Daily May 2020

daily@lists.cert.at

1 participants
19 discussions

Tageszusammenfassung - 14.05.2020
by Daily end-of-shift report 14 May '20

14 May '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 13-05-2020 18:00 − Donnerstag 14-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ COMpfun authors spoof visa application with HTTP status-based Trojan ∗∗∗ --------------------------------------------- In autumn 2019 we published a story about how a COMpfun successor known as Reductor infected files on the fly to compromise TLS traffic. Later in November 2019 we revealed a new Trojan using the same code base as COMPFun. --------------------------------------------- https://securelist.com/compfun-http-status-based-trojan/96874/ ∗∗∗ Patch Tuesday Revisited - CVE-2020-1048 isnt as "Medium" as MS Would Have You Believe, (Thu, May 14th) ∗∗∗ --------------------------------------------- Looking at our patch Tuesday list, I looked a bit closer at CE-2020-1048 (Print Spooler Privilege Escalation) and Microsoft&#;x26;#;39;s ratings for that one. Microsoft rated this as: --------------------------------------------- https://isc.sans.edu/diary/rss/26124 ∗∗∗ Danger zone! Brit research supercomputer ARCHERs login nodes exploited in cyber-attack, admins reset passwords and SSH keys ∗∗∗ --------------------------------------------- Assault on TOP500-listed machine may have hit Euro HPC too, warn sysops Updated One of Britains most powerful academic supercomputers has fallen victim to a "security exploitation" of its login nodes, forcing the rewriting of all user passwords and SSH keys.… --------------------------------------------- https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/13/uk_arche… ∗∗∗ Vulnerability in Google WordPress Plugin Grants Attacker Search Console Access ∗∗∗ --------------------------------------------- On April 21st, our Threat Intelligence team discovered a vulnerability in Site Kit by Google, a WordPress plugin installed on over 300,000 sites. This flaw allows any authenticated user, regardless of capability, to become a Google Search Console owner for any site running the Site Kit by Google plugin. We filed a security issue report ...Read MoreThe post Vulnerability in Google WordPress Plugin Grants Attacker Search Console Access appeared first on Wordfence. --------------------------------------------- https://www.wordfence.com/blog/2020/05/vulnerability-in-google-wordpress-pl… ===================== = Vulnerabilities = ===================== ∗∗∗ reCAPTCHA v3 - Critical - Access bypass - SA-CONTRIB-2020-019 ∗∗∗ --------------------------------------------- Project: reCAPTCHA v3Date: 2020-May-13Security risk: Critical 18∕25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypassDescription: The reCaptcha v3 module enables you to protect your forms using the Google reCaptcha V3.If the reCaptcha v3 challenge succeeds, all the other form validations are bypassed. This makes it possible for attackers to submit invalid or incomplete forms.This vulnerability only affects forms that are protected by reCaptcha v3 and have --------------------------------------------- https://www.drupal.org/sa-contrib-2020-019 ∗∗∗ Webform - Critical - Access bypass - SA-CONTRIB-2020-018 ∗∗∗ --------------------------------------------- Project: WebformDate: 2020-May-13Security risk: Critical 15∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: This webform module enables you to build a Term checkboxes element.The module doesnt sufficiently check term view access when rendering Term checkboxes elements. Unpublished terms will always appear in the Term checkboxes element.Solution: Install the latest version:If you use the Webform module for Drupal 8.x, upgrade to Webform --------------------------------------------- https://www.drupal.org/sa-contrib-2020-018 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apt and libreswan), Fedora (glpi, grafana, java-latest-openjdk, mailman, and oddjob), Oracle (container-tools:2.0, container-tools:ol8, kernel, libreswan, squid:4, and thunderbird), SUSE (apache2, grafana, and python-paramiko), and Ubuntu (apt and libexif). --------------------------------------------- https://lwn.net/Articles/820520/ ∗∗∗ Security Bulletin: Multiple vulnerabilities have been Identified In WebSphere Liberty Server shipped with IBM Global Mailbox ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in IBM MQ Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Multiple security vulnerabilities have been Identified In Jackson Databind library shipped with IBM Global Mailbox ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Information Disclosure Security Vulnerability Afftects IBM Stering B2B Integrator GPM Web App (CVE-2020-4299) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-se… ∗∗∗ Security Bulletin: Jackson-databind Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-20330) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-security… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jetty Affect IBM Sterling B2B Integrator (CVE-2018-12545, CVE-2019-10241) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Multiple memory corruption vulnerabilities in IBM i2 Analyst's Notebook and IBM i2 Analyst's Notebook Premium ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-memory-corruptio… ∗∗∗ Security Bulletin: Permission security vulnerability exists in IBM Sterling File Gateway (CVE-2020-4259) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-permission-security-vulne… ∗∗∗ Security Bulletin: IBM API Connect is impacted by vulnerabilities in PHP (CVE-2020-7069, CVE-2020-7059) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impact… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.05.2020
