[CERT-daily] Tageszusammenfassung - 29.09.2020

Tue Sep 29 18:14:51 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 28-09-2020 18:00 − Dienstag 29-09-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 ∗∗∗
---------------------------------------------
The Netlogon Remote Protocol (also called MS-NRPC) is an RPC interface that is used exclusively by domain-joined devices. MS-NRPC includes an authentication method and a method of establishing a Netlogon secure channel. These updates enforce the specified Netlogon client behavior to use secure RPC with Netlogon secure channel between member computers and Active Directory (AD) domain controllers (DC). This security update addresses the vulnerability by enforcing secure RPC when using the [...]
---------------------------------------------
https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc


∗∗∗ Windows 10 is offering a confusing mess of Intel driver updates ∗∗∗
---------------------------------------------
Windows 10 2004 is offering optional updates for Intel drivers that are a confusing mess for users who attempt to install them.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/windows-10-is-offering-a-confusing-mess-of-intel-driver-updates/


∗∗∗ Backdoor Obfuscation: tempnam & URL Encoding ∗∗∗
---------------------------------------------
In an attempt to avoid detection, attackers and malware authors are always experimenting with different methods to obfuscate their malicious code. During a recent investigation, we came across an interesting backdoor that was leveraging encoding along with common PHP functions to conceal its operations from any active security systems on the host.  This PHP web shell uses the following obfuscation method, where the web shell code is stored in URL encoded format and assigned to the variable $i: [...]
---------------------------------------------
https://blog.sucuri.net/2020/09/backdoor-obfuscation-tempnam-url-encoding.html


∗∗∗ [SANS ISC] Managing Remote Access for Partners & Contractors ∗∗∗
---------------------------------------------
I published the following diary on isc.sans.edu: "Managing Remote Access for Partners & Contractors": Yesterday, I wrote a quick diary about a potential security issue that some Tyler customers faced. Some people reacted to my diary with interesting comments in our forums. Two of them were interesting and deserve some [...]
---------------------------------------------
https://blog.rootshell.be/2020/09/29/sans-isc-managing-remote-access-for-partners-contractors/


∗∗∗ Cloud-y, with a chance of hacking all the wireless things ∗∗∗
---------------------------------------------
Grandstream are a provider of IP video and voice services, as well as Wi-Fi and other related services and equipment. Their products are sold in over 150 countries and they [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/cloudy-with-a-chance-of-hacking-all-the-wireless-things/


∗∗∗ Playstation 5 nicht bei biogaming.de vorbestellen ∗∗∗
---------------------------------------------
Viele warten schon sehnsüchtig auf die neue Playstation 5. Um zum Verkaufsstart im November auch mit Sicherheit ein Modell zu ergattern, suchen KonsumentInnen nach Onlineshops, die noch eine Vorbestellung annehmen. Vorsicht ist jedoch geboten: Auch Fake-Shop bieten die Playstation 5 an! Wer beispielsweise bei biogaming.de bestellt, erhält trotz Bezahlung keine Ware.
---------------------------------------------
https://www.watchlist-internet.at/news/playstation-5-nicht-bei-biogamingde-vorbestellen/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Critical Information Disclosure on WP Courses plugin exposes private course videos and materials ∗∗∗
---------------------------------------------
Today weve got an interesting story to share. A vulnerability in WP Courses caused our Java course to be publicly disclosed via the WordPress REST API. Let’s dive into the details and see what happened.
---------------------------------------------
https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/


∗∗∗ Security-Updates für Windows-Versionen von Foxit Reader und PhantomPDF verfügbar ∗∗∗
---------------------------------------------
Das Foxit-Team hat Sicherheitslücken mit überwiegend hoher Risikoeinstufung aus Reader und PhantomPDF für Windows sowie aus dem 3D Plugin (Beta) beseitigt.
---------------------------------------------
https://heise.de/-4915016


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr and mediawiki), openSUSE (firefox, libqt5-qtbase, and rubygem-actionpack-5_1), Red Hat (qemu-kvm, qemu-kvm-ma, and virt:rhel), SUSE (dpdk, firefox, and go1.15), and Ubuntu (dpdk, imagemagick, italc, libpgf, libuv1, pam-python, squid3, ssvnc, and teeworlds).
---------------------------------------------
https://lwn.net/Articles/832958/


∗∗∗ Trend Micro Security Produkte: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-0938


∗∗∗ Security Bulletin: IBM Security Verify Privilege Vault Remote is vulnerable to local user security bypass (CVE-2020-4607) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-privilege-vault-remote-is-vulnerable-to-local-user-security-bypass-cve-2020-4607/


∗∗∗ Security Bulletin: App Connect Enterprise Certified Container is vulnerable to (CVE-2020-8244) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-is-vulnerable-to-cve-2020-8244/


∗∗∗ Security Bulletin: App Connect Enterprise Certified Container is vulnerable to an infinite read loop (CVE-2020-16845) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-is-vulnerable-to-an-infinite-read-loop-cve-2020-16845/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-i-4/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Kubernetes vulnerabilities (CVE-2020-8557, CVE-2020-8559) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-kubernetes-vulnerabilities-cve-2020-8557-cve-2020-8559/


∗∗∗ Security Bulletin: App Connect Enterprise Certified Container is vulnerable to a regular expression infinite loop (NODE-SECURITY-1488) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-is-vulnerable-to-a-regular-expression-infinite-loop-node-security-1488/


∗∗∗ Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i is affected by CVE-2020-2590 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java-runtime-for-ibm-i-is-affected-by-cve-2020-2590/


∗∗∗ Security Bulletin: Aspera on Cloud CVE-2020-8184 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-aspera-on-cloud-cve-2020-8184/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to a Kubernetes vulnerability (CVE-2020-8553) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-kubernetes-vulnerability-cve-2020-8553/


∗∗∗ Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i is affected by CVE-2020-2601 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java-runtime-for-ibm-i-is-affected-by-cve-2020-2601/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily