Daily January 2020

daily@lists.cert.at

1 participants
21 discussions

Tageszusammenfassung - 31.01.2020
by Daily end-of-shift report 31 Jan '20

31 Jan '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 30-01-2020 18:00 − Freitag 31-01-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Microsoft Detects New Evil Corp Malware Attacks After Short Break ∗∗∗ --------------------------------------------- Microsoft says that an ongoing Evil Corp phishing campaign is using attachments featuring HTML redirectors for delivering malicious Excel documents, this being the first time the threat actors have been seen adopting this technique. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-detects-new-evil-c… ∗∗∗ Researcher Finds Over 60 Vulnerabilities in Physical Security Systems ∗∗∗ --------------------------------------------- The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) recently published an advisory to warn users of Honeywell’s MAXPRO video management system (VMS) and network video recorder (NVR) products that Austria-based researcher Joachim Kerschbaumer had identified two serious vulnerabilities that could allow hackers to take control of affected systems. --------------------------------------------- https://www.securityweek.com/researcher-finds-over-60-vulnerabilities-physi… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libsolv, libxmlrpc3-java, openjpeg2, qemu, and suricata), Fedora (ansible, chromium, java-latest-openjdk, links, mingw-openjpeg2, nss, openjpeg2, python-pillow, thunderbird, webkit2gtk3, and xen), Mageia (gdal, java-1.8.0-openjdk, mariadb, openjpeg2, and sqlite3), Oracle (kernel), Red Hat (rh-java-common-xmlrpc), SUSE (e2fsprogs, ImageMagick, php72, tigervnc, and wicked), and Ubuntu (keystone). --------------------------------------------- https://lwn.net/Articles/811199/ ∗∗∗ GistPress < 3.0.2 - Authenticated Stored XSS ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/10053 ∗∗∗ Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to a denial of service attack caused by specially constructed messages. (CVE-2019-4432) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-ibm-mq-applian… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Content Collector for Email is affected by a information disclosure vulnerability in WebSphere Application Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-ema… ∗∗∗ Security Bulletin: Security vulnerabilities in the jackson-databind routines fixed in IBM Security Access Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to Intel escalation of privilege vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-released-unified-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.01.2020
by Daily end-of-shift report 30 Jan '20

30 Jan '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 29-01-2020 18:00 − Donnerstag 30-01-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Network Traffic Analysis for IR: SSH Protocol with Wireshark ∗∗∗ --------------------------------------------- Introduction to the SSH protocol The Secure Shell (SSH) is designed to allow confidential and authenticated remote access to a computer. Like the Telnet protocol, it enables a user to remotely access a command shell on a machine, run commands and access the results. However, unlike Telnet, SSH traffic is fully encrypted, making it the [...] --------------------------------------------- https://resources.infosecinstitute.com/network-traffic-analysis-for-ir-ssh-… ∗∗∗ Collating Hacked Data Sets ∗∗∗ --------------------------------------------- Two Harvard undergraduates completed a project where they went out on the Dark Web and found a bunch of stolen datasets. Then they correlated all the information, and then combined it with additional, publicly available information. No surprise: the result was much more detailed and personal."What we were able to do is alarming because we can now find vulnerabilities in peoples online presence very quickly," Metropolitansky said. --------------------------------------------- https://www.schneier.com/blog/archives/2020/01/collating_hacke.html ∗∗∗ Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers ∗∗∗ --------------------------------------------- Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. Azure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any --------------------------------------------- https://thehackernews.com/2020/01/microsoft-azure-vulnerabilities.html ===================== = Vulnerabilities = ===================== ∗∗∗ Privilege escalation in Bitdefender Antivirus for Mac (VA-3499) ∗∗∗ --------------------------------------------- A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. --------------------------------------------- https://www.bitdefender.com/support/security-advisories/privilege-escalatio… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (graphicsmagick, opensmtpd, webkit2gtk, wget, and zlib), openSUSE (apt-cacher-ng, GraphicsMagick, java-1_8_0-openjdk, mailman, mumble, rubygem-excon, sarg, and shadowsocks-libev), Oracle (libarchive and openjpeg2), Red Hat (firefox, fribidi, openjpeg2, SDL, and thunderbird), Scientific Linux (openjpeg2), SUSE (glibc, java-1_8_0-openjdk, and rmt-server), and Ubuntu (Apache Solr and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/811025/ ∗∗∗ Elementor Page Builder < 2.7.6 - Authenticated Stored XSS ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/10052 ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2019-3815) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-15473) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Security vulnerabilities in the jackson-databind routines fixed in IBM Security Access Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-11214, CVE-2018-11213, CVE-2018-11212) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 – July 2019 and October 2019 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2019-11479, CVE-2019-11478, CVE-2019-11477) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-12404) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.01.2020
by Daily end-of-shift report 29 Jan '20

29 Jan '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 28-01-2020 18:00 − Mittwoch 29-01-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Critical Flaws in Magento e-Commerce Platform Allow Code-Execution ∗∗∗ --------------------------------------------- Admins are encouraged to update their websites to stave off attacks from Magecart card-skimmers and others. --------------------------------------------- https://threatpost.com/critical-flaws-magento-ecommerce-code-execution/1523… ∗∗∗ New Snake Ransomware Targets ICS Processes ∗∗∗ --------------------------------------------- A recently uncovered piece of file-encrypting ransomware, which some believe may be linked to Iran, has been targeting processes and files associated with industrial control systems (ICS). --------------------------------------------- https://www.securityweek.com/new-snake-ransomware-targets-ics-processes ∗∗∗ Attacker’s Tactics and Techniques in Unsecured Docker Daemons Revealed ∗∗∗ --------------------------------------------- We found an additional 1,400 unsecured Docker hosts and outline in this research some of the common tactics and techniques we found being used by attackers in compromised Docker engines. --------------------------------------------- https://unit42.paloaltonetworks.com/attackers-tactics-and-techniques-in-uns… ===================== = Vulnerabilities = ===================== ∗∗∗ Kritische Sicherheitslücke in OpenSMTPD erlaubt(e) Codeausführung aus der Ferne ∗∗∗ --------------------------------------------- BSD- und Linux-Server, auf denen OpenSMTPD läuft, brauchen umgehend ein Update auf Version 6.6.2p1. Es fixt eine kritische Remote-Code-Execution-Lücke. --------------------------------------------- https://heise.de/-4648501 ∗∗∗ D-LINK Router: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- Router der Firma D-LINK enthalten eine Firewall und in der Regel eine WLAN-Schnittstelle. Die Geräte sind hauptsächlich für private Anwender und Kleinunternehmen konzipiert. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/01/warn… ∗∗∗ 200K WordPress Sites Exposed to Takeoker Attacks by Plugin Bug ∗∗∗ --------------------------------------------- A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu. --------------------------------------------- https://www.bleepingcomputer.com/news/security/200k-wordpress-sites-exposed… ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: tvOS 13.3.1 Safari 13.0.5 iOS 13.3.1 and iPadOS 13.3.1 macOS Catalina 10.15.3, [...] --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2020/01/28/apple-releases-mul… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (apache-commons-beanutils, java-1.8.0-openjdk, libarchive, openjpeg2, openslp, python-reportlab, and sqlite), Debian (hiredis, otrs2, and unzip), openSUSE (apt-cacher-ng, git, samba, sarg, and storeBackup), Oracle (openjpeg2), Red Hat (libarchive, openjpeg2, sqlite, and virt:rhel), SUSE (aws-cli and python-reportlab), and Ubuntu (libgcrypt11, linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-oracle-5.0, linux-hwe, linux-hwe, linux-aws-hwe, [...] --------------------------------------------- https://lwn.net/Articles/810881/ ∗∗∗ FreeBSD OS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0080 ∗∗∗ Cisco Small Business Switches Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business Switches Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabiltiies in PHP. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bladecenter-advanced-… ∗∗∗ Security Bulletin: WebSphere Application Server browser stack trace vulnerability affects IBM Control Center (CVE-2019-4441) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: WebSphere Application Server improper cookie setting vulnerability affects IBM Control Center (CVE-2019-4305) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-12402) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-denial-of-servi… ∗∗∗ Security Bulletin: Multiple security vulnerabilities were fixed in IBM Security Access Manager Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Java Vulnerability Impacts IBM Control Center (CVE-2019-2989) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerability-impact… ∗∗∗ Security Bulletin: Multiple Websphere to HTTP2 implementation vulnerabilities affect IBM Control Center ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-websphere-to-htt… ∗∗∗ Security Bulletin: IBM WebSphere Application Server – Liberty improper session validation vulnerability affects IBM Control Center (CVE-2019-4304) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application… ∗∗∗ Security Bulletin: Multiple security vulnerabilities were fixed in IBM Security Access Manager Appliance (CVE-2019-3861, CVE-019-3858) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Vulnerability in Apache PDFBox Affects IBM Control Center (CVE-2019-0228) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-p… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.01.2020
by Daily end-of-shift report 28 Jan '20

