573/


∗∗∗ Security Bulletin: Vulnerability in Apache Ant affects IBM Platform Symphony and IBM Spectrum Symphony ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-ant-affects-ibm-platform-symphony-and-ibm-spectrum-symphony/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list