Daily August 2020

daily@lists.cert.at

1 participants
21 discussions

Tageszusammenfassung - 17.08.2020
by Daily end-of-shift report 17 Aug '20

17 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 14-08-2020 18:00 − Montag 17-08-2020 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Microsoft fixes actively exploited Windows bug reported 2 years ago ∗∗∗ --------------------------------------------- Microsoft fixed a Windows security vulnerability two years after it was reported. This articles provides greater detail about the bug and how it works.(CVE-2020-1464) --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-fixes-actively-exp… ∗∗∗ Potential Apache Struts 2 RCE flaw fixed, PoCs released ∗∗∗ --------------------------------------------- Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability (CVE-2019-0230) and PoC exploits for it have been published. --------------------------------------------- https://www.helpnetsecurity.com/2020/08/17/cve-2019-0230/ ∗∗∗ RevoLTE: Telefonanrufe ließen sich trotz Verschlüsselung abhören ∗∗∗ --------------------------------------------- Sicherheitsforscher zeigen grundlegendes Defizit auf – Mobilfunker haben angeblich bereits nachgebessert --------------------------------------------- https://www.derstandard.at/story/2000119401327/revolte-telefonanrufe-liesse… ∗∗∗ Goodbye EmoCrash - Schwachstelle in Emotet gefixed ∗∗∗ --------------------------------------------- Eine Schwachstelle im Code von Emotet ("EmoCrash" genannt) wurde seit geraumer Zeit in der Security Community als Präventionsmaßnahme gegenEmotet Infektionen verteilt. Die bisher einer breiten Öffentlichkeit nicht bekannte Schwachstelle in der Installationsroutine von Emotet konnte wirksamen Schutz vor einer Infektion bieten, in dem ein Buffer Overflow im Code dieser Routine ausgenutzt wurde um Emotet abstürzen zu lassen. --------------------------------------------- https://cert.at/de/aktuelles/2020/8/godbye-emocrash-schwachstelle-in-emotet… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (squid3), Fedora (lilypond and python3), openSUSE (xen), SUSE (libreoffice, libvirt, webkit2gtk3, xen, and xerces-c), and Ubuntu (apache2). --------------------------------------------- https://lwn.net/Articles/828811/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dovecot, htmlunit, jruby, libetpan, lucene-solr, net-snmp, and posgresql-9.6), Fedora (firefox, nss, qt, and thunderbird), Mageia (glib-networking, mumble, webkit2, and znc), openSUSE (balsa, chromium, firejail, hylafax+, libreoffice, libX11, perl-XML-Twig, thunderbird, wireshark, and xrdp), Red Hat (libvncserver), SUSE (libvirt and perl-PlRPC), and Ubuntu (dovecot and salt). --------------------------------------------- https://lwn.net/Articles/828945/ ∗∗∗ Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential information disclosure id 177835 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-man… ∗∗∗ Security Bulletin: LDAP vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ldap-vulnerability-affect… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.08.2020
by Daily end-of-shift report 14 Aug '20

14 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 13-08-2020 18:00 − Freitag 14-08-2020 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Definition of overkill - using 130 MB executable to hide 24 kB malware, (Fri, Aug 14th) ∗∗∗ --------------------------------------------- One of our readers, Lukas, shared an unusual malicious executable with us earlier this week - one that was 130 MB in size. Making executables extremely large is not an uncommon technique among malware authors[1], as it allows them to easily avoid detection by most AV solutions, since the size of files which AVs will check is usually fairly low (tens of megabytes at most). --------------------------------------------- https://isc.sans.edu/diary/rss/26464 ∗∗∗ XCSSET: Mac-Malware infiziert Xcode-Projekte ∗∗∗ --------------------------------------------- Der Schädling setzt auf 0-day-Exploits, um Nutzerdaten zu klauen. Manipulierte Xcode-Projekte finden über Github Verbreitung, warnt eine Sicherheitsfirma. --------------------------------------------- https://heise.de/-4870987 ∗∗∗ Chrome extensions that lie about their permissions ∗∗∗ --------------------------------------------- Users have learned to review the list of permissions Chrome extensions require before installing them from the webstore. But whats the use if they lie to you? --------------------------------------------- https://blog.malwarebytes.com/puppum/2020/08/chrome-extensions-that-lie-abo… ∗∗∗ Vorsicht vor Handwerks-Notdiensten mit der Telefonnummer 06608643901! ∗∗∗ --------------------------------------------- Bei einem Wasserrohrbruch, einem Gasgebrechen oder bei einem Stromausfall, muss meist schnell eine Expertin oder ein Experte her. Für die Überprüfung eines Installations- oder Elektrik-Notdienstes bleibt da oft keine Zeit mehr. Das nützen unseriöse Unternehmen aus: Sie bieten online einen Notdienst an, kommen auch tatsächlich, aber stellen im Nachhinein viel zu überhöhte Kosten in Rechnung. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-handwerks-notdiensten-m… ∗∗∗ Mekotio: These aren’t the security updates you’re looking for… ∗∗∗ --------------------------------------------- Another in our occasional series demystifying Latin American banking trojans The post Mekotio: These aren’t the security updates you’re looking for… appeared first on WeLiveSecurity --------------------------------------------- https://www.welivesecurity.com/2020/08/13/mekotio-these-arent-the-security-… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Microsofts Multi-Faktor-Authentifizierung umgangen ∗∗∗ --------------------------------------------- Eigentlich sollten Microsofts Onlinedienste mit Fido-Stick und PIN geschützt sein - doch zwei Entwickler konnten die PIN-Abfrage umgehen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-microsofts-multi-faktor-authent… ∗∗∗ Critical Vulnerabilities Patched in Quiz and Survey Master Plugin ∗∗∗ --------------------------------------------- On July 17, 2020, our Threat Intelligence team discovered two vulnerabilities in Quiz and Survey Master (QSM), a WordPress plugin installed on over 30,000 sites. These flaws made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution, as well as delete arbitrary files like a site’s wp-config.php file [...] --------------------------------------------- https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime may affect Tivoli Netcool Performance Manager for Wireless,Oracle January 2020 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: jackson-databind (Publicly disclosed vulnerability) found in Network Performance Insight (CVE-2020-8840) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-publicly… ∗∗∗ Security Bulletin: Netcool Operations Insight – Cloud Native Event Analytics is affected by a International Components for Unicode (ICU) for C/C++ vulnerability (CVE-2020-10531) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insigh… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio July 2020 CPU plus deferred CVE-2019-2590 and CVE-2020-2601 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A vulnerability exists in the Event Streams 10.0.0 schema registry that allows unauthorised access to create, edit and delete schemas (CVE-2020-4662) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4589) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Apache Struts: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0824 ∗∗∗ PostgreSQL: Mehrere Schwachstellen ermöglichen Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0825 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.08.2020
by Daily end-of-shift report 13 Aug '20

13 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 12-08-2020 18:00 − Donnerstag 13-08-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Avaddon: The Latest RaaS (Ransomware-as-a-Service) to Jump on the Extortion Bandwagon ∗∗∗ --------------------------------------------- As of August 8th, Avaddon ransomware authors launched an extortion site in an effort to further incentivize victims to pay the ransom. Tarik Saleh dissects this ransomware, analyzes victimology, and provides more details on the extortion site. --------------------------------------------- https://www.domaintools.com/resources/blog/avaddon-the-latest-raas-to-jump-… ∗∗∗ MMS Exploit Part 5: Defeating Android ASLR, Getting RCE ∗∗∗ --------------------------------------------- Posted by Mateusz Jurczyk, Project Zero. This post is the fifth and final of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-5-defeating… ∗∗∗ To the Brim at the Gates of Mordor Pt. 1, (Wed, Aug 12th) ∗∗∗ --------------------------------------------- Search & Analyze Mordor APT29 PCAPs with Brim --------------------------------------------- https://isc.sans.edu/diary/rss/26456 ∗∗∗ Color by numbers: inside a Dharma ransomware-as-a-service attack ∗∗∗ --------------------------------------------- Dharma, a family of ransomware first spotted in 2016, continues to be a threat to many organizations—especially small and medium-sized businesses. Part of the reason for its longevity is that its variants have become the basis for ransomware-as-a-service (RaaS) operations. --------------------------------------------- https://news.sophos.com/en-us/2020/08/12/color-by-numbers-inside-a-dharma-r… ∗∗∗ Attribution: A Puzzle ∗∗∗ --------------------------------------------- The attribution of cyber attacks is hard. It requires collecting diverse intelligence, analyzing it and deciding who is responsible. Rarely does the evidence available to researchers reach a level of proof that would be acceptable in a court of law. Nevertheless, the private sector rises to the challenge to attempt to associate cyber attacks to threat actors using the intelligence available to them. --------------------------------------------- https://blog.talosintelligence.com/2020/08/attribution-puzzle.html ∗∗∗ Kriminelle versuchen durch seriöse Programme Schadsoftware zu verbreiten! ∗∗∗ --------------------------------------------- Die meisten Menschen vertrauen bekannten Softwareherstellerinnen und -herstellern, wenn diese eine App, ein Programm oder ein anderes Produkt aktualisieren oder ein neues Produkt auf den Markt bringen. Doch genau dieses Vertrauen nutzen Kriminelle bei sogenannten „Supply-Chain-Angriffen“ aus. --------------------------------------------- https://www.watchlist-internet.at/news/kriminelle-versuchen-durch-serioese-… ===================== = Vulnerabilities = ===================== ∗∗∗ Amazon: Sicherheitslücke konnte Alexa-Sprachbefehle verraten ∗∗∗ --------------------------------------------- Mit einem präparierten Link konnte eine Sicherheitslücke in Amazons Infrastruktur ausgenutzt und auf fremde Alexa-Daten zugegriffen werden. --------------------------------------------- https://www.golem.de/news/amazon-sicherheitsluecke-konnte-alexa-sprachbefeh… ∗∗∗ Cybercriminals Are Infiltrating Netgear Routers with Ancient Attack Methods ∗∗∗ --------------------------------------------- It would be heartening to think that cybersecurity has advanced since the 1990s, but some things never change. Vulnerabilities that some of us first saw in 1996 are still with us. --------------------------------------------- https://www.tripwire.com/state-of-security/featured/cybercriminals-infiltra… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dovecot and roundcube), Fedora (python36), Gentoo (chromium), openSUSE (ark, firefox, go1.13, java-11-openjdk, libX11, wireshark, and xen), Red Hat (bind and kernel), SUSE (libreoffice and python36), and Ubuntu (dovecot and software-properties). --------------------------------------------- https://lwn.net/Articles/828683/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (linux-4.19, linux-latest-4.19, and openjdk-8) and Fedora (ark and hylafax+). --------------------------------------------- https://lwn.net/Articles/828744/ ∗∗∗ Security Advisory - Insufficient Authentication Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200812-… ∗∗∗ Security Advisory - Code Execution Vulnerability in Fastjson Affect Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200812-… ∗∗∗ Security Bulletin: Db2 vulnerabilities affect IBM Spectrum Protect Server (CVE-2020-4230, CVE-2020-4135, CVE-2020-4204, CVE-2020-4200) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-db2-vulnerabilities-affec… ∗∗∗ Security Bulletin: Security vulnerability has been identified in BigFix Platform shipped with IBM License Metric Tool. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-ha… ∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2020-9327) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlit… ∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2020-11655, CVE-2020-11656) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlit… ∗∗∗ Security Bulletin: Apache-Log4j (Publicly disclosed vulnerability) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-publicly-dis… ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server (CVE-2020-2593, CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to path traversal (CVE-2019-4582) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center and Client Management Service (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-webs… ∗∗∗ Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: A vulnerability in Faster-XML jackson databind affects IBM Operations Analytics Predictive Insights (CVE-2019-144892, CVE-2019-144893) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-faster… ∗∗∗ Sophos XG Firewall: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0823 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.08.2020