by Daily end-of-shift report 13 May '20

13 May '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 12-05-2020 18:00 − Mittwoch 13-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ US govt shares list of most exploited vulnerabilities since 2016 ∗∗∗ --------------------------------------------- US Government cybersecurity agencies and specialists today have released a list of the top 10 routinely exploited security vulnerabilities between 2016 and 2019. --------------------------------------------- https://www.bleepingcomputer.com/news/security/us-govt-shares-list-of-most-… ∗∗∗ Ramsay Malware Targets Air-Gapped Networks ∗∗∗ --------------------------------------------- The cyber-espionage toolkit is under active development. --------------------------------------------- https://threatpost.com/ramsay-malware-air-gapped-networks/155695/ ∗∗∗ Angreifer könnten Symantec Endpoint Protection als Sprungbrett nutzen ∗∗∗ --------------------------------------------- Symantecs Entwickler haben mehrere Sicherheitslücken in Endpoint Protection und Endpoint Protection Manager geschlossen. --------------------------------------------- https://heise.de/-4720697 ∗∗∗ Tinder-Bots betrügen mit scheinbarer Verifizierung ∗∗∗ --------------------------------------------- Internet-BetrügerInnen treiben auch auf Dating-Plattform ihr Unwesen und versuchen den Menschen durch Flirten Geld aus der Tasche zu ziehen. Bei einer dieser Betrugsmaschen geben Fake-Profile auf Tinder vor, dass sie sich sicherer fühlen würden, wenn sich das Tinder-Match verifizieren lässt. Das Opfer dieser Masche erhält einen Link dafür. Doch tatsächlich geht es dabei nicht darum, Vertrauen und Sicherheit vor einem Date herzustellen, [...] --------------------------------------------- https://www.watchlist-internet.at/news/tinder-bots-betruegen-mit-scheinbare… ===================== = Vulnerabilities = ===================== ∗∗∗ Unmittelbar Patchen: Kritische Schwachstelle in SAP® ABAP Systemen (CVE-2020-6262) ∗∗∗ --------------------------------------------- Das SEC Consult Vulnerability Lab hat eine kritische Code-Injection-Schwachstelle (CVE-2020-6262), mit einem CVSSv3 Score von 9.9, in SAP® Service Data Download (ein Teil des SAP® Solution Manager Plugin ST-PI), identifiziert. --------------------------------------------- https://www.sec-consult.com/./blog/2020/05/unmittelbar-patchen-kritische-sc… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (java-1.8.0-openjdk and seamonkey), Gentoo (firefox, lrzip, qemu, squid, and thunderbird), Oracle (thunderbird), Red Hat (buildah, kernel, kernel-alt, kernel-rt, kpatch-patch, podman, python-pip, python-virtualenv, and qemu-kvm), Scientific Linux (kernel), Slackware (mariadb), SUSE (openconnect), and Ubuntu (file, firefox, iproute2, pulseaudio, and squid, squid3). --------------------------------------------- https://lwn.net/Articles/820409/ ∗∗∗ Mai-Patchday: Microsoft schließt 111 Sicherheitslücken ∗∗∗ --------------------------------------------- Es ist der drittgrößte Patchday in der Geschichte des Unternehmens. Anfällig sind unter anderem Windows, SharePoint, Edge und Internet Explorer. Eine Lücke in Windows erlaubt sogar eine Remotecodeausführung mit erweiterten Benutzerrechten. --------------------------------------------- https://www.zdnet.de/88379702/mai-patchday-microsoft-schliesst-111-sicherhe… ∗∗∗ Security Advisory - Out of Bounds Read Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200513-… ∗∗∗ Security Advisory - Integer Overflow Vulnerability in Android affects Several Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200513-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200513-… ∗∗∗ Security Bulletin: [All] Apache Tomcat (core only) (Publicly disclosed vulnerability) CVE-2020-1935, CVE-2019-17569 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-all-apache-tomcat-core-on… ∗∗∗ Security Bulletin: Security Vulnerabilities in IBM® Java SDK Oct 2019 and Jan 2020 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in IBM WebSphere Application Server Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-cast-iron-s… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Information Disclosure Security Vulnerability Exists in IBM Sterling B2B Integrator (CVE-2020-4312) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-se… ∗∗∗ FreeBSD: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0453 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.05.2020
by Daily end-of-shift report 12 May '20

12 May '20