28 Jan '20

===================== = End-of-Day report = ===================== Timeframe: Montag 27-01-2020 18:00 − Dienstag 28-01-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitslücken: L1DES und VRS machen Intel-Chips angreifbar ∗∗∗ --------------------------------------------- Neue Attacken per Microarchitectural Data Sampling (MDS) treffen Intel-Prozessoren: Bei L1DES alias Cache Out ist der L1-Puffer das Ziel, bei VRS werden Vector-Register ausgenutzt. Intel arbeitet an Microcode-Updates. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-l1des-und-vrs-machen-intel-chi… ∗∗∗ Millions of Devices Using LoRaWAN Exposed to Hacker Attacks ∗∗∗ --------------------------------------------- Millions of devices deployed across a wide range of sectors could be exposed to hacker attacks due to security issues associated with the use of LoRaWAN, cybersecurity firm IOActive warned on Tuesday. --------------------------------------------- https://www.securityweek.com/millions-devices-using-lorawan-exposed-hacker-… ∗∗∗ Umfrage führt zu Geldwäsche in Ihrem Namen! ∗∗∗ --------------------------------------------- Auf diversen Job-Portalen stoßen Sie momentan auf Ausschreibungen betrügerischer Umfrageportale wie die HENRIKSON Research GmbH. Schon bei der Registrierung verlangt man Ihre Ausweiskopie sowie Selfies mit Pass oder Personalausweis. Melden Sie sich hier nicht an! Kriminelle stehlen Ihre Daten und tarnen die Eröffnung eines Bankkontos in Ihrem Namen als bezahlte Umfrage. Achtung: Auch diverse andere Websites locken in diese Falle. --------------------------------------------- https://www.watchlist-internet.at/news/umfrage-fuehrt-zu-geldwaesche-in-ihr… ∗∗∗ E-Mail: Doppelte Abbuchung Ihrer Magenta-Rechnung ist Fake ∗∗∗ --------------------------------------------- „Aufgrund eines Fehlers unserer Rechnungsabteilung wurde Ihnen das Doppelte Ihrer letzten Rechnung in Rechnung gestellt“ heißt es in der betrügerischen E-Mail, die angeblich von Magenta versendet wurde. Sie werden weiters aufgefordert, eine Rückerstattung zu beantragen. Klicken Sie keinesfalls auf den Link, Sie gelangen auf eine gefälschte Magenta-Seite. Kriminelle stehlen Ihre Zugangs- und Kreditkartendaten. --------------------------------------------- https://www.watchlist-internet.at/news/e-mail-doppelte-abbuchung-ihrer-mage… ∗∗∗ Attacking Azure, Azure AD, and Introducing PowerZure ∗∗∗ --------------------------------------------- Over the past decade, Azure’s presence in businesses has grown significantly as new features and support were added to Azure. The purpose of this article is to cover three main points: 1. Explain the components of Azure and how they fit into a modern IT environment. 2. Explain how certain things within Azure can be leveraged from an offensive perspective. 3. Introduce the PowerZure project and explain how it helps offensive operations against Azure. --------------------------------------------- https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerz… ===================== = Vulnerabilities = ===================== ∗∗∗ [20200103] - Core - XSS in com_actionlogs ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 3.9.0-3.9.14 Exploit type: XSS Reported Date: 2019-December-25 Fixed Date: 2020-January-28 CVE Number: CVE-2020-xxxxx Description Inadequate escaping of usernames allow XSS attacks in com_actionlogs. Affected Installs Joomla! CMS versions 3.9.0 - 3.9.14 Solution Upgrade to version 3.9.15 Contact The JSST at the Joomla! Security Centre. Reported By: Mayank Kumbhar from Techjoomla --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/12kRPDhkkFM/800-20200103-c… ∗∗∗ [20200102] - Core - CSRF com_templates LESS compiler ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 3.0.0-3.9.14 Exploit type: CSRF Reported Date: 2019-December-18 Fixed Date: 2020-January-28 CVE Number: CVE-2020-xxxxx Description A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.14 Solution Upgrade to version 3.9.15 Contact The JSST at the Joomla! Security Centre. Reported By: Lee Thao from Viettel Cyber Security --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/gs3oN6Illx8/799-20200102-c… ∗∗∗ [20200101] - Core - CSRF in batch actions ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.0.0-3.9.14 Exploit type: CSRF Reported Date: 2019-December-23 Fixed Date: 2020-January-28 CVE Number: CVE-2020-xxxxx Description Missing token checks in the batch actions of various components causes CSRF vulnerabilities. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.14 Solution Upgrade to version 3.9.15 Contact The JSST at the Joomla! Security Centre. Reported By: Lee Thao from Viettel Cyber Security --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/9zV9kdB-WAw/798-20200101-c… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (iperf3, openjpeg2, and tomcat7), Mageia (ansible, c3p0, fontforge, glpi, gthumb, libbsd, libmediainfo, libmp4v2, libqb, libsass, mbedtls, opencontainers-runc, php, python-pip, python-reportlab, python3, samba, sysstat, tomcat, virtualbox, and webkit2), openSUSE (java-11-openjdk, libredwg, and sarg), Oracle (sqlite), Red Hat (libarchive, nss, and openjpeg2), Scientific Linux (sqlite), SUSE (nodejs6), and Ubuntu (cyrus-sasl2, linux, linux-aws, linux, [...] --------------------------------------------- https://lwn.net/Articles/810771/ ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by OpenSSL vulnerabilities (CVE-2018-0734 and CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: An Apache Commons Compress vulnerability has been identified with the embedded IBM FileNet P8 Content Platform Engine component in IBM Business Process Manager and IBM Business Automation Workflow ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-an-apache-commons-compres… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by an OpenSSH vulnerability (CVE-2018-15473) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-ze ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vyatta-5600-vrouter-softw… ∗∗∗ Security Bulletin: IBM MQ Appliance affected by HTTP/2 vulnerabilities (CVE-2019-9511 and CVE-2019-9513) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-affected… ∗∗∗ Security Bulletin: A security vulnerability was fixed in IBM Security Access Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In WebSphere Application Server ND shipped with IBM Security Identity Manager (CVE-2019-4505) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.01.2020
by Daily end-of-shift report 27 Jan '20

27 Jan '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 24-01-2020 18:00 − Montag 27-01-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ DIVD-2020-00002 - Wildcard certificates Citrix ADC ∗∗∗ --------------------------------------------- Our analysis of the scan data collected on the night of January 9 to 10 shows that of the more than 700 vulnerable Citrix servers identified in the Netherlands, over 450 used wildcard certificates. [...] Recommendation: Revoke and replace certificates (preferably for non-wildcard versions) unless you can reliable determine that the Citrix system wasn't compromised. --------------------------------------------- https://www.securitymeldpunt.nl/cases/DIVD-2020-00002/ ∗∗∗ Mitsubishi-Hack: Sicherheitslücke in Anti-Viren-Software als Einfallstor ∗∗∗ --------------------------------------------- Es gibt neue Details über die Hacker-Attacke auf Mitsubishi Electric. Mittlerweile ist die Sicherheitslücke bekannt und was die Angreifer kopiert haben. --------------------------------------------- https://heise.de/-4646386 ∗∗∗ Potenziell schädlich: Mozilla löscht 197 Add-ons für Firefox ∗∗∗ --------------------------------------------- Mozilla hat insgesamt 197 Add-ons für Firefox gelöscht, die potenziell schädlich waren. Die meisten stammten vom selben Anbieter. --------------------------------------------- https://heise.de/-4646392 ∗∗∗ New Ryuk Info Stealer Targets Government and Military Secrets ∗∗∗ --------------------------------------------- A new version of the Ryuk Stealer malware has been enhanced to allow it to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-ryuk-info-stealer-target… ∗∗∗ Does Your Domain Have a Registry Lock? ∗∗∗ --------------------------------------------- If youre running a business online, few things can be as disruptive or destructive to your brand as someone stealing your companys domain name and doing whatever they wish with it. Even so, most major Web site owners arent taking full advantage of the security tools available to protect their domains from being hijacked. Heres the story of one recent victim who was doing almost everything possible to avoid such a situation and still had a key domain stolen by scammers. --------------------------------------------- https://krebsonsecurity.com/2020/01/does-your-domain-have-a-registry-lock/ ∗∗∗ PoC Exploits Created for Recently Patched BlueGate Windows Server Flaws ∗∗∗ --------------------------------------------- Proof-of-concept (PoC) exploits have been released for two recently patched Remote Desktop Gateway vulnerabilities that can be exploited for remote code execution. --------------------------------------------- https://www.securityweek.com/poc-exploits-created-recently-patched-bluegate… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jsoup and slirp), Fedora (community-mysql, elog, fontforge, libuv, libvpx, mingw-podofo, nodejs, opensc, podofo, thunderbird-enigmail, transfig, and xfig), openSUSE (arc, libssh, and libvpx), Red Hat (git, java-1.8.0-openjdk, java-11-openjdk, python-reportlab, and sqlite), Slackware (thunderbird), and SUSE (java-1_8_0-openjdk, python, and samba). --------------------------------------------- https://lwn.net/Articles/810614/ ∗∗∗ Fortinet removes SSH and database backdoors from its SIEM product ∗∗∗ --------------------------------------------- Patches have been released for CVE-2019-17659 and CVE-2019-16153. --------------------------------------------- https://www.zdnet.com/article/fortinet-removes-ssh-and-database-backdoors-f… ∗∗∗ Linux kernel vulnerability CVE-2019-19069 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K60130614 ∗∗∗ WPS Hide Login < 1.5.5 - Secret Login Page Disclosure ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/10046 ∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2019-4638) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM Watson IoT MessageGateway Server is affected by a buffer overflow vulnerability (CVE-2020-4207) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-iot-messagegat… ∗∗∗ Security Bulletin: Vulnerability in IBM Websphere Application Server Liberty used by IBM Cloud Pak System (CVE-2019-12402) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-webs… ∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2019-4639) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2019-4632) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Secret Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2019-4637) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM MQ is vulnerable to a denial of service attack caused by converting an invalid message. (CVE-2019-4614) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a… ∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2019-4635) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Overly Permissive CORS Policy vulnerability found on IBM Security Secret Server (CVE-2019-4633) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-overly-permissive-cors-po… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.01.2020
by Daily end-of-shift report 24 Jan '20

24 Jan '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-01-2020 18:00 − Freitag 24-01-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ TrickBot Now Steals Windows Active Directory Credentials ∗∗∗ --------------------------------------------- A new module for the TrickBot trojan has been discovered that targets the Active Directory database stored on compromised Windows domain controllers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/trickbot-now-steals-windows-… ∗∗∗ NSA Releases Guidance on Mitigating Cloud Vulnerabilities ∗∗∗ --------------------------------------------- The National Security Agency (NSA) has released an information sheet with guidance on mitigating cloud vulnerabilities. NSA identifies cloud security components and discusses threat actors, cloud vulnerabilities, and potential mitigation measures. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and users to review NSAs guidance on Mitigating Cloud Vulnerabilities and CISA’s page on APTs Targeting IT Service [...] --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2020/01/24/nsa-releases-guida… ∗∗∗ Kaspersky: Shlayer-Trojaner und Adware häufigste Bedrohungen für Mac-Nutzer ∗∗∗ --------------------------------------------- Shlayer wird auch über Links auf großen Seiten wie YouTube und Wikipedia verbreitet, warnt die Sicherheitsfirma. Der Trojaner schleuste bislang nur Adware ein. --------------------------------------------- https://heise.de/-4645548 ∗∗∗ Hackers target unpatched Citrix servers to deploy ransomware ∗∗∗ --------------------------------------------- REvil ransomware gang has been spotted abusing Citrix bug to infect victims. --------------------------------------------- https://www.zdnet.com/article/hackers-target-unpatched-citrix-servers-to-de… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Fixes now available for Citrix ADC, Citrix Gateway versions 12.1 and 13.0 ∗∗∗ --------------------------------------------- Today, we released permanent fixes to address the CVE-2019-19781 vulnerability for Citrix Application Delivery Controller (ADC) and Citrix Gateway versions 12.1 and 13.0. These fixes are available to download for ADC and Gateway. --------------------------------------------- https://www.citrix.com/blogs/2020/01/23/fixes-now-available-for-citrix-adc-… ∗∗∗ MDhex: Angreifer könnten medizinische Geräte von GE Healthcare kontrollieren ∗∗∗ --------------------------------------------- Aufgrund von unsicheren Standardeinstellungen und veralteter Software mit Sicherheitslücken ist die Überwachung von Patienten gefährdet. --------------------------------------------- https://heise.de/-4645197 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (git and python-apt), Oracle (openslp), Red Hat (chromium-browser and ghostscript), SUSE (samba, slurm, and tomcat), and Ubuntu (clamav, gnutls28, and python-apt). --------------------------------------------- https://lwn.net/Articles/810459/ ∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2020-0001 ∗∗∗ --------------------------------------------- Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2019-8835 Versions affected: WebKitGTK before 2.26.3 and WPE WebKit before 2.26.3. Credit to Anonymous working with Trend Micro’s Zero Day Initiative, Mike Zhang of Pangu Team. Impact: Processing maliciously crafted web content may lead toarbitrary code execution. --------------------------------------------- https://webkitgtk.org/security/WSA-2020-0001.html ∗∗∗ wpCentral < 1.4.8 - Privilege Escalation ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/10045 ∗∗∗ Security Bulletin: IBM MQ for HP NonStop Server is affected by multiple OpenSSL vulnerabilities (CVE-2019-1547,CVE-2019-1549, CVE-2019-1563) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-ser… ∗∗∗ Security Bulletin: IBM MQ Appliance affected by NSS and libgcrypt vulnerabilities (CVE-2018-12404 and CVE-2018-0495) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-affected… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by an MIT Kerberos 5 vulnerability (CVE-2017-11462) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by an unauthorised access vulnerability (CVE-2019-4621) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: IBM MQ Appliance could allow a local attacker to bypass security restrictions (CVE-2019-4620) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-al… ∗∗∗ Security Bulletin: IBM MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2019-1552 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-ser… ∗∗∗ Security Bulletin: CVE-2019-2989 vulnerabilitiy in IBM Java Runtime affects IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-2989-vulnerabili… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.01.2020
by Daily end-of-shift report 23 Jan '20

23 Jan '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-01-2020 18:00 − Donnerstag 23-01-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Datenleck: Microsoft-Datenbank mit 250 Millionen Support-Fällen im Netz ∗∗∗ --------------------------------------------- Rund einen Monat konnte auf eine Datenbank des Microsoft-Supports über das Internet zugegriffen werden. Die Fälle reichen bis in das Jahr 2005 zurück. --------------------------------------------- https://www.golem.de/news/datenleck-microsoft-datenbank-mit-250-millionen-s… ∗∗∗ Datenleck bei Autovermietung Buchbinder: Was Betroffene jetzt tun können ∗∗∗ --------------------------------------------- Auskunftsansprüche, Meldepflichten oder sogar Schadensersatz: Was können die drei Millionen Betroffenen unternehmen und welche Rechte stehen ihnen zu? --------------------------------------------- https://heise.de/-4644140 ===================== = Vulnerabilities = ===================== ∗∗∗ Keine Anmeldung nötig - Angreifer könnten Cisco Firepower übernehmen ∗∗∗ --------------------------------------------- Es sind Sicherheitsupdates für verschiedene Cisco-Produkte erschienen. Eine Lücke gilt als kritisch. --------------------------------------------- https://heise.de/-4644474 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by openSUSE (chromium, libredwg, and thunderbird), Oracle (apache-commons-beanutils, java-1.8.0-openjdk, libarchive, and python-reportlab), Red Hat (kernel), Scientific Linux (apache-commons-beanutils, libarchive, and openslp), SUSE (java-11-openjdk), and Ubuntu (e2fsprogs, graphicsmagick, python-apt, and zlib). --------------------------------------------- https://lwn.net/Articles/810367/ ∗∗∗ PHP: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0067 ∗∗∗ Calculated Fields Form < 1.0.354 - Authenticated Stored XSS ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/10043 ∗∗∗ SpamSpan filter - Moderately critical - Cross site scripting - SA-CONTRIB-2020-002 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2020-002 ∗∗∗ Security Bulletin: A security vulnerability has been identified in OpenCV shipped with PowerAI ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSSH (CVE-2018-15919) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management… ∗∗∗ Security Bulletin: A security vulnerability has been identified in lodash shipped with PowerAI. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM Security Information Queue uses database components with known vulnerabilities (CVE-2016-3506, CVE-2018-1058, CVE-2018-10936, CVE-2019-9193) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-information-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.01.2020
by Daily end-of-shift report 22 Jan '20

22 Jan '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-01-2020 18:00 − Mittwoch 22-01-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Actively Exploited IE 11 Zero-Day Bug Gets Temporary Patch ∗∗∗ --------------------------------------------- A micropatch implementing Microsofts workaround for the actively exploited zero-day remote code execution (RCE) vulnerability impacting Internet Explorer is now available via the 0patch platform until an official fix will be released. --------------------------------------------- https://www.bleepingcomputer.com/news/security/actively-exploited-ie-11-zer… ∗∗∗ sLoad launches version 2.0, Starslord ∗∗∗ --------------------------------------------- sLoad has launched version 2.0. With the new version, sLoad, which is a PowerShell-based Trojan downloader notable for its almost exclusive use of the Windows BITS service for malicious activities, has added an anti-analysis trick and the ability to track the stage of infection for every affected machine. --------------------------------------------- https://www.microsoft.com/security/blog/2020/01/21/sload-launches-version-2… ∗∗∗ FireEye and Citrix Tool Scans for Indicators of Compromise Related to CVE-2019-19781 ∗∗∗ --------------------------------------------- [...] To help organizations identify compromised systems associated with CVE-2019-19781, FireEye and Citrix worked together to release a new tool that searches for indicators of compromise (IoC) associated with attacker activity observed by FireEye Mandiant. This tool is freely accessible in both the Citrix and FireEye GitHub repositories. --------------------------------------------- https://www.fireeye.com/blog/products-and-services/2020/01/fireeye-and-citr… ∗∗∗ Aktuelle Welle: Ursnif-Trojaner versteckt sich in Zip-Archiven ∗∗∗ --------------------------------------------- Derzeit sind mal wieder vermehrt E-Mails mit gefährlichem Dateianhang in Umlauf. Der Schädling namens Ursnif hat es unter anderem auf Account-Daten abgesehen. --------------------------------------------- https://heise.de/-4643571 ∗∗∗ Achtung: Gekaperte WhatsApp-Kontakte verlangen Verifizierungscode ∗∗∗ --------------------------------------------- Einige WhatsApp-UserInnen berichten von eigenen Kontakten, die per WhatsApp einen Verifizierungscode verlangen. Die Profile dieser Kontakte wurden bereits über die gleiche Betrugsmasche übernommen. Wer auf die Nachrichten der vermeintlichen Bekannten und Familienmitglieder mit den angeforderten Codes antwortet, verliert das eigene WhatsApp-Profil an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-gekaperte-whatsapp-kontakte-… ∗∗∗ In enterprise attack wave, NetWire Trojan now buries itself in disk image files ∗∗∗ --------------------------------------------- Enterprise companies are being targeted by a business email scam harnessing the Trojan. --------------------------------------------- https://www.zdnet.com/article/in-new-enterprise-attack-wave-netwire-rat-tro… ===================== = Vulnerabilities = ===================== ∗∗∗ Honeywell Maxpro VMS & NVR ∗∗∗ --------------------------------------------- This advisory contains mitigations for deserialization of untrusted data and SQL injection vulnerabilities in Honeywells MAXPRO VMS & NVR video management systems. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-021-01 ∗∗∗ Bitdefender BOX 2 bootstrap download_image command injection vulnerability ∗∗∗ --------------------------------------------- An exploitable command injection vulnerability exists in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/download_image unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. An unauthenticated attacker should impersonate a remote nimbus server to trigger this vulnerability. --------------------------------------------- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0919 ∗∗∗ Sicherheitsupdate: AMD-Treiber und VMware können ein gefährlicher Cocktail sein ∗∗∗ --------------------------------------------- Angreifer könnten mit einem präparierten Pixel Shader eine AMD-Treiber-Lücke ausnutzen, um aus einer VM auszubrechen. --------------------------------------------- https://heise.de/-4643294 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (tiff and transfig), Fedora (thunderbird-enigmail), Mageia (ffmpeg and sox), openSUSE (fontforge, python3, and tigervnc), Oracle (python-reportlab), Red Hat (apache-commons-beanutils, java-1.8.0-openjdk, kernel, kernel-alt, libarchive, openslp, openvswitch2.11, openvswitch2.12, and python-reportlab), Scientific Linux (java-1.8.0-openjdk and python-reportlab), SUSE (samba and tigervnc), and Ubuntu (python-pysaml2). --------------------------------------------- https://lwn.net/Articles/810282/ *** Cisco Security Advisories *** --------------------------------------------- https://tools.cisco.com/security/center/publicationListing.x ∗∗∗ IBM Security Bulletins (High Severity) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/tag/psirthigh/ ∗∗∗ Security Bulletin: IBM Integration Bus Hyper visor Edition V9.0 require customer action for security vulnerabilities in Red Hat Linux ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-hyper… ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200122-… ∗∗∗ Security Advisory - Two Integer Overflow Vulnerabilities in LDAP of Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200115-… ∗∗∗ Security Advisory - Insufficient Verification Vulnerability in Some Huawei products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200122-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.01.2020
by Daily end-of-shift report 21 Jan '20

21 Jan '20

===================== = End-of-Day report = ===================== Timeframe: Montag 20-01-2020 18:00 − Dienstag 21-01-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ SIM Hijacking ∗∗∗ --------------------------------------------- SIM hijacking -- or SIM swapping -- is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Since your smartphone often serves as a security measure or backup verification system, this allows the fraudster to take over other accounts of yours. Sometimes this involves people inside the phone companies. Phone companies have added security measures since this attack became popular and public, but a new study [...] --------------------------------------------- https://www.schneier.com/blog/archives/2020/01/sim_hijacking.html ∗∗∗ Realistic Factory Honeypot Shows Threats Faced by Industrial Organizations ∗∗∗ --------------------------------------------- Trend Micro researchers have set up a factory honeypot and found that industrial organizations should be more concerned about attacks launched by profit-driven cybercriminals rather than the threat posed by sophisticated state-sponsored groups. --------------------------------------------- https://www.securityweek.com/realistic-factory-honeypot-shows-threats-faced… ∗∗∗ Vorsicht vor betrügerischen Microsoft-Anrufen ∗∗∗ --------------------------------------------- Aktuell geben sich Kriminelle wieder als Microsoft-MitarbeiterInnen aus und rufen beliebige Telefonnummern an. Angeblich gäbe es ein Problem mit Ihrem Computer. Dieses wollen die betrügerischen AnruferInnen nun mit Ihnen gemeinsam beheben. Legen Sie sofort auf, Kriminelle wollen sich Zugang auf Ihren Computer verschaffen und sensible Benutzerdaten abgreifen. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-betruegerischen-microso… ∗∗∗ Antivirus vendors push fixes for EFS ransomware attack method ∗∗∗ --------------------------------------------- Signature-based software may not be enough to protect Microsoft’s Windows EFS against evolving ransomware families. --------------------------------------------- https://www.zdnet.com/article/antivirus-vendors-scramble-to-fix-new-efs-ran… ===================== = Vulnerabilities = ===================== ∗∗∗ Samba Releases Security Updates ∗∗∗ --------------------------------------------- The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2019-14902, CVE-2019-14907, and CVE-2019-19344 and apply the necessary updates and workarounds. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2020/01/21/samba-releases-sec… ∗∗∗ CVE-2019-19886 – HIGH – DoS against libModSecurity 3 ∗∗∗ --------------------------------------------- The ModSecurity 3.0.x release line suffers from a Denial of Service vulnerability after triggering a segmentation fault on the webserver when parsing a malformed cookie header. All users of ModSecurity 3.0.0 – 3.0.3 should update to ModSecurity 3.0.4 as soon as possible. --------------------------------------------- https://coreruleset.org/20200118/cve-2019-19886-high-dos-against-libmodsecu… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (openconnect), Fedora (e2fsprogs, glibc, kernel, and nss), openSUSE (Mesa, php7, and slurm), Oracle (.NET Core, java-1.8.0-openjdk, java-11-openjdk, and thunderbird), Red Hat (java-1.8.0-openjdk, openvswitch, and openvswitch2.11), Scientific Linux (java-1.8.0-openjdk), SUSE (java-11-openjdk, libssh, libvpx, Mesa, and thunderbird), and Ubuntu (libbsd and samba). --------------------------------------------- https://lwn.net/Articles/810157/ ∗∗∗ Insufficient Authentication Vulnerability in OSCA Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200121-… ∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ermöglichen Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0062 ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0061 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.01.2020
by Daily end-of-shift report 20 Jan '20