by Daily end-of-shift report 12 Aug '20

12 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 11-08-2020 18:00 − Mittwoch 12-08-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ CEO Fraud via WhatsApp und Sprachnachrichten ∗∗∗ --------------------------------------------- CEO Fraud läuft in den meisten bekannten Fällen via E-Mail ab: Kriminelle geben sich gegenüber MitarbeiterInnen mit Überweisungsrecht als CEO/CFO/etc. aus und verlangen, dass unverzüglich und ohne Rücksprache mit anderen eine hohe Summe auf ein Bankkonto (vorzugsweise im Ausland) transferiert werden muss, um einen extrem wichtigen Deal zu fixieren. --------------------------------------------- https://cert.at/de/aktuelles/2020/8/ceo-fraud-via-whatsapp-und-sprachnachri… ∗∗∗ Mobilfunk: LTE-Anrufe ließen sich trotz Verschlüsselung abhören ∗∗∗ --------------------------------------------- Je länger das Opfer in der Leitung bleibt, desto mehr lässt sich von vorherigen Gesprächen rekonstruieren. --------------------------------------------- https://www.golem.de/news/mobilfunk-lte-anrufe-liessen-sich-trotz-verschlue… ∗∗∗ Code Injection Schwachstelle in SAP Application Server ABAP – Solution Tools Plugin ST-PI ∗∗∗ --------------------------------------------- SAP ist einer der größten Anbieter für Unternehmenssoftware weltweit. Schwere Sicherheitslücken in SAP Produkten könnten sich gravierend auf die Sicherheit von Unternehmens-IT-Infrastrukturen auswirken. --------------------------------------------- https://sec-consult.com/blog/2020/08/code-injection-schwachstelle-in-sap-ap… ∗∗∗ FIDO2 for Microsoft Online Accounts / Azure AD ∗∗∗ --------------------------------------------- Nowadays a secure password doesnt necessarily mean your account is safe. --------------------------------------------- https://sec-consult.com/en/blog/2020/08/fido2-for-microsoft-online-accounts… ∗∗∗ Hunting for SQL injections (SQLis) and Cross-Site Request Forgeries (CSRFs) in WordPress Plugins ∗∗∗ --------------------------------------------- This is a detailed overview of the bugs found while reviewing the source code of WordPress plugins. I cover 3 reported vulnerabilities (CVE-2020–5766, CVE-2020–5767 and CVE-2020–5768) which can be exploited for information disclosure and sending forged emails. --------------------------------------------- https://medium.com/tenable-techblog/hunting-for-sql-injections-sqlis-and-cr… ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: Microsoft schließt aktiv ausgenutzte Windows- und Browser-Lücken ∗∗∗ --------------------------------------------- Zum Patch Tuesday hat Microsoft unter anderem zwei kritische Sicherheitslücken geschlossen, die bereits für Angriffe missbraucht wurden. --------------------------------------------- https://heise.de/-4868224 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firmware-nonfree, golang-github-seccomp-libseccomp-golang, and ruby-kramdown), Fedora (kernel, libmetalink, and nodejs), openSUSE (go1.13, perl-XML-Twig, and thunderbird), Oracle (kernel, libvncserver, and thunderbird), Red Hat (kernel-rt and python-paunch and openstack-tripleo-heat-templates), SUSE (dpdk, google-compute-engine, libX11, webkit2gtk3, xen, and xorg-x11-libX11), and Ubuntu (nss and samba). --------------------------------------------- https://lwn.net/Articles/828554/ ∗∗∗ QNX-2020-001 Vulnerability in slinger web server Impacts BlackBerry QNX Software Development Platform ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200812-… ∗∗∗ Security Advisory - Improper Interface Design Vulnerability in Huawei Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200812-… ∗∗∗ Security Advisory - Command Injection Vulnerability in FusionCompute ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200812-… ∗∗∗ Security Bulletin: Java vulnerabilities affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerabilities-affe… ∗∗∗ Security Bulletin: A vulnerability in jQuery affects IBM WIoTP MessageGateway (CVE-2020-7656) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-jquery… ∗∗∗ Security Bulletin: IBM i2 Analysts' Notebook and IBM i2 Analysts' Notebook Premium Memory vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analysts-notebook-… ∗∗∗ Security Bulletin: OpenSLP vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openslp-vulnerability-aff… ∗∗∗ Security Bulletin: Incorrect permissions on IBM Spectrum Protect Plus agent files (CVE-2020-4631) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-incorrect-permissions-on-… ∗∗∗ Security Bulletin: Vulnerabilities in Apache Camel's JMX, Apache Camel RabbitMQ and Apache Camel Netty affects IBM Operations Analytics Predictive Insights (CVE-2020-11971, CVE-2020-11972, CVE-2020-11973) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in jQuery affect IBM WIoTP MessageGateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Network Security (NSS) vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-network-security-nss-vuln… ∗∗∗ Security Bulletin: Vulnerabilities in Netty affect IBM Netcool Agile Service Manager (CVE-2020-7238) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in jQuery affect IBM WIoTP MessageGateway (CVE-2020-11023, CVE-2020-11022) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ IPAS: Security Advisories for August 2020 ∗∗∗ --------------------------------------------- https://blogs.intel.com/technology/2020/08/ipas-security-advisories-for-aug… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.08.2020
by Daily end-of-shift report 11 Aug '20

11 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Montag 10-08-2020 18:00 − Dienstag 11-08-2020 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Upgraded Agent Tesla malware steals passwords from browsers, VPNs ∗∗∗ --------------------------------------------- New variants of Agent Tesla remote access Trojan now come with modules dedicated to stealing credentials from applications including popular web browsers, VPN software, as well as FTP and email clients. --------------------------------------------- https://www.bleepingcomputer.com/news/security/upgraded-agent-tesla-malware… ∗∗∗ SBA phishing scams: from malware to advanced social engineering ∗∗∗ --------------------------------------------- SBA loan scams continue to make the rounds targeting small business owners, CEOS, and CFOs. --------------------------------------------- https://blog.malwarebytes.com/scams/2020/08/sba-phishing-scams-from-malware… ∗∗∗ Script-Based Malware: A New Attacker Trend on Internet Explorer ∗∗∗ --------------------------------------------- Script-based malware can be appealing for attackers who want the ability to quickly and easily develop new variants to evade detection. --------------------------------------------- https://unit42.paloaltonetworks.com/script-based-malware/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Acrobat and Reader (APSB20-48) and Adobe Lightroom (APSB20-51). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1908 ∗∗∗ vBulletin fixes ridiculously easy to exploit zero-day RCE bug ∗∗∗ --------------------------------------------- A simple one-line exploit has been published for a zero-day pre-authentication remote code execution (RCE) vulnerability in the vBulletin forum software. --------------------------------------------- https://www.bleepingcomputer.com/news/security/vbulletin-fixes-ridiculously… ∗∗∗ Kritische Updates für Citrix Endpoint Management ∗∗∗ --------------------------------------------- Insgesamt 5 Lücken schließt Citrix; wer eine eigene Installation betreibt, sollte schnell patchen. --------------------------------------------- https://heise.de/-4867952 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (pillow, ruby-kramdown, wpa, and xrdp), Fedora (ark and rpki-client), Gentoo (apache, ark, global, gthumb, and iproute2), openSUSE (chromium, grub2, java-11-openjdk, libX11, and opera), Red Hat (bind, chromium-browser, java-1.7.1-ibm, java-1.8.0-ibm, and libvncserver), SUSE (LibVNCServer, perl-XML-Twig, thunderbird, and xen), and Ubuntu (samba). --------------------------------------------- https://lwn.net/Articles/828476/ ∗∗∗ iCloud for Windows 11.3 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211294 ∗∗∗ iCloud for Windows 7.20 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211295 ∗∗∗ SSA-809841: Buffer Overflow Vulnerability in Third-Party Component pppd ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-809841.txt ∗∗∗ SSA-786743: Code Injection Vulnerability in Advanced Reporting for Desigo CC and ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-786743.txt ∗∗∗ SSA-712518: Information Disclosure Vulnerability (Kr00k) in Industrial Wi-Fi ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-712518.txt ∗∗∗ SSA-388646: Local Privilege Escalation in Automation License Manager ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-388646.txt ∗∗∗ SSA-370042: Cross-Site-Scripting (XSS) in SICAM A8000 RTUs ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-370042.txt ∗∗∗ Security Bulletin: IBM Event Streams is affected by multiple Java vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: IBM Event Streams affected by multiple vulnerabilities in OpenSSL package ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-affecte… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Bind affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: IBM Event Streams is affected by multiple Node.js vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: JQuery as used by IBM QRadar Network Packet Capture is vulnerable to Cross Site Scripting (XSS) (CVE-2020-11023, CVE-2020-11022) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-by-ibm-qra… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: IBM Event Streams is affected by a vulnerability in Apache Commons Compress (CVE-2019-12402) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: IBM Event Streams is affected by a Java vulnerability (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: Information disclosure in WebSphere Liberty (CVE-2020-4329) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Libreswan affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ SAP Patchday August 2020 ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0800 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.08.2020
by Daily end-of-shift report 10 Aug '20

10 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 07-08-2020 18:00 − Montag 10-08-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ DDoS attacks in Q2 2020 ∗∗∗ --------------------------------------------- The second quarter is normally calmer than the first, but this year is an exception. The long-term downward trend in DDoS-attacks has unfortunately been interrupted, and this time we are witnessing an increase. --------------------------------------------- https://securelist.com/ddos-attacks-in-q2-2020/98077/ ∗∗∗ Scanning Activity Include Netcat Listener, (Sat, Aug 8th) ∗∗∗ --------------------------------------------- This activity started on the 5 July 2020 and has been active to this day only scanning against TCP port 81. The GET command is always the same except for the Netcat IP which has changed a few times since it started. If you have a webserver or a honeypot listening on TCP 81, this activity might be contained in your logs. --------------------------------------------- https://isc.sans.edu/diary/rss/26442 ∗∗∗ Scoping web application and web service penetration tests, (Mon, Aug 10th) ∗∗∗ --------------------------------------------- Before starting any penetration test, the most important part is to correctly scope it - this will ensure that both the clients expectations are fulfilled and that enough time is allocated to make sure that the penetration test is correctly performed. --------------------------------------------- https://isc.sans.edu/diary/rss/26448 ∗∗∗ Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts ∗∗∗ --------------------------------------------- A series of ongoing business email compromise (BEC) campaigns that uses spear-phishing schemes on Office 365 accounts has been seen targeting business executives of over 1,000 companies across the world since March 2020. The recent campaigns target senior positions in the United States and Canada. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/water-nue-campa… ∗∗∗ DEF CON 28: Introduction to ACARS ∗∗∗ --------------------------------------------- This post is a companion to the DEF CON 28 video available here: https://www.youtube.com/watch?v=NFS6qNAi0B8 What is ACARS? ACARS (Aircraft Communications Addressing and Reporting System, pronounced ‘ay-cars’) [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/introduction-to-acars/ ∗∗∗ Small and medium‑sized businesses: Big targets for ransomware attacks ∗∗∗ --------------------------------------------- Why are SMBs a target for ransomware-wielding gangs and what can they do to protect themselves against cyber-extortion? --------------------------------------------- https://www.welivesecurity.com/2020/08/07/small-medium-sized-businesses-big… ===================== = Vulnerabilities = ===================== ∗∗∗ Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28 ∗∗∗ --------------------------------------------- Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware as a sub-process of a trusted application. --------------------------------------------- https://thehackernews.com/2020/08/zoom-software-vulnerabilities.html ∗∗∗ TeamViewer: Fernwartungstool wies gefährliche Schwachstelle auf ∗∗∗ --------------------------------------------- Wer TeamViewer unter Windows länger nicht aktualisiert hat, sollte dies zügig nachholen: Eine Schwachstelle erlaubt(e) unter Umständen unbefugte Fernzugriffe. --------------------------------------------- https://heise.de/-4866337 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox, java-1.8.0-openjdk, java-11-openjdk, libvncserver, postgresql-jdbc, and thunderbird), Debian (firejail and gupnp), Fedora (cutter-re, postgresql-jdbc, radare2, and webkit2gtk3), openSUSE (chromium, firefox, kernel, and python-rtslib-fb), Oracle (container-tools:ol8, kernel, and nss and nspr), Scientific Linux (thunderbird), and SUSE (firefox, kernel, postgresql10 and postgresql12, python-ipaddress, and xen). --------------------------------------------- https://lwn.net/Articles/828309/ ∗∗∗ Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2020-4541) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-af… ∗∗∗ Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential information disclosure id 177835 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-man… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server July 2020 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Security vulnerability affects the Lifecycle Query Engine that is shipped with Jazz Reporting Service (CVE-2020-4533) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-af… ∗∗∗ Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential information disclosure id 177835 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-man… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Check Services (CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Security vulnerability affects the Lifecycle Query Engine that is shipped with Jazz Reporting Service (CVE-2020-4539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-af… ∗∗∗ Security Bulletin: Version 10.19.0 of Node.js included in IBM Netcool Operations Insight 1.6.0.x has several security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-version-10-19-0-of-node-j… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.08.2020
by Daily end-of-shift report 07 Aug '20

07 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 06-08-2020 18:00 − Freitag 07-08-2020 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücken: Millionen Smartphones mit Snapdragon-Chip verwundbar ∗∗∗ --------------------------------------------- Der DSP-Prozessor in den weit verbreiteten Snapdragon-Chips von Qualcomm enthält hunderte Sicherheitslücken. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-millionen-smartphones-mit-snap… ∗∗∗ Exploiting Android Messengers with WebRTC: Part 3 ∗∗∗ --------------------------------------------- Posted by Natalie Silvanovich, Project ZeroThis is a three-part series on exploiting messenger applications using vulnerabilities in WebRTC. CVE-2020-6514 discussed in the blog post was fixed on July 14 with these CLs.This series highlights what can go wrong when applications dont apply WebRTC patches and when the communication and notification of security issues breaks down. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messenger… ∗∗∗ Spam and phishing in Q2 2020 ∗∗∗ --------------------------------------------- In Q2 2020, the largest share of spam (51.45 percent) was recorded in April. The average percentage of spam in global email traffic was 50,18%, down by 4.43 percentage points from the previous reporting period. --------------------------------------------- https://securelist.com/spam-and-phishing-in-q2-2020/97987/ ∗∗∗ TA551 (Shathak) Word docs push IcedID (Bokbot), (Fri, Aug 7th) ∗∗∗ --------------------------------------------- I've been tracking malicious Word documents from the TA551 (Shathak) campaign This year, we've seen a lot of Valak malware from TA551, but in recent weeks this campaign has been pushing IcedID malware tp English-speaking targets. --------------------------------------------- https://isc.sans.edu/diary/rss/26438 ∗∗∗ Making the Most Out of WLAN Event Log Artifacts ∗∗∗ --------------------------------------------- If you have taken FOR500 (Windows Forensic Analysis) or utilize the FOR500 "Evidence of..." poster, you are probably familiar with the WLAN Event Log listed under the Network Activity/Physical Location section of the poster. This Windows event log (Microsoft-Windows-WLAN-AutoConfig/Operational) records wireless networks that a system has associated with as well as captures network characteristics that can be used for geolocation. In recent testing involving this artifact, a discovery was made that may have implications for investigators. I will outline a scenario that illustrates the issue and present artifacts to help solve it. --------------------------------------------- https://www.sans.org/blog/making-the-most-out-of-wlan-event-log-artifacts/ ∗∗∗ Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach ∗∗∗ --------------------------------------------- The FireEye Front Line Applied Research & Expertise (FLARE) Team attempts to always stay on top of the most current and emerging threats. As a member of the FLARE Reverse Engineer team, I recently received a request to analyze a fairly new credential stealer identified as MassLogger. Despite the lack of novel functionalities and features, this sample employs a sophisticated technique that replaces the Microsoft Intermediate Language (MSIL) at run time to hinder static analysis. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/08/bypassing-masslogger-an… ∗∗∗ Stuxnet 2.0: Forscher erwecken alten Security-Alptraum zu neuem Leben ∗∗∗ --------------------------------------------- Auf der Blackhat USA 2020 wiesen Forscher unter anderem auf eine Zero-Day-Lücke im Windows Druckerspoolerdienst hin. Ein Patch von Microsoft soll bald folgen. --------------------------------------------- https://heise.de/-4865010 ∗∗∗ Inter skimming kit used in homoglyph attacks ∗∗∗ --------------------------------------------- Threat actors load credit card skimmers using a known phishing technique called homoglyph attacks. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2020/08/inter-skimming-kit-us… ∗∗∗ WordPress Auto-Updates: What do you have to lose? ∗∗∗ --------------------------------------------- A new feature that will allow automatic updating of plugins and themes will be available in WordPress version 5.5, which is scheduled to be released on August 11, 2020. In this core release of the world’s most popular content management system, site owners will have the option to turn auto-updates on for individual plugins and themes directly from the WordPress admin dashboard. --------------------------------------------- https://www.wordfence.com/blog/2020/08/wordpress-auto-updates-what-do-you-h… ∗∗∗ Security Awareness is as valuable today as ever ∗∗∗ --------------------------------------------- A while ago I saw a tweet that initially angered me for many reasons, but then I thought about it and wondered how much effort do companies put in to awareness and training. --------------------------------------------- https://www.pentestpartners.com/security-blog/security-awareness-is-as-valu… ∗∗∗ Zahlreiche Fake-Shops locken mit günstigen Pools, Griller & Terrassenmöbel ∗∗∗ --------------------------------------------- Egal ob im eigenen Pool schwimmen, den Griller anheizen, die Pflanzen pflegen oder einfach auf der Terrasse die Sonne genießen. Sommerzeit ist Gartenzeit. Das sehen auch BetrügerInnen so. Denn derzeit melden LeserInnen der Watchlist Internet zahlreiche Fake-Shops mit Produkten für einen schönen Sommer im Garten. Schauen Sie daher lieber genau auf vermeintliche Online-Shops, die Ihnen günstige Pools, Griller, Terrassenmöbel oder Rasenmäher verkaufen wollen! --------------------------------------------- https://www.watchlist-internet.at/news/zahlreiche-fake-shops-locken-mit-gue… ∗∗∗ Upgrade unseres Ticketsystems 2020-08-07 ∗∗∗ --------------------------------------------- Viele unserer Prozesse laufen über ein Ticketsystem, in unserem Fall ist das RTIR. Es ist jetzt Zeit geworden, hier eine radikalere Umstellung zu machen: Neue Version (Und natürlich wurde prompt während der Testphase eine radikal neue herausgegeben. Seufz.) --------------------------------------------- https://cert.at/de/blog/2020/8/upgrade-unseres-ticketsystem-20200807 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (clamav and json-c), Fedora (python2, python36, and python37), Red Hat (thunderbird), Scientific Linux (thunderbird), SUSE (java-11-openjdk, kernel, rubygem-actionview-4_2, wireshark, xen, and xrdp), and Ubuntu (openjdk-8 and ppp). --------------------------------------------- https://lwn.net/Articles/828209/ ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: WebSphere MQ Internet Pass-Thru – CVE-2020-2654 (deferred from Oracle Jan 2020 CPU) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-internet-pas… ∗∗∗ Security Bulletin: Embedded WebSphere Application Server is vulnerable to a command execution vulnerability affect Content Collector for Email ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-applic… ∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-we… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Content Collector for Email is affected by a embedded WebSphere Application Server is vulnerable to a Information Disclosure vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-ema… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.08.2020
by Daily end-of-shift report 06 Aug '20

06 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 05-08-2020 18:00 − Donnerstag 06-08-2020 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB20-48) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB20-48) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, August 11, 2020. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1906 ∗∗∗ Incident Response Analyst Report 2019 ∗∗∗ --------------------------------------------- As an incident response service provider, Kaspersky delivers a global service that results in a global visibility of adversaries’ cyber-incident tactics and techniques on the wild. In this report, we share our teams’ conclusions and analysis based on incident responses and statistics from 2019. --------------------------------------------- https://securelist.com/incident-response-analyst-report-2019/97974/ ∗∗∗ A Fork of the FTCode Powershell Ransomware, (Thu, Aug 6th) ∗∗∗ --------------------------------------------- Yesterday, I found a new malicious Powershell script that deserved to be analyzed due to the way it was dropped on the victims computer. As usual, the malware was delivered through a malicious Word document with a VBA macro. A first observation reveals that its a file less macro. The malicious Base64 code is stored in multiples environment variables that are concatenated then executed through an IEX command... --------------------------------------------- https://isc.sans.edu/diary/rss/26434 ∗∗∗ Ad Hoc Log-Management im Ernstfall (SEC Defence) ∗∗∗ --------------------------------------------- Viele Organisationen, welche kein eigenes Incident Response Team haben, verfügen über keine oder nur sehr mangelhafte Visibility im eigenen Unternehmensnetzwerk. Doch vor Allem für die Aufarbeitung und Behebung des Vorfalls ist es unerlässlich auf allen Systemen angemessene Sichtbarkeit sicherzustellen. --------------------------------------------- https://www.sec-consult.com/./blog/2020/07/ad-hoc-log-management-im-ernstfa… ∗∗∗ PHP Backdoor Obfuscated One Liner ∗∗∗ --------------------------------------------- In the past, I have explained how small one line PHP backdoors use obfuscation and strings of code in HTTP requests to pass attacker’s commands to backdoors. Today, I’ll highlight another similar injection example and describe some of the malicious behavior we’ve seen recently on compromised websites. --------------------------------------------- https://blog.sucuri.net/2020/08/php-backdoor-obfuscated-one-liner.html ∗∗∗ Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack ∗∗∗ --------------------------------------------- A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers. Amit Klein, VP of Security Research at SafeBreach who presented the findings today at the Black Hat security conference, said that the attacks highlight how web servers and HTTP proxy servers are still susceptible to HTTP request smuggling even after 15 years since they were first documented. --------------------------------------------- https://thehackernews.com/2020/08/http-request-smuggling.html ∗∗∗ Makro-Malware für macOS: Forscher warnt vor unterschätzter Gefahr ∗∗∗ --------------------------------------------- Ein "Office Drama" naht für macOS-User, fürchtet Patrick Wardle. Makro-Malware könnte Schutzmaßnahmen aushebeln, erläuterte der Forscher auf der Black Hat 2020. --------------------------------------------- https://heise.de/-4864148 ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- Cisco hat 19 Security Advisories veröffentlicht. Keine der Schwachstellen wird als kritisch eingestuft, vier als "High". --------------------------------------------- https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&first… ∗∗∗ Security Bulletin: IBM MQ could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. (CVE-2020-4375) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-an-att… ∗∗∗ Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i is affected by CVE-2020-2654 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java… ∗∗∗ Security Bulletin: IBM MQ is affected by a vulnerability within IBM WebSphere Liberty (CVE-2020-4329) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-v… ∗∗∗ Security Bulletin: CVE-2020-2601 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2601-may-affect-… ∗∗∗ Security Bulletin: IBM MQ is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code (CVE-2020-4465) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a… ∗∗∗ Security Bulletin: Vulnerability CVE-2019-2949 in IBM Java SDK and IBM Java Runtime affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2019-29… ∗∗∗ Security Bulletin: IBM MQ could allow an attacker to cause a denial of service caused by an error within the pubsub logic. (CVE-2020-4376) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-an-att… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: CVE-2020-2590 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2590-may-affect-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.08.2020
by Daily end-of-shift report 05 Aug '20

05 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 04-08-2020 18:00 − Mittwoch 05-08-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle ∗∗∗ --------------------------------------------- Posted by Mateusz Jurczyk, Project Zero. This post is the fourth of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-4-completin… ∗∗∗ Richtlinien gegen Sicherheitslücken in Legacy-Programmiersprachen veröffentlicht ∗∗∗ --------------------------------------------- Das Politecnico di Milano und Trend Micro haben einen Leitfaden für das Entwickeln mit Legacy-Programmiersprachen für Betriebstechnik in der Industrie erstellt. --------------------------------------------- https://heise.de/-4863229 ∗∗∗ Sophos: Ransomware WastedLocker trickst Sicherheitsanwendungen aus ∗∗∗ --------------------------------------------- Die Hintermänner haben offenbar sehr gute Kenntnisse über interne Funktionen von Windows. Sie nutzen diese, um Dateien im Windows-Cache statt direkt auf der Festplatte zu verschlüsseln. Damit vereiteln sie eine verhaltensbasierte Analyse ihrer Schadsoftware. --------------------------------------------- https://www.zdnet.de/88382004/sophos-ransomware-wastedlocker-trickst-sicher… ∗∗∗ Unseriöse Angebote werben mit ORF-Promis ∗∗∗ --------------------------------------------- Immer wieder werden Promis dazu genutzt, um unseriöse Angebote zu bewerben. Aktuell werden vor allem Bilder von ORF-Stars und von nachgemachten Nachrichten-Logos verwendet, um Menschen in die Falle zu locken. Die gefälschten Werbungen werden Ihnen dabei beim Handy-Spielen angezeigt und sollen Sie dazu bringen Apps für Spieleautomaten herunterzuladen. --------------------------------------------- https://www.watchlist-internet.at/news/unserioese-angebote-werben-mit-orf-p… ===================== = Vulnerabilities = ===================== ∗∗∗ Hackers can abuse Microsoft Teams updater to install malware ∗∗∗ --------------------------------------------- Microsoft Teams can still double as a Living off the Land binary (LoLBin) and help attackers retrieve and execute malware from a remote location. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-can-abuse-microsoft-… ∗∗∗ The Official Facebook Chat Plugin Created Vector for Social Engineering Attacks ∗∗∗ --------------------------------------------- On June 26, 2020, our Threat Intelligence team discovered a vulnerability in The Official Facebook Chat Plugin, a WordPress plugin installed on over 80,000 sites. --------------------------------------------- https://www.wordfence.com/blog/2020/08/the-official-facebook-chat-plugin-cr… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (net-snmp), Fedora (mingw-curl), openSUSE (firefox, ghostscript, and opera), Oracle (libvncserver and postgresql-jdbc), Scientific Linux (postgresql-jdbc), SUSE (firefox, kernel, libX11, xen, and xorg-x11-libX11), and Ubuntu (apport, grub2, grub2-signed, libssh, libvirt, mysql-8.0, ppp, tomcat8, and whoopsie). --------------------------------------------- https://lwn.net/Articles/828114/ ∗∗∗ BlackBerry Powered by Android Security Bulletin - July 2020 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ GRUB2 Arbitrary Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Information Leak Vulnerabilities in Huawei FusionCompute Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-… ∗∗∗ Security Advisory - Local Privilege Escalation Vulnerability in Huawei FusionCompute Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-… ∗∗∗ Security Advisory - Denial of Service Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-… ∗∗∗ Security Advisory - Protection Mechanism Failure Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-… ∗∗∗ Security Advisory - Elevation of Privilege Vulnerability in Some Microsoft Windows Systems ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-… ∗∗∗ Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows SMBv1 ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-… ∗∗∗ Security Bulletin: jackson-databind (Publicly disclosed vulnerability) found in Network Performance Insight (CVE-2019-14892, CVE-2019-14893) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-publicly… ∗∗∗ Security Bulletin: CVE-2014-3577 HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2014-3577-httpcompone… ∗∗∗ Security Bulletin: CVE-2020-4481 HTTP properties vulnerable to an XXE attack ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-4481-http-proper… ∗∗∗ Security Bulletin: vulnerabilities in in IBM® Runtime Environment Java™ Version 8 affect IBM WIoTP MessageGateway (CVE-2020-2805, CVE-2020-2803, CVE-2020-2781, CVE-2020-2755, CVE-2020-2754) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-in-ibm… ∗∗∗ Security Bulletin: CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2009-2625-cve-2012-08… ∗∗∗ Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js http-proxy module denial of service ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integra… ∗∗∗ Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-2949-may-affect-… ∗∗∗ Security Bulletin: CVE-2015-5254 Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2015-5254-apache-acti… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4243) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ IBM Spectrum Protect: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0785 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.08.2020