===================== = End-of-Day report = ===================== Timeframe: Montag 11-05-2020 18:00 − Dienstag 12-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Astaroth’s New Evasion Tactics Make It ‘Painful to Analyze’ ∗∗∗ --------------------------------------------- The infostealer has gone above and beyond in its new anti-analysis and obfuscation tactics. --------------------------------------------- https://threatpost.com/astaroths-evasion-tactics-painful-analyze/155633/ ∗∗∗ Anubis Malware Upgrade Logs When Victims Look at Their Screens ∗∗∗ --------------------------------------------- Threat actors are cooking up new features for the sophisticated banking trojan that targets Google Android apps and devices. --------------------------------------------- https://threatpost.com/anubis-malware-upgrade-victims-screens/155644/ ∗∗∗ Analyzing Dark Crystal RAT, a C# backdoor ∗∗∗ --------------------------------------------- [...] The FLARE Team helps augment our threat intelligence by reverse engineering malware samples. Recently, FLARE worked on a new C# variant of Dark Crystal RAT (DCRat) that the threat intel team passed to us. We reviewed open source intelligence and prior work, performed sandbox testing, and reverse engineered the Dark Crystal RAT to review its capabilities [...] --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/05/analyzing-dark-crystal-… ∗∗∗ Profilbesuche auf Facebook erkennen – Geht das? ∗∗∗ --------------------------------------------- Auf Facebook kursiert momentan ein Link, der es angeblich ermöglicht, Profilzugriffe anzuzeigen. Das macht natürlich neugierig. Doch Vorsicht: Sie landen auf einer Phishing-Seite! Kriminelle greifen Ihre Facebook-Login-Daten ab und posten betrügerische Beiträge in Ihrem Namen. Und: Facebook bietet kein Tool an, dass Ihnen anzeigt, wer auf Ihrem Profil war. --------------------------------------------- https://www.watchlist-internet.at/news/profilbesuche-auf-facebook-erkennen-… ∗∗∗ Rückblick auf das erste Drittel 2020 ∗∗∗ --------------------------------------------- Jänner: BMEIA, Shitrix, BlueGate – ein besinnlicher Jahresbeginn Februar: Die (fast) letzten Augenblicke von TLS März und April: COVID-19 oder "Im Cyber nix neues" --------------------------------------------- https://cert.at/de/blog/2020/5/ruckblick-auf-das-erste-drittel-2020 ===================== = Vulnerabilities = ===================== ∗∗∗ Adobe fixes critical vulnerabilities in Acrobat, Reader, and DNG SDK ∗∗∗ --------------------------------------------- Adobe has released security updates for Adobe Acrobat, Reader, and Adobe DNG Software Development Kit that resolve a combined total of thirty-six security vulnerabilities in the three products. --------------------------------------------- https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-vulnera… ∗∗∗ Siemens SSA-352504: Urgent/11 TCP/IP Stack Vulnerabilities in Siemens Power Meters ∗∗∗ --------------------------------------------- Siemens low & high voltage power meters are affected by multiple security vulnerabilities due to the underlying Wind River VxWorks network stack. This stack is affected by eleven vulnerabilities known as the "URGENT/11". --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-352504.txt ∗∗∗ TYPO3 Core version 10.4.2 fixes multiple vulnerabilities ∗∗∗ --------------------------------------------- TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface --------------------------------------------- https://typo3.org/help/security-advisories/typo3-cms ∗∗∗ TYPO3 - vulnerabilities in multiple extensions - 2020-05-12 ∗∗∗ --------------------------------------------- TYPO3-EXT-SA-2020-004: SQL Injection in extension "phpMyAdmin" (phpmyadmin) TYPO3-EXT-SA-2020-005: Multiple vulnerabilities in extension "Direct Mail" (direct_mail) TYPO3-EXT-SA-2020-006: Broken Access Control in extension "gForum" (g_forum) TYPO3-EXT-SA-2020-007: Sensitive Data Exposure in extension "Job Fair" (jobfair) TYPO3-EXT-SA-2020-008: Cross-Site Scripting in "SVG Sanitizer" (svg_sanitizer) --------------------------------------------- https://typo3.org/help/security-advisories/typo3-extensions ∗∗∗ Sicherheitspatches: Online-Foren über vBulletin-Lücke attackierbar ∗∗∗ --------------------------------------------- Es sind mehrere abgesicherte Version der Foren-Software vBulletin erschienen. --------------------------------------------- https://heise.de/-4719217 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (a2ps and qutebrowser), openSUSE (cacti, cacti-spine, ghostscript, and python-markdown2), Oracle (kernel), Red Hat (chromium-browser, libreswan, and qemu-kvm-ma), Scientific Linux (thunderbird), and SUSE (kernel and libvirt). --------------------------------------------- https://lwn.net/Articles/820307/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/2020/05/ ∗∗∗ Bitdefender Antivirus: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0441 ∗∗∗ Exim: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0444 ∗∗∗ Symantec Endpoint Protection: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0443 ∗∗∗ SAP Patchday Mai 2020 ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0442 ∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0449 ∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Manipulation von Dateien ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0448 ∗∗∗ F5 BIG-IP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0445 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.05.2020
by Daily end-of-shift report 11 May '20

