Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - 27.05.2020
by Daily end-of-shift report 27 May '20

27 May '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 26-05-2020 18:00 − Mittwoch 27-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Netgear-Router: Update-Prozess unsicher, Hersteller schweigt ∗∗∗ --------------------------------------------- Der Firmware-Updater einiger Netgear-Router wie dem Nighthawk R7000 ist offenbar unsicher. Dies hat das IoT-Lab der University of Applied Sciences Upper Austria (FH Oberösterreich) herausgefunden. Ob und wie der Hersteller auf das Problem reagiert ist indes völlig unklar – der Hersteller hüllt sich seit Wochen in Schweigen. --------------------------------------------- https://heise.de/-4766025 ∗∗∗ Micropatch Available for User-Mode Power Service Memory Corruption (CVE-2020-1015) ∗∗∗ --------------------------------------------- Windows 7 and Server 2008 R2 users without Extended Security Updates have just received a micropatch for CVE-2020-1015, a memory corruption vulnerability in User-Mode Power Service that could allow a local attacker to execute arbitrary code as Local System.This vulnerability was patched by Microsoft with April 2020 Updates, but Windows 7 and Server 2008 R2 users without Extended Security Updates remained vulnerable. --------------------------------------------- https://blog.0patch.com/2020/05/micropatch-available-for-user-mode.html ∗∗∗ Vorsicht bei Privatverkauf: Betrug mit Speditionen boomt! ∗∗∗ --------------------------------------------- Der Weg über angebliche Speditionen ist eine beliebte Betrugsmasche beim Privatverkauf. Vor allem teure Waren, die auf Kleinanzeigenportale inseriert werden, locken BetrügerInnen an. Die vermeintlichen KäuferInnen erklären, dass sie im Ausland sind und daher der Kauf über eine Spedition abgewickelt werden soll. Hier gilt es vorsichtig zu sein, denn die Opfer werden aufgefordert das Geld für die Spedition zu überweisen. Das Unternehmen existiert jedoch gar --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-privatverkauf-betrug-mi… ∗∗∗ New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD ∗∗∗ --------------------------------------------- Eighteen of the 26 bugs impact Linux. Eleven have been patched already. --------------------------------------------- https://www.zdnet.com/article/new-fuzzing-tool-finds-26-usb-bugs-in-linux-w… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7 and unbound), Fedora (libEMF and transmission), Mageia (dojo, log4net, nginx, nodejs-set-value, sleuthkit, and transmission), Red Hat (rh-maven35-jackson-databind), SUSE (dpdk and mariadb-connector-c), and Ubuntu (thunderbird). --------------------------------------------- https://lwn.net/Articles/821530/ ∗∗∗ BOSCH-SA-363824-BT ∗∗∗ --------------------------------------------- Multiple Vulnerabilities in Bosch Recording Station (BRS) --------------------------------------------- https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-sa-36… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-… ∗∗∗ Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-… ∗∗∗ Security Advisory - Denial of Service Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-… ∗∗∗ Security Advisory - Kr00k Vulnerability in Broadcom Wi-Fi chips ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-… ∗∗∗ Security Advisory - Stack Buffer Overflow Vulnerability in Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-… ∗∗∗ Security Advisory - Information Disclosure Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-… ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-… ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-… ∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by cross-site scripting (CVE-2020-4358) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is… ∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by weak cryptographic algorithm (CVE-2020-4350) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is… ∗∗∗ Security Bulletin: User Credentials submitted using GET method ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-user-credentials-submitte… ∗∗∗ Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud Tiering(CVE-2020-7238) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-… ∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by weak crypto algorithm (CVE-2020-4349) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is… ∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by weak crypto algorithm (CVE-2020-4379) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is… ∗∗∗ Security Bulletin: Multiple vulnerabilities in netty affect IBM Spectrum Scale Transparent Cloud Tiering (CVE-2019-20445, CVE-2019-20444) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by verbose error message (CVE-2020-4357) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is… ∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affects IBM Virtualization Engine TS7700 – January 2020 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud Tiering(CVE-2020-7238) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.05.2020
by Daily end-of-shift report 26 May '20

26 May '20

===================== = End-of-Day report = ===================== Timeframe: Montag 25-05-2020 18:00 − Dienstag 26-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Dumping COVID-19.jar with Java Instrumentation ∗∗∗ --------------------------------------------- There is a generic and easy way to unpack Java malware that is not well-known yet. For demonstration I use a recent JAR malware sample that jumps on the COVID-19 bandwagon. --------------------------------------------- https://www.gdatasoftware.com/blog/2020/05/36083-dumping-covid-19jar-with-j… ∗∗∗ These Aren’t the Phish You’re Looking For ∗∗∗ --------------------------------------------- An Effective Technique for Avoiding Blacklists --------------------------------------------- https://medium.com/@curtbraz/these-arent-the-phish-you-re-looking-for-7374c… ∗∗∗ Fünf Zero-Day-Lücken veröffentlicht – Microsoft will erst später patchen ∗∗∗ --------------------------------------------- Das Team der Zero Day Initiative hat Informationen zu fünf Sicherheitslücken veröffentlicht, nachdem Microsoft die gesetzte Frist nicht einhielt. --------------------------------------------- https://heise.de/-4765191 ∗∗∗ Projekt SiSyPHuS Win10: Ergebnisse der Analyse zu PowerShell ∗∗∗ --------------------------------------------- Im Rahmen der Sicherheitsanalyse von Windows 10 (Projekt SiSyPHuS Win10) hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) die Ergebnisse der Analyse zu PowerShell veröffentlicht. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/SiSyPHuS_Powershe… ∗∗∗ ludwig-therese.net ist Fake ∗∗∗ --------------------------------------------- Auf der Suche nach einem Dirndl oder einer Lederhose? Viele KonsumentInnen gelangen momentan über betrügerische Werbeschaltungen auf Facebook und Instagram zum Fake-Shop ludwig-therese.net. ludwig-therese.net ist eine Kopie des seriösen Shops ludwig-therese.de. Wer bei ludwig-therese.net bestellt, erhält trotz Bezahlung keine Ware. --------------------------------------------- https://www.watchlist-internet.at/news/ludwig-theresenet-ist-fake/ ∗∗∗ RangeAmp attacks can take down websites and CDN servers ∗∗∗ --------------------------------------------- Twelve of thirteen CDN providers said they fixed or planned to fix the problem. --------------------------------------------- https://www.zdnet.com/article/rangeamp-attacks-can-take-down-websites-and-c… ∗∗∗ Do Androids dream of equal security? ∗∗∗ --------------------------------------------- Several pieces of research published by F-Secure Labs demonstrate that region-specific default configurations and settings in some flagship Android devices are creating security problems that affect people in some countries but not others. --------------------------------------------- https://blog.f-secure.com/android-security/ ===================== = Vulnerabilities = ===================== ∗∗∗ New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps ∗∗∗ --------------------------------------------- Remember Strandhogg? A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information. Late last year, at the time of its public disclosure, researchers also confirmed that some attackers were already exploiting the flaw in the [...] --------------------------------------------- https://thehackernews.com/2020/05/stranhogg-android-vulnerability.html ∗∗∗ Apple Mail: iOS-Updates beseitigen offenbar schwere Lücke ∗∗∗ --------------------------------------------- Mit iOS 13.5 und 12.4.7 hat Apple Sicherheitsforschern zufolge Schwachstellen behoben, die eine Manipulation der E-Mail-Inbox ermöglichten. --------------------------------------------- https://heise.de/-4764378 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (sqlite3), Fedora (libarchive and netdata), openSUSE (dom4j, dovecot23, gcc9, and memcached), Red Hat (devtoolset-9-gcc, httpd24-httpd and httpd24-mod_md, ipmitool, kernel, kpatch-patch, openvswitch, openvswitch2.11, openvswitch2.13, rh-haproxy18-haproxy, and ruby), and SUSE (freetds, jasper, libxslt, and sysstat). --------------------------------------------- https://lwn.net/Articles/821441/ ∗∗∗ FortiClient for Windows Insecure Temporary File vulnerability ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-20-040 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.05.2020
by Daily end-of-shift report 25 May '20

25 May '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 22-05-2020 18:00 − Montag 25-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Discord client turned into a password stealer by updated malware ∗∗∗ --------------------------------------------- A threat actor converted the AnarchyGrabber trojan into a new malware that steals passwords and user tokens, disables 2FA, and spreads malware to a victims friends. --------------------------------------------- https://www.bleepingcomputer.com/news/security/discord-client-turned-into-a… ∗∗∗ Portscan: Ebay.de scannt den Rechner auf offene Ports ∗∗∗ --------------------------------------------- Mit einem Javascript werden 14 Ports auf dem lokalen PC abgeklopft. --------------------------------------------- https://www.golem.de/news/portscan-ebay-de-scannt-den-rechner-auf-offene-po… ∗∗∗ 70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs ∗∗∗ --------------------------------------------- A lack of awareness about where and how open-source libraries are being used is problematic, researchers say. --------------------------------------------- https://threatpost.com/70-of-apps-open-source-bugs/156040/ ∗∗∗ New activity of DoubleGuns‘ gang, control hundreds of thousands of bots via public cloud service ∗∗∗ --------------------------------------------- Recently, our DNS data based threat monitoning system DNSmon flagged a suspicious domain pro.csocools.com. The system estimates the scale of infection may well above hundreds of thousands of users. By analyzing the related samples and C2s,We traced its family back to the ShuangQiang(double gun) campaign, [...] --------------------------------------------- https://blog.netlab.360.com/shuangqiang/ ∗∗∗ AgentTesla Delivered via a Malicious PowerPoint Add-In, (Sat, May 23rd) ∗∗∗ --------------------------------------------- Attackers are always trying to find new ways to deliver malicious code to their victims. Microsoft Word and Excel are documents that can be easily weaponized by adding malicious VBA macros. Today, they are one of the most common techniques to compromise a computer. Especially because Microsoft implemented automatically executed macros when the document is opened. In Word, the macro must be named AutoOpen(). In Excel, the name must be Workbook_Open(). However, PowerPoint does not support this [...] --------------------------------------------- https://isc.sans.edu/diary/rss/26162 ∗∗∗ Securing SSH: What To Do and What Not To Do ∗∗∗ --------------------------------------------- The SSH service is critical, ensuring its security is key. This blog will describe how best to secure the SSH service from threat actors. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/securing-ss… ∗∗∗ Thousands of enterprise systems infected by new Blue Mockingbird malware gang ∗∗∗ --------------------------------------------- Hackers are exploiting a dangerous and hard to patch vulnerability to go after enterprise servers. --------------------------------------------- https://www.zdnet.com/article/thousands-of-enterprise-systems-infected-by-n… ∗∗∗ Insidious Android malware gives up all malicious features but one to gain stealth ∗∗∗ --------------------------------------------- ESET researchers detect a new way of misusing Accessibility Service, the Achilles’ heel of Android security --------------------------------------------- https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-u… ===================== = Vulnerabilities = ===================== ∗∗∗ Apples iPhone und iPad: Aktueller Jailbreak für iOS 13.5 nutzt Zero-Day-Lücke aus ∗∗∗ --------------------------------------------- Kurz nach der Veröffentlichung von iOS 13.5 ist ein Jailbreak erschienen. Damit wird das Sicherheitssystem in iOS und iPadOS ausgehebelt. --------------------------------------------- https://www.golem.de/news/apples-iphone-und-ipad-aktueller-jailbreak-fuer-i… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, dovecot, openconnect, and powerdns-recursor), Debian (cracklib2, feh, netqmail, ruby-rack, tomcat7, and transmission), Fedora (dovecot, kernel, log4net, openconnect, python-markdown2, and unbound), Mageia (ansible, clamav, dovecot, file-roller, glpi, kernel, kernel-linus, libntlm, microcode, nmap, pdns-recursor, unbound, viewvc, and wireshark), openSUSE (ant, autoyast2, dpdk, file, freetype2, gstreamer-plugins-base, imapfilter, libbsd, [...] --------------------------------------------- https://lwn.net/Articles/821347/ ∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on FOX615 Multiservice-Multiplexer ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=1KHW003578&Language… ∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on Relion 670, Relion 650, SAM600-IO Series ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=1MRG035816&Language… ∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on AFS66x ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=1MRG000001&Language… ∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on NSD570 Teleprotection Equipment ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=1KHW003577&Language… ∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on ETL600 Power Line Carrier System ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=1KHW003576&Language… ∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on REB500 ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=1KHL501885&Language… ∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on RTU500 series ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=1KGT090327&Language… ∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Insights ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-ze ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vyatta-5600-vrouter-softw… ∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Grafana: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0495 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.05.2020
by Daily end-of-shift report 22 May '20

22 May '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 20-05-2020 18:00 − Freitag 22-05-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Drahtlos-Standard: Bluetooth-Sicherheitslücke betrifft praktisch alle Geräte ∗∗∗ --------------------------------------------- Bluetooth erfordert beim Verbindungsaufbau keine beidseitige Authentifizierung. Der Angriff Bias funktioniert als Master und als Slave. --------------------------------------------- https://www.golem.de/news/drahtlos-standard-bluetooth-sicherheitsluecke-bet… ∗∗∗ Sarwent Malware Continues to Evolve With Updated Command Functions ∗∗∗ --------------------------------------------- Sarwent has received little attention from researchers, but this backdoor malware is still being actively developed, with new commands and a focus on RDP. --------------------------------------------- https://labs.sentinelone.com/sarwent-malware-updates-command-detonation/ ∗∗∗ Shining a light on “Silent Night” Zloader/Zbot ∗∗∗ --------------------------------------------- The latest Malwarebytes Threat Intel report focuses on Silent Night, a new banking Trojan recently tracked as Zloader/Zbot. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2020/05/the-silent-night-zloa… ∗∗∗ Vulnerability Spotlight: Memory corruption vulnerability in GNU Glibc leaves smart vehicles open to attack ∗∗∗ --------------------------------------------- Modern automobiles are complex machines, merging both mechanical and computer systems under one roof. As automobiles become more advanced, additional sensors and devices are added to help the vehicle understand its internal and external environments. These sensors provide drivers with real-time information, connect the vehicle to the global fleet network and, in some cases, actively use and interpret this telemetry data to drive the [...] --------------------------------------------- https://blog.talosintelligence.com/2020/05/cve-2020-6096.html ∗∗∗ Bequemlichkeit vs. Sicherheit bei Smart‑Home Geräten ∗∗∗ --------------------------------------------- Trotz der wachsenden Akzeptanz von Smart-Home-Geräten, sollten wir unsere Privatsphäre und Sicherheit nicht der Bequemlichkeit opfern. --------------------------------------------- https://www.welivesecurity.com/deutsch/2020/05/20/bequemlichkeit-vs-sicherh… ∗∗∗ Tools Used in GhostDNS Router Hijack Campaigns Dissected ∗∗∗ --------------------------------------------- The source code of the GhostDNS exploit kit (EK) has been obtained and analyzed by researchers. GhostDNS is used to compromise a wide range of routers to facilitate phishing -- perhaps more accurately, pharming -- for banking credentials. Target routers are mostly, but not solely, located in Latin America. --------------------------------------------- https://www.securityweek.com/tools-used-ghostdns-router-hijack-campaigns-di… ∗∗∗ Ragnar Locker Ransomware Uses Virtual Machines for Evasion ∗∗∗ --------------------------------------------- The Ragnar Locker ransomware has been deploying a full virtual machine to ensure that it can evade detection, Sophos reveals. --------------------------------------------- https://www.securityweek.com/ragnar-locker-ransomware-uses-virtual-machines… ∗∗∗ Free ImmuniWeb Tool Allows Organizations to Check Dark Web Exposure ∗∗∗ --------------------------------------------- Web security company ImmuniWeb this week announced a free tool that allows businesses and government organizations to check their dark web exposure. --------------------------------------------- https://www.securityweek.com/free-immuniweb-tool-allows-organizations-check… ∗∗∗ Wahre Liebe oder Betrug? So finden Sie es heraus! ∗∗∗ --------------------------------------------- Egal ob auf Sozialen Netzwerken wie Facebook oder Instagram, auf Online-Partnerbörsen oder einfach per Mail - immer wieder melden uns LeserInnen sogenannte Love- oder Romance-Scammer. Durch Liebesbeteuerungen und Geschichten aus Ihrem Alltag erschleichen sich die BetrügerInnen das Vertrauen der Opfer. Tatsächlich geht es aber auch bei dieser Betrugsmasche nur um eines: Geld. --------------------------------------------- https://www.watchlist-internet.at/news/wahre-liebe-oder-betrug-so-finden-si… ∗∗∗ Spectra: Neuartiger Angriff überwindet Trennung von WLAN und Bluetooth ∗∗∗ --------------------------------------------- Er richtet sich gegen Combo-Chips der Hersteller Broadcom und Cypress. Sie finden sich unter anderem in iPhones, MacBooks und Galaxy-S-Smartphones. Spectra nutzt Schwachstellen in einer Funktion, die einen schnellen Wechsel von einer Funktechnik zur anderen erlaubt. --------------------------------------------- https://www.zdnet.de/88380022/spectra-neuartiger-angriff-ueberwindet-trennu… ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003 ∗∗∗ --------------------------------------------- Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. The vulnerability is caused by insufficient validation of the destination query parameter in the drupal_goto() function. --------------------------------------------- https://www.drupal.org/sa-core-2020-003 ∗∗∗ Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002 ∗∗∗ --------------------------------------------- The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are [...] security issues in jQuery’s DOM manipulation methods, as in .html(), .append(), and the others. --------------------------------------------- https://www.drupal.org/sa-core-2020-002 ∗∗∗ Apple Security Update: Xcode 11.5 ∗∗∗ --------------------------------------------- Impact: A crafted git URL that contains a newline in it may cause credential information to be provided for the wrong host --------------------------------------------- https://support.apple.com/en-us/HT211183 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (keycloak, qemu, and thunderbird), Debian (dovecot), Fedora (abcm2ps and oddjob), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, and kernel-rt), SUSE (ant, bind, and freetype2), and Ubuntu (bind9 and linux, linux-aws, linux-aws-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3,linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2 ). --------------------------------------------- https://lwn.net/Articles/821093/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox, ipmitool, kernel, squid, and thunderbird), Debian (pdns-recursor), Fedora (php and ruby), Red Hat (dotnet and dotnet3.1), SUSE (dom4j, dovecot23, memcached, and tomcat), and Ubuntu (clamav, libvirt, and qemu). --------------------------------------------- https://lwn.net/Articles/821205/ ∗∗∗ Hackers Can Target Rockwell Industrial Software With Malicious EDS Files ∗∗∗ --------------------------------------------- Rockwell Automation recently patched two vulnerabilities related to EDS files that can allow malicious actors to expand their access within a targeted organization’s OT network. --------------------------------------------- https://www.securityweek.com/hackers-can-target-rockwell-industrial-softwar… ∗∗∗ 2020-05-21: SECURITY ABB Device Library Wizard Information Disclosure Vulnerability (2PAA121681) ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2PAA121681&Language… ∗∗∗ Cisco AMP for Endpoints Linux Connector and AMP for Endpoints Mac Connector Software Memory Buffer Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Contact Center Express Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Collaboration Provisioning Software SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Network Registrar DHCP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco AMP for Endpoints Mac Connector Software File Scan Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ [webapps] PHPFusion 9.03.50 - Persistent Cross-Site Scripting ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/48497 ∗∗∗ CVE-2004-0230 Blind Reset Attack Using the RST/SYN Bit ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-16-039 ∗∗∗ Linux kernel vulnerability CVE-2019-19059 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K06554372 ∗∗∗ Linux kernel vulnerability CVE-2019-19062 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K84797753 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.05.2020
by Daily end-of-shift report 20 May '20

20 May '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 19-05-2020 18:00 − Mittwoch 20-05-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Netwalker Fileless Ransomware Injected via Reflective Loading ∗∗∗ --------------------------------------------- Ransomware in itself poses a formidable threat for organizations. As a fileless threat, the risk is increased as it can more effectively evade detection. We discuss how Netwalker ransomware is deployed filelessly through reflective DLL injection. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/netwalker-filel… ∗∗∗ Studie: Kriminelle wollen nur Geld, Unternehmen stellen Daten selbst ins Feuer ∗∗∗ --------------------------------------------- Eine Analyse von knapp 4000 Cyber-Angriffen belegt, dass Passwortdiebstahl nach wie vor hoch im Kurs steht und Admins vor allem Cloud-Dienste nicht beherrschen. --------------------------------------------- https://heise.de/-4725579 ∗∗∗ 10 best practices for MSPs to secure their clients and themselves from ransomware ∗∗∗ --------------------------------------------- For MSPs, securing themselves from ransomware is just as much a practice in securing clients. See how to save data—and money—with these best practices. --------------------------------------------- https://blog.malwarebytes.com/how-tos-2/2020/05/10-best-practices-for-msps-… ∗∗∗ The wolf is back... ∗∗∗ --------------------------------------------- Thai Android devices and users are being targeted by a modified version of DenDroid we are calling "WolfRAT," now targeting messaging apps like WhatsApp, Facebook Messenger and Line. We assess with high confidence that this modified version is operated by the infamous Wolf Research.This actor has shown a surprising level of amateur actions, including code overlaps, open-source project copy/paste, classes never being [...] --------------------------------------------- https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html ∗∗∗ 3 Ways to Reduce Insider Cyberattacks on Industrial Control Systems ∗∗∗ --------------------------------------------- When power grids, water networks and gas utility systems are targeted by cyberattacks, systems that are essential to our everyday lives are affected. While the damage potential due to external [...] --------------------------------------------- https://blog.se.com/cyber-security/2020/05/06/three-ways-to-reduce-insider-… ∗∗∗ The Elementor Attacks: How Creative Hackers Combined Vulnerabilities to Take Over WordPress Sites ∗∗∗ --------------------------------------------- On May 6, our Threat Intelligence team was alerted to a zero-day vulnerability present in Elementor Pro, a WordPress plugin installed on approximately 1 million sites. That vulnerability was being exploited in conjunction with another vulnerability found in Ultimate Addons for Elementor, a WordPress plugin installed on approximately 110,000 sites. --------------------------------------------- https://www.wordfence.com/blog/2020/05/the-elementor-attacks-how-creative-h… ∗∗∗ SMS von Raiffeisen mit Link ist Fake ∗∗∗ --------------------------------------------- Momentan sind gefälschte Raiffeisen-SMS im Umlauf. Darin werden Sie aufgefordert, die PushTAN Registrierung abzuschließen. Dafür müssen Sie lediglich auf den angeführten Link klicken. Doch Vorsicht: Dieser Link führt nicht auf die echte Login-Seite, sondern auf eine Phishing-Seite. --------------------------------------------- https://www.watchlist-internet.at/news/sms-von-raiffeisen-mit-link-ist-fake/ ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2020-0010 ∗∗∗ --------------------------------------------- VMware Cloud Director updates address Code Injection Vulnerability (CVE-2020-3956) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0010.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bind9 and clamav), Fedora (kernel, moodle, and transmission), Oracle (kernel), Red Hat (ipmitool, kernel, ksh, and ruby), Slackware (bind and libexif), SUSE (dpdk, openconnect, python, and rpmlint), and Ubuntu (linux, linux-aws, linux-gcp, linux-kvm, linux-oracle, linux-riscv and linux-gke-5.0, linux-oem-osp1). --------------------------------------------- https://lwn.net/Articles/820948/ ∗∗∗ Researchers Divulge Details on Five Windows Zero Days ∗∗∗ --------------------------------------------- Zero Day Initiative Researchers Publish Five Windows Zero Days read more --------------------------------------------- https://www.securityweek.com/researchers-divulge-details-five-windows-zero-… ∗∗∗ Security Advisory - Information Leakage Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200520-… ∗∗∗ Security Advisory - Use After Free Vulnerability in Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200520-… ∗∗∗ Security Bulletin: IBM Security Access Manager is vulnerable to a bypass security vulnerability (CVE-2020-4461) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-access-manag… ∗∗∗ Security Bulletin: A security vulnerability has been identified in SQLite shipped with IBM Watson Machine Learning Community Edition (WMLCE) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A security vulnerability has been identified in the sqlite package shipped with IBM Watson Machine Learning Community Edition (WMLCE) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: CVE-2020-4260 SOME SECURE PROPERTIES CAN BE REVEALED VIA GENERIC PROCESSES ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-4260-some-secure… ∗∗∗ Security Bulletin: A security vulnerability has been identified in Pillow shipped with IBM Watson Machine Learning Community Edition (WMLCE) containers ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A security vulnerability has been identified in nanopb shipped with IBM Watson Machine Learning Community Edition (WMLCE) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A security vulnerability has been identified in FFMpeg shipped with IBM Watson Machine Learning Community Edition (WMLCE) containers ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Security vulnerabilities have been identified in BigFix Platform shipped with IBM License Metric Tool. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ HPESBHF04004 rev.1 - HPE Superdome Flex Server Remote Management Controller (RMC), Local Elevation of Privilege ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBST03991 rev.1 - HPE Nimble Storage, Remote Access to Sensitive Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBST03992 rev.1 - HPE Nimble Storage, Remote Code Execution ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ Adobe Creative Cloud: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0487 ∗∗∗ Wireshark: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0485 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.05.2020
by Daily end-of-shift report 19 May '20

19 May '20

===================== = End-of-Day report = ===================== Timeframe: Montag 18-05-2020 18:00 − Dienstag 19-05-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ NXNSAttack: Effizienter Angriff auf Nameserver ∗∗∗ --------------------------------------------- Eine neue Form von Denial-of-Service-Angriff nutzt die DNS-Architektur, um mit wenig Aufwand viel Serverlast und Traffic zu erzeugen. --------------------------------------------- https://www.golem.de/news/nxnsattack-effizienter-angriff-auf-nameserver-200… ∗∗∗ Phishers are trying to bypass Office 365 MFA via rogue apps ∗∗∗ --------------------------------------------- Phishers are trying to bypass the multi-factor authentication (MFA) protection on users’ Office 365 accounts by tricking them into granting permissions to a rogue application. The app allows attackers to access and modify the contents of the victim’s account, but also to retain that access indefinitely, Cofense researchers warn. --------------------------------------------- https://www.helpnetsecurity.com/2020/05/19/office-365-bypass-mfa/ ∗∗∗ Hohe Kosten statt Krediten auf kreditvolks-online.com ∗∗∗ --------------------------------------------- Die betrügerische Website kreditvolks-online.com wirbt momentan mit günstigen Krediten um Kundschaft. Die Kriminellen hinter der Website missbrauchen dabei beispielsweise das Logo der Volksbank, der Bawag P.S.K., der Commerzbank oder der Deutsche Kreditbank AG, um Vertrauen zu stiften. Bevor angebliche Kredite ausgezahlt werden, müssen zahlreiche Gebühren bezahlt werden. Eine tatsächliche Auszahlung findet schlussendlich nie statt und alle Zahlungen sind verloren! --------------------------------------------- https://www.watchlist-internet.at/news/hohe-kosten-statt-krediten-auf-kredi… ∗∗∗ FBI warns about attacks on Magento online stores via old plugin vulnerability ∗∗∗ --------------------------------------------- FBI says hackers have been planting card skimmers on online stores by exploiting a 2017 bug in the MAGMI plugin. --------------------------------------------- https://www.zdnet.com/article/fbi-warns-about-attacks-on-magento-online-sto… ∗∗∗ Hundreds of thousands of QNAP devices vulnerable to remote takeover attacks ∗∗∗ --------------------------------------------- A firmware patch has been released last year, in November. --------------------------------------------- https://www.zdnet.com/article/hundreds-of-thousands-of-qnap-devices-vulnera… ===================== = Vulnerabilities = ===================== ∗∗∗ VU#534195: Bluetooth devices supporting LE and specific BR/EDR implementations are vulnerable to method confusion attacks ∗∗∗ --------------------------------------------- [...] It is possible for an unauthenticated, adjacent attacker to man-in-the-middle (MITM) attack the pairing process and force each victim device into a different Association Model, possibly granting the attacker the ability to initiate any Bluetooth operation on either attacked device. --------------------------------------------- https://kb.cert.org/vuls/id/534195 ∗∗∗ VU#647177: Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks ∗∗∗ --------------------------------------------- [...] It is possible for an unauthenticated, adjacent attacker to impersonate a previously paired/bonded device and successfully authenticate without knowing the link key. This could allow an attacker to gain full access to the paired device by performing a Bluetooth Impersonation Attack (BIAS). --------------------------------------------- https://kb.cert.org/vuls/id/647177 ∗∗∗ Sicherheitsupdate: Nitro PDF Pro könnte Daten leaken ∗∗∗ --------------------------------------------- Die Entwickler der PDF-Anwendung Nitro PDF Pro haben mehrere Sicherheitslücken geschlossen. --------------------------------------------- https://heise.de/-4724062 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dpdk and exim4), Fedora (openconnect, perl-Mojolicious, and php), Red Hat (kernel and kpatch-patch), Slackware (sane), and Ubuntu (bind9, dpdk, exim4, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-oem, linux-oracle, linux-snapdragon, and linux, linux-aws, linux-lts-xenial, linux-raspi2, linux-snapdragon). --------------------------------------------- https://lwn.net/Articles/820859/ ∗∗∗ F-Secure Linux Security: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/05/warn… ∗∗∗ LibreOffice: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/05/warn… ∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by a cross-site request forgery vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Solr (lucene) affect IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in WebSphere Application Server Liberty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio… ∗∗∗ Security Bulletin: InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-infosphere-information-se… ∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by a cross-site scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an SQLite vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged user to cause denial of service in kernal ( CVE-2020-4411) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an SQLite vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect B2B API of IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged user to cause denial of service( CVE-2020-4412) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Rowhammer hardware vulnerability CVE-2020-10255 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K60570139 ∗∗∗ Adobe Creative Cloud: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0476 ∗∗∗ Internet Systems Consortium BIND: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0474 ∗∗∗ Dovecot: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0479 ∗∗∗ Ruby on Rails: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0477 ∗∗∗ MISP: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0480 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.05.2020
by Daily end-of-shift report 18 May '20