by Daily end-of-shift report 04 Aug '20

04 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Montag 03-08-2020 18:00 − Dienstag 04-08-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Exploiting Android Messengers with WebRTC: Part 1 ∗∗∗ --------------------------------------------- Posted by Natalie Silvanovich, Project Zero. This is a three-part series on exploiting messenger applications using vulnerabilities in WebRTC. This series highlights what can go wrong when applications dont apply WebRTC patches and when the communication and notification of security issues breaks down. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messenger… ∗∗∗ Network Design: Firewall, IDS/IPS ∗∗∗ --------------------------------------------- There are many different types of devices and mechanisms within the security environment to provide a layered approach of defense. This is so that if an attacker is able to bypass one layer, another layer stands in the way to protect the network. --------------------------------------------- https://resources.infosecinstitute.com/network-design-firewall-idsips/ ∗∗∗ Certificate Transparency: a birds-eye view ∗∗∗ --------------------------------------------- The goal of this post is to build up a high-level description of CT from scratch, explaining why all the pieces are the way they are and how they fit together. --------------------------------------------- https://emilymstark.com/2020/07/20/certificate-transparency-a-birds-eye-vie… ∗∗∗ goldscheideanstalt-solidus24.de & feingold-scheideanstalt.de fälschen Trusted Shops-Zertifikat ∗∗∗ --------------------------------------------- goldscheideanstalt-solidus24.de & feingold-scheideanstalt.de – durchaus ansprechende Webshops für Goldbarren und Goldmünzen. Das vollständige Impressum mit gültigen Angaben, sowie das Trusted Shops-Gütezeichen wirken vertrauensvoll. Doch Vorsicht: Diese Goldhändler sind Fake, Sie erhalten trotz Bezahlung keine Ware! --------------------------------------------- https://www.watchlist-internet.at/news/goldscheideanstalt-solidus24de-feing… ===================== = Vulnerabilities = ===================== ∗∗∗ NodeJS module downloaded 7M times lets hackers inject code ∗∗∗ --------------------------------------------- A Node.js module downloaded millions of times has a security flaw that can enable attackers to perform a denial-of-service (DoS) attack on a server or get full-fledged remote shell access. --------------------------------------------- https://www.bleepingcomputer.com/news/security/nodejs-module-downloaded-7m-… ∗∗∗ CVE-2020–9854: "Unauthd" ∗∗∗ --------------------------------------------- Security researcher Ilias Morad, describes an impressive exploit chain, combining three macOS logic bugs he uncovered in macOS. His exploit chain allowed a local user to elevate privileges all the way to ring-0 (kernel)! --------------------------------------------- https://objective-see.com/blog/blog_0x4D.html ∗∗∗ Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues , (Tue, Aug 4th) ∗∗∗ --------------------------------------------- Just a quick reminder: We are continuing to see small numbers of exploit attempts against CVE-2020-3452. Cisco patched this directory traversal vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. --------------------------------------------- https://isc.sans.edu/diary/rss/26426 ∗∗∗ Critical Vulnerability Exposes over 700,000 Sites Using Divi, Extra, and Divi Builder ∗∗∗ --------------------------------------------- On July 23, 2020, our Threat Intelligence team discovered a vulnerability present in two themes by Elegant Themes, Divi and Extra, as well as Divi Builder, a WordPress plugin. Combined, these products are installed on an estimated 700,000 sites. --------------------------------------------- https://www.wordfence.com/blog/2020/08/critical-vulnerability-exposes-over-… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libx11, webkit2gtk, and zabbix), Fedora (webkit2gtk3), openSUSE (claws-mail, ghostscript, and targetcli-fb), Red Hat (dbus, kpatch-patch, postgresql-jdbc, and python-pillow), Scientific Linux (libvncserver and postgresql-jdbc), SUSE (kernel and python-rtslib-fb), and Ubuntu (ghostscript, sqlite3, squid3, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/828015/ ∗∗∗ Security Bulletin: Vulnerability in Bash affects IBM Spectrum Protect Plus (CVE-2019-9924) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bash-aff… ∗∗∗ Security Bulletin: Possible denial of service attack affecting Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-possible-denial-of-servic… ∗∗∗ Security Bulletin: Incorrect file permissions allows authenticated users to recover IPMI user passwords ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-incorrect-file-permission… ∗∗∗ Security Bulletin: IBM API Connect is impacted by a denial of service vulnerability in MySQL (CVE-2020-2752) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impact… ∗∗∗ Security Bulletin: Vulnerability in GNU gettext affects IBM Spectrum Protect Plus (CVE-2018-18751) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-gnu-gett… ∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2020-4459) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A vulnerability in IBM® Runtime Environment Java™ Version 8.0 affects IBM CICS TX on Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ru… ∗∗∗ Security Bulletin: OpenSSH vulnerability affects IBM Spectrum Protect Plus (CVE-2020-15778) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssh-vulnerability-aff… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A vulnerability exists in IBM® Runtime Environment Java™ which affects TXSeries for Multiplatforms ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in… ∗∗∗ August 2020 ∗∗∗ --------------------------------------------- https://source.android.com/security/bulletin/2020-08-01 ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0781 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily August 2020