20 Jan '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 17-01-2020 18:00 − Montag 20-01-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Datenleck: Passwörter zu 515.000 Servern und IoT-Geräten veröffentlicht ∗∗∗ --------------------------------------------- Der Betreiber eines DDoS-Dienstes hat eine lange Liste mit Zugangsdaten und IP-Adressen von Servern, Routern und IoT-Geräten veröffentlicht. Die Daten könnten zum Aufbau eines Botnetzwerkes missbraucht werden - oder um die Geräte zu zerstören. --------------------------------------------- https://www.golem.de/news/datenleck-passwoerter-zu-515-000-servern-und-iot-… ∗∗∗ TLS: Netgear verteilt private Schlüssel in Firmware ∗∗∗ --------------------------------------------- Sicherheitsforscher haben private Schlüssel für TLS-Zertifikate veröffentlicht, die Netgear mit seiner Router-Firmware verteilt. Der Hersteller hatte nur wenige Tage Reaktionszeit. Die Forscher lehnen die Praktiken von Netgear prinzipiell ab, was zur Veröffentlichung geführt hat. --------------------------------------------- https://www.golem.de/news/tls-netgear-verteilt-private-schluessel-in-firmwa… ∗∗∗ Jetzt patchen! Erste Sicherheitsupdates für kritische Citrix-Lücke erschienen ∗∗∗ --------------------------------------------- Da Angreifer derzeit eine Lücke in Citrix ADC ausnutzen, sollten Admins die nun verfügbaren Patches umgehend installieren. --------------------------------------------- https://heise.de/-4641774 ∗∗∗ Business in the front, party in the back: backdoors in elastic servers expose private data ∗∗∗ --------------------------------------------- Its all too easy to discover data leaks online, especially in cloud services. We take a look at misconfigurations in elastic servers that lead to exposed data on the Internet. --------------------------------------------- https://blog.malwarebytes.com/threat-spotlight/2020/01/business-in-the-fron… ∗∗∗ Gefälschte A1-Mail greift Kreditkartendaten ab! ∗∗∗ --------------------------------------------- Unzählige KonsumentInnen wenden sich mit gefälschten A1-E-Mails an die Watchlist Internet. Angeblich sind bei der letzten Abrechnung 72,77 Euro zu viel abgebucht worden. Um das Geld zurückzuerhalten, soll ein Rückerstattungsantrag ausgefüllt werden. Betroffene dürfen das keinesfalls tun, denn sonst landen sämtliche Kreditkartendaten in den Händen Krimineller! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-a1-mail-greift-kreditkar… ===================== = Vulnerabilities = ===================== ∗∗∗ Internet Explorer: Zero-Day-Schwachstelle in JScript Scripting Engine ∗∗∗ --------------------------------------------- Im Internet Explorer steckt eine teils als kritisch eingestufte Schwachstelle, die Remote Code Execution erlaubt. Derzeit hilft dagegen nur ein Workaround. --------------------------------------------- https://heise.de/-4641331 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (git, java-11-openjdk, and thunderbird), Debian (cacti, chromium, gpac, kernel, openjdk-11, ruby-excon, and thunderbird), Fedora (chromium and rubygem-rack), Mageia (suricata, tigervnc, and wireshark), openSUSE (glusterfs, libredwg, and uftpd), and Ubuntu (linux-hwe and sysstat). --------------------------------------------- https://lwn.net/Articles/810070/ ∗∗∗ 2J SlideShow < 1.3.40 - Authenticated Arbitrary Plugin Deactivation ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/10034 ∗∗∗ Security Advisory - Path Traversal Vulnerability in Huawei GaussDB ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200120-… ∗∗∗ Security Advisory - Command Injection Vulnerability in GaussDB 200 Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200120-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200120-… ∗∗∗ HPESBST03977 rev.1 - HPE Command View Advanced Edition (CVAE), Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily January 2020