18 May '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 15-05-2020 18:00 − Montag 18-05-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Disruption on the horizon ∗∗∗ --------------------------------------------- [...] As cyber security professionals we are often caught in the wake of disruptive changes as a result of technology adoption (i.e. Cloud), changes in operational paradigms (i.e. DevOps), or regulatory/compliance developments (i.e. GDPR, CCPA, etc.). Recognizing this, how can we proactively identify such changes before they start to impact our operations? --------------------------------------------- https://cybersecurity.att.com/blogs/security-essentials/disruption-on-the-h… ∗∗∗ Antivirus & Multiple Detections, (Sun, May 17th) ∗∗∗ --------------------------------------------- "When a file contains more than one signature, for example EICAR and a real virus, what will the antivirus report?". --------------------------------------------- https://isc.sans.edu/diary/rss/26134 ∗∗∗ WordPress Malware Collects Sensitive WooCommerce Data ∗∗∗ --------------------------------------------- During a recent investigation, our team found malicious code that reveals how attackers are performing reconnaissance to identify if sites are actively using WooCommerce in a compromised hosting environment. These compromised websites are victims of the ongoing wave of exploits against vulnerable WordPress plugins. --------------------------------------------- https://blog.sucuri.net/2020/05/wordpress-malware-collects-sensitive-woocom… ∗∗∗ Evading Detection with Excel 4.0 Macros and the BIFF8 XLS Format ∗∗∗ --------------------------------------------- Abusing legacy functionality built into the Microsoft Office suite is a tale as old as time. One functionality that is popular with red teamers and maldoc authors is using Excel 4.0 Macros to embed standard malicious behavior in Excel files and then execute phishing campaigns with these documents. These macros, which are fully documented online, can make web requests, execute shell commands, access win32 APIs, and have many other capabilities which are desirable to malware authors. --------------------------------------------- https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ ∗∗∗ Mandrake Android Spyware Remained Undetected for 4 Years ∗∗∗ --------------------------------------------- Security researchers at Bitdefender have identified a highly sophisticated Android spyware platform that managed to remain undetected for four years. --------------------------------------------- https://www.securityweek.com/mandrake-android-spyware-remained-undetected-4… ∗∗∗ Ethical dilemmas with responsible disclosure ∗∗∗ --------------------------------------------- We do a LOT of disclosures, probably starting one a day on average. Between us, we spend a man day or so per week just managing disclosures. It creates pain [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/ethical-dilemmas-with-respons… ∗∗∗ The ProLock ransomware doesn’t tell you one important thing about decrypting your files ∗∗∗ --------------------------------------------- Have your computers been hit by the ProLock ransomware? You might want to read this before you pay any money to the criminals behind the attack. --------------------------------------------- https://www.grahamcluley.com/prolock-ransomware-decryption/ ===================== = Vulnerabilities = ===================== ∗∗∗ Critical WordPress plugin bug allows for automated takeovers ∗∗∗ --------------------------------------------- Attackers can exploit a critical vulnerability in the WP Product Review Lite plugin installed on over 40,000 WordPress sites to inject malicious code and potentially take over vulnerable websites. --------------------------------------------- https://www.bleepingcomputer.com/news/security/critical-wordpress-plugin-bu… ∗∗∗ PHOENIX CONTACT improper access control exists on FL NAT devices when using MAC-based port security (Update A) ∗∗∗ --------------------------------------------- [...] Update 2020-05-18: Firmware V2.90 is released and available for download. --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-020 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apache-log4j1.2, exim4, libexif, and openconnect), Fedora (chromium, condor, java-1.8.0-openjdk, java-1.8.0-openjdk-aarch32, mingw-ilmbase, mingw-OpenEXR, sleuthkit, and squid), Mageia (jbig2dec, libreswan, netkit-telnet, ntp, and suricata), openSUSE (mailman and nextcloud), SUSE (autoyast2, file, git, gstreamer-plugins-base, libbsd, libvirt, libvpx, libxml2, mailman, and openexr), and Ubuntu (dovecot and json-c). --------------------------------------------- https://lwn.net/Articles/820814/ ∗∗∗ WebKitGTK 2.29.1 released! ∗∗∗ --------------------------------------------- This is the first development release leading toward 2.30 series.What’s new in the WebKitGTK 2.29.1 release? Stop using GTK theming to render form controls. Add API to disable GTK theming for scrollbars too. Fix several race conditions and threading issues in the media player. Add USER_AGENT_BRANDING build option. Add paste as plain text option to the context menu for rich editable content. Fix several crashes and rendering issues. --------------------------------------------- https://webkitgtk.org/2020/05/18/webkitgtk2.29.1-released.html ∗∗∗ Cisco Firepower Detection Engine Secure Sockets Layer Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Bulletin: Vulnerabiliity in IBM Java shipped with IBM Transformation Extender Advanced (CVE-2018-12547) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabiliity-in-ibm-jav… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java shipped with IBM Transformation Extender Advanced (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple IBM Runtime Environments Java Technology Edition vulnerabilities affect IBM Transformation Extender ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-runtime-envi… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-1938) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-open-source-apache-tomcat… ∗∗∗ Security Bulletin: Vulnerability CVE-2020-4345 in SQL affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2020-43… ∗∗∗ Security Bulletin: Security vulnerability in WAS Liberty used by IBM Transformation Extender Advanced (CVE-2017-1681) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java shipped with IBM Transformation Extender Advanced ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: vulnerabilities in in IBM® Runtime Environment Java™ Version 8 affect IBM WIoTP MessageGateway (CVE-2020-2805, CVE-2020-2803, CVE-2020-2781, CVE-2020-2755, CVE-2020-2754) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-in-ibm… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect B2B API of IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Linux kernel vulnerability CVE-2019-20636 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K45501314 ∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0472 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.05.2020
by Daily end-of-shift report 15 May '20