11 May '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 08-05-2020 18:00 − Montag 11-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sodinokibi ransomware can now encrypt open and locked files ∗∗∗ --------------------------------------------- The Sodinokibi (REvil) ransomware has added a new feature that makes it easier to encrypt all files, even those that are opened and locked by another process. --------------------------------------------- https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-can-no… ∗∗∗ Thunderspy: Nicht patchbare Sicherheitslücken in Thunderbolt ∗∗∗ --------------------------------------------- Mit einem Schraubendreher und einem SPI-Programmer lassen sich zentrale Sicherheitsfunktionen von Thunderbolt deaktivieren. --------------------------------------------- https://www.golem.de/news/thunderspy-nicht-patchbare-sicherheitsluecken-in-… ∗∗∗ Sphinx Malware Returns to Riddle U.S. Targets ∗∗∗ --------------------------------------------- The banking trojan has upgraded and is seeing a resurgence on the back of coronavirus stimulus payment themes. --------------------------------------------- https://threatpost.com/sphinx-riddle-us-targets-modifications/155621/ ∗∗∗ Lieferzeiten & Zahlung beim Online-Shopping: Das sind Ihre Rechte ∗∗∗ --------------------------------------------- Der Watchlist Internet werden in letzter Zeit vermehrt Online-Shops gemeldet, die zwar nicht unbedingt Fake-Shops sind, sich jedoch durch verzögerte Lieferzeiten nicht an geltende Gesetze halten. Aber welche Rechte haben Sie als Konsumentin oder Konsument eigentlich? Was können Sie machen, wenn sich ein Online-Shop nicht an die vereinbarte Lieferzeit hält? Wann müssen Sie Bestellungen bezahlen? Wie können Sie Ihre Rechte geltend machen? --------------------------------------------- https://www.watchlist-internet.at/news/lieferzeiten-zahlung-beim-online-sho… ∗∗∗ Intel und Microsoft entwickeln Deep-Learning-Technik zur Malware-Analyse ∗∗∗ --------------------------------------------- Das Stamina genannte Projekt wandelt Dateien in Graustufen-Bilder um. Microsoft analysiert die Bilder auf Textur- und Struktur-Muster. Bei Tests erreicht das System eine Genauigkeit von mehr als 99 Prozent. --------------------------------------------- https://www.zdnet.de/88379578/intel-und-microsoft-entwickeln-deep-learning-… ===================== = Vulnerabilities = ===================== ∗∗∗ Vulnerabilities Patched in Page Builder by SiteOrigin Affects Over 1 Million Sites ∗∗∗ --------------------------------------------- On Monday, May 4, 2020, the Wordfence Threat Intelligence team discovered two vulnerabilities present in Page Builder by SiteOrigin, a WordPress plugin actively installed on over 1,000,000 sites. Both of these flaws allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser. --------------------------------------------- https://www.wordfence.com/blog/2020/05/vulnerabilities-patched-in-page-buil… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium and firefox), Debian (libntlm, squid, thunderbird, and wordpress), Fedora (chromium, community-mysql, crawl, roundcubemail, and xen), Mageia (chromium-browser-stable), openSUSE (chromium, firefox, LibVNCServer, openldap2, opera, ovmf, php7, python-PyYAML, rpmlint, rubygem-actionview-5_1, slirp4netns, sqliteodbc, squid, thunderbird, and webkit2gtk3), Oracle (firefox, git, gnutls, kernel, libvirt, squid, and targetcli), Red Hat [...] --------------------------------------------- https://lwn.net/Articles/820196/ ∗∗∗ VMware to Patch Recent Salt Vulnerabilities in vROps ∗∗∗ --------------------------------------------- VMware is working on patches for its vRealize Operations Manager (vROps) product to fix two recently disclosed Salt vulnerabilities that have already been exploited to hack organizations. read more --------------------------------------------- https://www.securityweek.com/vmware-patch-recent-salt-vulnerabilities-vrops ∗∗∗ Data leak, phishing security flaws disclosed in Oracle iPlanet Web Server ∗∗∗ --------------------------------------------- Security patches will not be issued to fix the problems. --------------------------------------------- https://www.zdnet.com/article/data-leak-phishing-security-flaws-exposed-in-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200506-… ∗∗∗ Security Bulletin: CVE-2019-4667 Lack of Built in HSTS option ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4667-lack-of-bui… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: A Security Vulnerability in IBM Java Runtime affects IBM Cloud Private (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Private – Node.js (CVE-2019-15605, CVE-2019-15606) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-cast-iron-s… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-17495) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cloud Private ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.05.2020
by Daily end-of-shift report 08 May '20

08 May '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 07-05-2020 18:00 − Freitag 08-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Blue Mockingbird Monero-Mining Campaign Exploits Web Apps ∗∗∗ --------------------------------------------- The cybercriminals are using a deserialization vulnerability, CVE-2019-18935, to achieve remote code execution before moving laterally through the enterprise. --------------------------------------------- https://threatpost.com/blue-mockingbird-monero-mining/155581/ ∗∗∗ Navigating the MAZE: Tactics, Techniques and Procedures Associated WithMAZE Ransomware Incidents ∗∗∗ --------------------------------------------- Targeted ransomware incidents have brought a threat of disruptive and destructive attacks to organizations across industries and geographies. FireEye Mandiant Threat Intelligence has previously documented this threat in our investigations of trends across ransomware incidents, FIN6 activity, implications for OT networks, and other aspects of post-compromise ransomware deployment. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-proc… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, salt, and webkit2gtk), Fedora (firefox, mingw-gnutls, nss, and teeworlds), Mageia (firefox, libvncserver, matio, qt4, roundcubemail, samba, thunderbird, and vlc), Oracle (firefox and squid), SUSE (firefox, ghostscript, openldap2, rmt-server, syslog-ng, and webkit2gtk3), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/819969/ ∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0436 ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerabilities exist in IBM Data Risk Manager (CVE-2020-4427, CVE-2020-4428, CVE-2020-4429, and CVE-2020-4430) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-exist-in-… ∗∗∗ Security Bulletin: Security vulnerabilities in Dojo and jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple security vulnerabilities in Swagger UI affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.05.2020
by Daily end-of-shift report 07 May '20

07 May '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 06-05-2020 18:00 − Donnerstag 07-05-2020 18:00 Handler: n/a Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Gefährliche Schadsoftware-Mail im Namen von A1 ∗∗∗ --------------------------------------------- Nehmen Sie sich vor einer gefälschten A1-Mail mit dem Betreff *Wichtige Mitteilung* in Acht. Es handelt sich um eine Nachricht, die von Kriminellen verschickt wird, die Schadsoftware auf Ihrem Smartphone installieren wollen. Wenn Sie den Aufforderungen nachkommen, können die VerbrecherInnen sensible Daten von Ihrem Mobiltelefon stehlen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaehrliche-schadsoftware-mail-im-n… ∗∗∗ Large scale Snake Ransomware campaign targets healthcare, more ∗∗∗ --------------------------------------------- The operators of the Snake Ransomware have launched a worldwide campaign of cyberattacks that have infected numerous businesses and at least one health care organization over the last few days. --------------------------------------------- https://www.bleepingcomputer.com/news/security/large-scale-snake-ransomware… ∗∗∗ Cisco Webex phishing uses fake cert errors to steal credentials ∗∗∗ --------------------------------------------- A highly convincing series of phishing attacks are using fake certificate error warnings with graphics and formatting lifted from Cisco Webex emails to steal users account credentials. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisco-webex-phishing-uses-fa… ∗∗∗ Keep your IR on the Ball ∗∗∗ --------------------------------------------- Even with the myriad of security tools we have at our disposal today, cybercriminals are still able to penetrate our networks. Is it really necessary to have a Cyber Incident Response Plan in place? --------------------------------------------- https://www.domaintools.com/resources/blog/keep-your-ir-on-the-ball ∗∗∗ How a favicon delivered a web credit card skimmer to victims ∗∗∗ --------------------------------------------- Cyber crooks deploying web credit card skimmers on compromised Magento websites have a new trick up their sleeve: favicons that “turn” malicious when victims visit a checkout page. --------------------------------------------- https://www.helpnetsecurity.com/2020/05/07/favicons-card-skimmers/ ∗∗∗ Combined Attack on Elementor Pro and Ultimate Addons for Elementor Puts 1 Million Sites at Risk ∗∗∗ --------------------------------------------- On May 6, 2020, our Threat Intelligence team received reports of active exploitation of vulnerabilities in two related plugins, Elementor Pro and Ultimate Addons for Elementor. We have reviewed the log files of compromised sites to confirm this activity. As this is an active attack, we wanted to alert you so that you can take [...] --------------------------------------------- https://www.wordfence.com/blog/2020/05/combined-attack-on-elementor-pro-and… ===================== = Vulnerabilities = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB20-24) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB20-24) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, May 12, 2020. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well as the Adobe PSIRT Blog. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1869 ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- Cisco has released 34 Security Advisories for multiple products on 2020-05-06. 