15 May '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 14-05-2020 18:00 − Freitag 15-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ ProLock Ransomware teams up with QakBot trojan for network access ∗∗∗ --------------------------------------------- ProLock is a relatively new malware on the ransomware scene but has quickly attracted attention by targeting businesses and local governments and demanding huge ransoms for file decryption. --------------------------------------------- https://www.bleepingcomputer.com/news/security/prolock-ransomware-teams-up-… ∗∗∗ RATicate drops info stealing malware and RATs on industrial targets ∗∗∗ --------------------------------------------- Security researchers from Sophos have identified a hacking group that abused NSIS installers to deploy remote access tools (RATs) and information-stealing malware in attacks targeting industrial companies. --------------------------------------------- https://www.bleepingcomputer.com/news/security/raticate-drops-info-stealing… ∗∗∗ Angriffe auf Hochleistungsrechner: Waren es Krypto-Miner? ∗∗∗ --------------------------------------------- Zahlreiche Hochleistungsrechenzentren sind nach Angriffen vom Netz. Hinweise deuten auf Krypto-Mining, doch für den Chef des LRZ greift das zu kurz. --------------------------------------------- https://heise.de/-4722488 ∗∗∗ The Unattributable "db8151dd" Data Breach ∗∗∗ --------------------------------------------- I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer. Its about a data breach with almost 90GB of personal information in it across tens of millions of records - including mine. Heres what I know: [...] --------------------------------------------- https://www.troyhunt.com/the-unattributable-db8151dd-data-breach/ ∗∗∗ Erpressungsmails mit echtem Passwort im Umlauf ∗∗∗ --------------------------------------------- In letzter Zeit häufen sich Beschwerden von Internet-NutzerInnen zu Erpressungsmails. Die Erpresser geben dabei an, ein Masturbationsvideo von den Betroffenen zu besitzen und fordern dazu auf einen bestimmten Betrag in Form von Bitcoins zu bezahlen. Die AdressatInnen sind von dieser Masche besonders verunsichert, da die Hacker ein echtes Passwort als scheinbaren Beweis kennen. Doch es besteht kein Grund zur Sorge. Die Erpresser haben weder ihren Computer gehackt, noch belastendes Material [...] --------------------------------------------- https://www.watchlist-internet.at/news/erpressungsmails-mit-echtem-passwort… ∗∗∗ Mirai and Hoaxcalls Botnets Target Legacy Symantec Web Gateways ∗∗∗ --------------------------------------------- New Hoaxcalls and Mirai botnet campaigns found targeting end-of-life Symantec Secure Web Gateways via Remote Code Execution vulnerability.The post Mirai and Hoaxcalls Botnets Target Legacy Symantec Web Gateways appeared first on Unit42. --------------------------------------------- https://unit42.paloaltonetworks.com/hoaxcalls-mirai-target-legacy-symantec-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apt, inetutils, and log4net), Fedora (kernel, mailman, and viewvc), Gentoo (chromium, freerdp, libmicrodns, live, openslp, python, vlc, and xen), Oracle (.NET Core, container-tools:1.0, and kernel), Red Hat (kernel-rt), Scientific Linux (kernel), SUSE (kernel, libvirt, python-PyYAML, and syslog-ng), and Ubuntu (json-c). --------------------------------------------- https://lwn.net/Articles/820634/ ∗∗∗ Vulnerabilities in SoftPAC Virtual Controller Expose OT Networks to Attacks ∗∗∗ --------------------------------------------- Vulnerabilities discovered by a researcher at industrial cybersecurity firm Claroty in Opto 22’s SoftPAC virtual programmable automation controller (PAC) expose operational technology (OT) networks to attacks. --------------------------------------------- https://www.securityweek.com/vulnerabilities-softpac-virtual-controller-exp… ∗∗∗ Cisco Firepower Threat Defense Software Generic Routing Encapsulation Tunnel IPv6 Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Threat Defense Software VPN System Logging Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco MDS 9000 Series Switches Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Bulletin: Vulnerability in embedded IBM Websphere Application Server Liberty affects IBM Watson Compare and Comply for IBM Cloud Pak for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-embedded… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server April 2020 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities have been identified in OpenSSL, a product which ships with IBM Tivoli Nework Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting that affects Liberty for Java for IBM Cloud (CVE-2020-4303, CVE-2020-4304) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ PostgreSQL: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0471 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.05.2020
by Daily end-of-shift report 14 May '20

14 May '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 13-05-2020 18:00 − Donnerstag 14-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ COMpfun authors spoof visa application with HTTP status-based Trojan ∗∗∗ --------------------------------------------- In autumn 2019 we published a story about how a COMpfun successor known as Reductor infected files on the fly to compromise TLS traffic. Later in November 2019 we revealed a new Trojan using the same code base as COMPFun. --------------------------------------------- https://securelist.com/compfun-http-status-based-trojan/96874/ ∗∗∗ Patch Tuesday Revisited - CVE-2020-1048 isnt as "Medium" as MS Would Have You Believe, (Thu, May 14th) ∗∗∗ --------------------------------------------- Looking at our patch Tuesday list, I looked a bit closer at CE-2020-1048 (Print Spooler Privilege Escalation) and Microsoft&#;x26;#;39;s ratings for that one. Microsoft rated this as: --------------------------------------------- https://isc.sans.edu/diary/rss/26124 ∗∗∗ Danger zone! Brit research supercomputer ARCHERs login nodes exploited in cyber-attack, admins reset passwords and SSH keys ∗∗∗ --------------------------------------------- Assault on TOP500-listed machine may have hit Euro HPC too, warn sysops Updated One of Britains most powerful academic supercomputers has fallen victim to a "security exploitation" of its login nodes, forcing the rewriting of all user passwords and SSH keys.… --------------------------------------------- https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/13/uk_arche… ∗∗∗ Vulnerability in Google WordPress Plugin Grants Attacker Search Console Access ∗∗∗ --------------------------------------------- On April 21st, our Threat Intelligence team discovered a vulnerability in Site Kit by Google, a WordPress plugin installed on over 300,000 sites. This flaw allows any authenticated user, regardless of capability, to become a Google Search Console owner for any site running the Site Kit by Google plugin. We filed a security issue report ...Read MoreThe post Vulnerability in Google WordPress Plugin Grants Attacker Search Console Access appeared first on Wordfence. --------------------------------------------- https://www.wordfence.com/blog/2020/05/vulnerability-in-google-wordpress-pl… ===================== = Vulnerabilities = ===================== ∗∗∗ reCAPTCHA v3 - Critical - Access bypass - SA-CONTRIB-2020-019 ∗∗∗ --------------------------------------------- Project: reCAPTCHA v3Date: 2020-May-13Security risk: Critical 18∕25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypassDescription: The reCaptcha v3 module enables you to protect your forms using the Google