12 rated "High" 22 rated "Medium" --------------------------------------------- https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&first… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, keystone, mailman, and tomcat9), Fedora (ceph, firefox, java-1.8.0-openjdk, libldb, nss, samba, seamonkey, and suricata), Oracle (kernel), Scientific Linux (firefox and squid), SUSE (libvirt, php7, slirp4netns, and webkit2gtk3), and Ubuntu (linux-firmware and openldap). --------------------------------------------- https://lwn.net/Articles/819761/ ∗∗∗ For six years Samsung smartphone users have been at risk from critical security bug. Patch now ∗∗∗ --------------------------------------------- Samsung has released a security update for its popular Android smartphones which includes a critical fix for a vulnerability that affects all devices sold by the manufacturer since 2014. --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/six-yea… ∗∗∗ Joomla: Schwachstelle ermöglicht SQL-Injection ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0425 ∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0424 ∗∗∗ [webapps] Draytek VigorAP 1000C - Persistent Cross-Site Scripting ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/48436 ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics Subscription ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Node.js affects IBM App Connect Enterprise V11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability CVE-2020-8492 in Python affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2020-84… ∗∗∗ Security Bulletin: Vulnerability CVE-2019-18348 in Python affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2019-18… ∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-2949-may-affect-… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics Subscription ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssh-… ∗∗∗ Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2019-1551 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-for-hp-nonst… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.05.2020
by Daily end-of-shift report 06 May '20

06 May '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 05-05-2020 18:00 − Mittwoch 06-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Vorsicht: Betrügerische FinanzOnline E-Mails im Umlauf ∗∗∗ --------------------------------------------- „Ihre Steuerrückerstattung von 1.850 EUR wurde zurückerstattet“ heißt es in einer E-Mail, angeblich vom Finanzamt. Doch Vorsicht: Dieses E-Mail stammt nicht vom Finanzamt, sondern von Kriminellen. Klicken Sie keinesfalls auf den Link, Sie landen auf einer gefälschten FinanzOnline-Seite. Kriminelle stehlen mit dieser nachgebauten FinanzOnline-Website sensible Daten! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-betruegerische-finanzonline… ∗∗∗ Least Privilege: The Most Effective Approach to Endpoint Security ∗∗∗ --------------------------------------------- I always try to remind people that the principle of least privilege is not just about security, but about productivity as well. I have multiple customers who have decreased the number of tickets to their service desk by a whopping 75% by getting rid of end-user admin rights. --------------------------------------------- https://www.beyondtrust.com/blog/entry/least-privilege-the-most-effective-a… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libmicrodns and salt), Debian (graphicsmagick, salt, sqlite3, and wordpress), Fedora (java-11-openjdk), openSUSE (chromium and sqliteodbc), Red Hat (firefox, squid, and squid:4), Slackware (firefox and thunderbird), SUSE (ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, [...] --------------------------------------------- https://lwn.net/Articles/819600/ ∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Private – Go (CVE-2019-16276) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM Maximo Anywhere does not have device jailbreak detection. (CVE-2019-4266) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-anywhere-does-… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect for Enterprise Resource Planning on Windows (CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Information disclosure vulnerability affecting IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4446 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: Potential spoofing attack in Webshere Application Server (CVE-2020-4421) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-spoofing-attack… ∗∗∗ Security Bulletin: IBM InfoSphere QualityStage is affected by a Cross-site scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-qualitysta… ∗∗∗ HPESBHF03966 rev.1 - HPE Servers with certain Intel Core and Xeon Processors System Memory Management (SMM), Local Disclosure of Privileged Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03934 rev.1 - HPE CloudLIne servers using AMI BMC Remote Unauthorized Disclosure of Information, Unauthorized Modification and Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03961 rev.1 - Certain HPE Servers with 6th Generation Intel Core Processors and greater supporting SGX and TXT, Local Disclosure of Privileged Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.05.2020
by Daily end-of-shift report 05 May '20

05 May '20

===================== = End-of-Day report = ===================== Timeframe: Montag 04-05-2020 18:00 − Dienstag 05-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Weitere Zero-Day-Schwachstelle in iOS: Apps können aus Sandbox ausbrechen ∗∗∗ --------------------------------------------- Mit manipulierten XML-Kommentaren ist es Apps auf iPhone und iPad offenbar möglich, sich ungehindert beliebige Berechtigungen einzuräumen. --------------------------------------------- https://heise.de/-4714373 ∗∗∗ Dell OS Recovery: Lücke in älteren Wiederherstellungs-Images für Windows 10 ∗∗∗ --------------------------------------------- Client-Systeme von Dell, auf denen Windows 10 mit einem älteren Recovery-Image wiederhergestellt wurde, benötigen ein Sicherheitsupdate. --------------------------------------------- https://heise.de/-4714810 ∗∗∗ New VCrypt Ransomware locks files in password-protected 7ZIPs ∗∗∗ --------------------------------------------- A new ransomware called VCrypt is targeting French victims by utilizing the legitimate 7zip command-line program to create password-protected archives of data folders. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-vcrypt-ransomware-locks-… ∗∗∗ LockBit ransomware self-spreads to quickly encrypt 225 systems ∗∗∗ --------------------------------------------- A feature of the LockBit ransomware allows threat actors to breach a corporate network and deploy their ransomware to encrypt hundreds of devices in just a few hours. --------------------------------------------- https://www.bleepingcomputer.com/news/security/lockbit-ransomware-self-spre… ∗∗∗ Airplane Hack Exposes Weaknesses of Alert and Avoidance Systems ∗∗∗ --------------------------------------------- Researchers warn commercial airplane systems can be spoofed impacting flight safety of nearby aircraft. --------------------------------------------- https://threatpost.com/airplane-hack-exposes-weaknesses-of-alert-and-avoida… ∗∗∗ New Kaiji Botnet Targets IoT, Linux Devices ∗∗∗ --------------------------------------------- The botnet uses SSH brute-force attacks to infect devices and uses a custom implant written in the Go Language. --------------------------------------------- https://threatpost.com/kaiji-botnet-iot-linux-devices/155463/ ∗∗∗ Nearly a Million WP Sites Targeted in Large-Scale Attacks ∗∗∗ --------------------------------------------- Our Threat Intelligence Team has been tracking a sudden uptick in attacks targeting Cross-Site Scripting(XSS) vulnerabilities that began on April 28, 2020 and increased over the next few days to approximately 30 times the normal volume we see in our attack data. The majority of these attacks appear to be caused by a single threat [...] --------------------------------------------- https://www.wordfence.com/blog/2020/05/nearly-a-million-wp-sites-targeted-i… ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: Google macht verschiedene Android-Versionen sicherer ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für Android. Zwei Lücken gelten als kritisch. --------------------------------------------- https://heise.de/-4714596 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ansible, ntp, and roundcube), Fedora (libldb and samba), Mageia (chromium-browser-stable, crawl, dolphin-emu, exiv2, fortune-mod, gnuchess, kernel, libsndfile, openexr, openldap, openvpn, qtbase5, ruby-json, squid, teeworlds, and webkit2), Red Hat (sqlite), and SUSE (icu, mailman, nginx, rmt-server, rpmlint, and rubygem-actionview-5_1). --------------------------------------------- https://lwn.net/Articles/819517/ ∗∗∗ Citrix ShareFile storage zones Controller multiple security updates ∗∗∗ --------------------------------------------- Security issues have been identified in customer-managed Citrix ShareFile storage zone controllers. These vulnerabilities, if exploited, would allow an unauthenticated attacker to compromise the storage zones controller potentially giving an attacker the ability to access ShareFile users’ documents and folders. --------------------------------------------- https://support.citrix.com/article/CTX269106 ∗∗∗ Security Bulletin: Java Vulnerability Impacts IBM Control Center (CVE-2019-4723) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerability-impact… ∗∗∗ Security Bulletin: Vulnerability in Ubuntu affects IBM Workload Scheduler 9.5 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ubuntu-a… ∗∗∗ Security Bulletin: Muluple vulnerabilities in Ubuntu affect IBM Workload Scheduler 9.5 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-muluple-vulnerabilities-i… ∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Automation Manager – Go (CVE-2019-17596) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Vulnerability in Ubuntu affects IBM Workload Scheduler 9.5 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ubuntu-a… ∗∗∗ Security Bulletin: Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-denial-of-servi… ∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Automation Manager – Node.js (CVE-2019-10747) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-denial-of-servi… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in Ubuntu affect IBM Workload Scheduler 9.5 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Digital Payments (CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.05.2020
by Daily end-of-shift report 04 May '20

04 May '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 30-04-2020 18:00 − Montag 04-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ New phishing campaign packs an info-stealer, ransomware punch ∗∗∗ --------------------------------------------- A new phishing campaign is distributing a double-punch of a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-phishing-campaign-packs-… ∗∗∗ Jetzt patchen! Angreifer attackieren Oracle WebLogic Server ∗∗∗ --------------------------------------------- Derzeit haben es Angreifer unter anderem auf eine kritische Sicherheitslücke in Oracle WebLogic Server abgesehen. --------------------------------------------- https://heise.de/-4713619 ∗∗∗ Power Supply Can Turn Into Speaker for Data Exfiltration Over Air Gap ∗∗∗ --------------------------------------------- A researcher has demonstrated that threat actors could exfiltrate data from an air-gapped device over an acoustic channel even if the targeted machine does not have any speakers, by abusing the power supply. --------------------------------------------- https://www.securityweek.com/power-supply-can-turn-speaker-data-exfiltratio… ∗∗∗ Vorsicht vor gefährlichen VPN-Diensten ∗∗∗ --------------------------------------------- VPN-Dienste sind momentan gefragt wie nie zuvor. „Virtuelle private Netzwerke“ erhalten besonders durch verstärktes Home-Office Zulauf. Sie ermöglichen beispielsweise sicheren Zugriff auf Firmennetzwerke von zu Hause aus. Doch Vorsicht: Die hohe Nachfrage wird von Kriminellen ausgenützt. Sie kopieren Websites echter VPN-Dienste und laden gefährliche Schadsoftware auf die Systeme ihrer Opfer! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-gefaehrlichen-vpn-diens… ∗∗∗ CursedChrome turns your browser into a hackers proxy ∗∗∗ --------------------------------------------- CursedChrome shows how hackers can take full control over your Chrome browser using just one extension. --------------------------------------------- https://www.zdnet.com/article/cursedchrome-turns-your-browser-into-a-hacker… ∗∗∗ Angriffe auf Salt, LineageOS, Ghost und Digicert ∗∗∗ --------------------------------------------- Hacker nutzen Schwachstellen aus, um Systeme zu attackieren. Im Blickpunkt stehen aktuell der SaltStack, das Handy-Betriebssystem LineageOS, die Bloggerplattform Ghost und der Zertifizierungsanbieter Digicert. --------------------------------------------- https://www.zdnet.de/88379335/angriffe-auf-salt-lineageos-ghost-und-digicer… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (git, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, python-twisted-web, and thunderbird), Debian (dom4j, miniupnpc, otrs2, pound, ruby2.1, vlc, w3m, and yodl), Fedora (git, java-latest-openjdk, mingw-libxml2, php-horde-horde, pxz, sqliteodbc, and xen), Gentoo (cacti, django, fontforge, and libu2f-host), openSUSE (cacti, cacti-spine, chromium, python-typed-ast, and salt), Red Hat (gnutls and kernel), SUSE (kernel), and Ubuntu (edk2). --------------------------------------------- https://lwn.net/Articles/819200/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mailman, openldap, pound, tomcat8, and trafficserver), Fedora (chromium, java-11-openjdk, kernel, openvpn, pxz, and rubygem-json), openSUSE (apache2, bouncycastle, chromium, git, python-typed-ast, resource-agents, ruby2.5, samba, squid, webkit2gtk3, and xen), Slackware (seamonkey), SUSE (LibVNCServer and permissions), and Ubuntu (mysql-5.7, mysql-8.0). --------------------------------------------- https://lwn.net/Articles/819394/ ∗∗∗ TP-Link Patches Multiple Vulnerabilities in NC Cloud Cameras ∗∗∗ --------------------------------------------- TP-Link has released firmware updates to address several vulnerabilities in its NC series cloud cameras, including bugs that could lead to the remote execution of arbitrary commands. --------------------------------------------- https://www.securityweek.com/tp-link-patches-multiple-vulnerabilities-nc-cl… ∗∗∗ Synology-SA-20:11 SRM ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to conduct denial-of-service attacks via a susceptible version of SRM. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_11 ∗∗∗ Synology-SA-20:10 WordPress ∗∗∗ --------------------------------------------- Multiple vulnerabilities allow remote attackers to inject arbitrary web script or HTML via a susceptible version of WordPress. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_10 ∗∗∗ Security Bulletin: Vulnerability in Xerces-C (CVE-2018-1311) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-xerces-c… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: OpenSSL disclosed vulnerability affects MessageGatweay (CVE-2020-1967) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-disclosed-vulnera… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect for Enterprise Resource Planning on Windows (CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Windows DLL injection vulnerability in IBM Java Runtime affects Collaboration and Deployment Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-windows-dll-injection-vul… ∗∗∗ Security Bulletin: IBM MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2019-1551 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-ser… ∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-we… ∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0409 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily May 2020