reCaptcha V3.If the reCaptcha v3 challenge succeeds, all the other form validations are bypassed. This makes it possible for attackers to submit invalid or incomplete forms.This vulnerability only affects forms that are protected by reCaptcha v3 and have --------------------------------------------- https://www.drupal.org/sa-contrib-2020-019 ∗∗∗ Webform - Critical - Access bypass - SA-CONTRIB-2020-018 ∗∗∗ --------------------------------------------- Project: WebformDate: 2020-May-13Security risk: Critical 15∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: This webform module enables you to build a Term checkboxes element.The module doesnt sufficiently check term view access when rendering Term checkboxes elements. Unpublished terms will always appear in the Term checkboxes element.Solution: Install the latest version:If you use the Webform module for Drupal 8.x, upgrade to Webform --------------------------------------------- https://www.drupal.org/sa-contrib-2020-018 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apt and libreswan), Fedora (glpi, grafana, java-latest-openjdk, mailman, and oddjob), Oracle (container-tools:2.0, container-tools:ol8, kernel, libreswan, squid:4, and thunderbird), SUSE (apache2, grafana, and python-paramiko), and Ubuntu (apt and libexif). --------------------------------------------- https://lwn.net/Articles/820520/ ∗∗∗ Security Bulletin: Multiple vulnerabilities have been Identified In WebSphere Liberty Server shipped with IBM Global Mailbox ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in IBM MQ Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Multiple security vulnerabilities have been Identified In Jackson Databind library shipped with IBM Global Mailbox ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Information Disclosure Security Vulnerability Afftects IBM Stering B2B Integrator GPM Web App (CVE-2020-4299) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-se… ∗∗∗ Security Bulletin: Jackson-databind Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-20330) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-security… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jetty Affect IBM Sterling B2B Integrator (CVE-2018-12545, CVE-2019-10241) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Multiple memory corruption vulnerabilities in IBM i2 Analyst's Notebook and IBM i2 Analyst's Notebook Premium ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-memory-corruptio… ∗∗∗ Security Bulletin: Permission security vulnerability exists in IBM Sterling File Gateway (CVE-2020-4259) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-permission-security-vulne… ∗∗∗ Security Bulletin: IBM API Connect is impacted by vulnerabilities in PHP (CVE-2020-7069, CVE-2020-7059) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impact… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.05.2020
by Daily end-of-shift report 13 May '20

13 May '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 12-05-2020 18:00 − Mittwoch 13-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ US govt shares list of most exploited vulnerabilities since 2016 ∗∗∗ --------------------------------------------- US Government cybersecurity agencies and specialists today have released a list of the top 10 routinely exploited security vulnerabilities between 2016 and 2019. --------------------------------------------- https://www.bleepingcomputer.com/news/security/us-govt-shares-list-of-most-… ∗∗∗ Ramsay Malware Targets Air-Gapped Networks ∗∗∗ --------------------------------------------- The cyber-espionage toolkit is under active development. --------------------------------------------- https://threatpost.com/ramsay-malware-air-gapped-networks/155695/ ∗∗∗ Angreifer könnten Symantec Endpoint Protection als Sprungbrett nutzen ∗∗∗ --------------------------------------------- Symantecs Entwickler haben mehrere Sicherheitslücken in Endpoint Protection und Endpoint Protection Manager geschlossen. --------------------------------------------- https://heise.de/-4720697 ∗∗∗ Tinder-Bots betrügen mit scheinbarer Verifizierung ∗∗∗ --------------------------------------------- Internet-BetrügerInnen treiben auch auf Dating-Plattform ihr Unwesen und versuchen den Menschen durch Flirten Geld aus der Tasche zu ziehen. Bei einer dieser Betrugsmaschen geben Fake-Profile auf Tinder vor, dass sie sich sicherer fühlen würden, wenn sich das Tinder-Match verifizieren lässt. Das Opfer dieser Masche erhält einen Link dafür. Doch tatsächlich geht es dabei nicht darum, Vertrauen und Sicherheit vor einem Date herzustellen, [...] --------------------------------------------- https://www.watchlist-internet.at/news/tinder-bots-betruegen-mit-scheinbare… ===================== = Vulnerabilities = ===================== ∗∗∗ Unmittelbar Patchen: Kritische Schwachstelle in SAP® ABAP Systemen (CVE-2020-6262) ∗∗∗ --------------------------------------------- Das SEC Consult Vulnerability Lab hat eine kritische Code-Injection-Schwachstelle (CVE-2020-6262), mit einem CVSSv3 Score von 9.9, in SAP® Service Data Download (ein Teil des SAP® Solution Manager Plugin ST-PI), identifiziert. --------------------------------------------- https://www.sec-consult.com/./blog/2020/05/unmittelbar-patchen-kritische-sc… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (java-1.8.0-openjdk and seamonkey), Gentoo (firefox, lrzip, qemu, squid, and thunderbird), Oracle (thunderbird), Red Hat (buildah, kernel, kernel-alt, kernel-rt, kpatch-patch, podman, python-pip, python-virtualenv, and qemu-kvm), Scientific Linux (kernel), Slackware (mariadb), SUSE (openconnect), and Ubuntu (file, firefox, iproute2, pulseaudio, and squid, squid3). --------------------------------------------- https://lwn.net/Articles/820409/ ∗∗∗ Mai-Patchday: Microsoft schließt 111 Sicherheitslücken ∗∗∗ --------------------------------------------- Es ist der drittgrößte Patchday in der Geschichte des Unternehmens. Anfällig sind unter anderem Windows, SharePoint, Edge und Internet Explorer. Eine Lücke in Windows erlaubt sogar eine Remotecodeausführung mit erweiterten Benutzerrechten. --------------------------------------------- https://www.zdnet.de/88379702/mai-patchday-microsoft-schliesst-111-sicherhe… ∗∗∗ Security Advisory - Out of Bounds Read Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200513-… ∗∗∗ Security Advisory - Integer Overflow Vulnerability in Android affects Several Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200513-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200513-… ∗∗∗ Security Bulletin: [All] Apache Tomcat (core only) (Publicly disclosed vulnerability) CVE-2020-1935, CVE-2019-17569 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-all-apache-tomcat-core-on… ∗∗∗ Security Bulletin: Security Vulnerabilities in IBM® Java SDK Oct 2019 and Jan 2020 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in IBM WebSphere Application Server Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-cast-iron-s… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Information Disclosure Security Vulnerability Exists in IBM Sterling B2B Integrator (CVE-2020-4312) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-se… ∗∗∗ FreeBSD: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0453 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily