Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - 12.05.2020
by Daily end-of-shift report 12 May '20

12 May '20

===================== = End-of-Day report = ===================== Timeframe: Montag 11-05-2020 18:00 − Dienstag 12-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Astaroth’s New Evasion Tactics Make It ‘Painful to Analyze’ ∗∗∗ --------------------------------------------- The infostealer has gone above and beyond in its new anti-analysis and obfuscation tactics. --------------------------------------------- https://threatpost.com/astaroths-evasion-tactics-painful-analyze/155633/ ∗∗∗ Anubis Malware Upgrade Logs When Victims Look at Their Screens ∗∗∗ --------------------------------------------- Threat actors are cooking up new features for the sophisticated banking trojan that targets Google Android apps and devices. --------------------------------------------- https://threatpost.com/anubis-malware-upgrade-victims-screens/155644/ ∗∗∗ Analyzing Dark Crystal RAT, a C# backdoor ∗∗∗ --------------------------------------------- [...] The FLARE Team helps augment our threat intelligence by reverse engineering malware samples. Recently, FLARE worked on a new C# variant of Dark Crystal RAT (DCRat) that the threat intel team passed to us. We reviewed open source intelligence and prior work, performed sandbox testing, and reverse engineered the Dark Crystal RAT to review its capabilities [...] --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/05/analyzing-dark-crystal-… ∗∗∗ Profilbesuche auf Facebook erkennen – Geht das? ∗∗∗ --------------------------------------------- Auf Facebook kursiert momentan ein Link, der es angeblich ermöglicht, Profilzugriffe anzuzeigen. Das macht natürlich neugierig. Doch Vorsicht: Sie landen auf einer Phishing-Seite! Kriminelle greifen Ihre Facebook-Login-Daten ab und posten betrügerische Beiträge in Ihrem Namen. Und: Facebook bietet kein Tool an, dass Ihnen anzeigt, wer auf Ihrem Profil war. --------------------------------------------- https://www.watchlist-internet.at/news/profilbesuche-auf-facebook-erkennen-… ∗∗∗ Rückblick auf das erste Drittel 2020 ∗∗∗ --------------------------------------------- Jänner: BMEIA, Shitrix, BlueGate – ein besinnlicher Jahresbeginn Februar: Die (fast) letzten Augenblicke von TLS März und April: COVID-19 oder "Im Cyber nix neues" --------------------------------------------- https://cert.at/de/blog/2020/5/ruckblick-auf-das-erste-drittel-2020 ===================== = Vulnerabilities = ===================== ∗∗∗ Adobe fixes critical vulnerabilities in Acrobat, Reader, and DNG SDK ∗∗∗ --------------------------------------------- Adobe has released security updates for Adobe Acrobat, Reader, and Adobe DNG Software Development Kit that resolve a combined total of thirty-six security vulnerabilities in the three products. --------------------------------------------- https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-vulnera… ∗∗∗ Siemens SSA-352504: Urgent/11 TCP/IP Stack Vulnerabilities in Siemens Power Meters ∗∗∗ --------------------------------------------- Siemens low & high voltage power meters are affected by multiple security vulnerabilities due to the underlying Wind River VxWorks network stack. This stack is affected by eleven vulnerabilities known as the "URGENT/11". --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-352504.txt ∗∗∗ TYPO3 Core version 10.4.2 fixes multiple vulnerabilities ∗∗∗ --------------------------------------------- TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface --------------------------------------------- https://typo3.org/help/security-advisories/typo3-cms ∗∗∗ TYPO3 - vulnerabilities in multiple extensions - 2020-05-12 ∗∗∗ --------------------------------------------- TYPO3-EXT-SA-2020-004: SQL Injection in extension "phpMyAdmin" (phpmyadmin) TYPO3-EXT-SA-2020-005: Multiple vulnerabilities in extension "Direct Mail" (direct_mail) TYPO3-EXT-SA-2020-006: Broken Access Control in extension "gForum" (g_forum) TYPO3-EXT-SA-2020-007: Sensitive Data Exposure in extension "Job Fair" (jobfair) TYPO3-EXT-SA-2020-008: Cross-Site Scripting in "SVG Sanitizer" (svg_sanitizer) --------------------------------------------- https://typo3.org/help/security-advisories/typo3-extensions ∗∗∗ Sicherheitspatches: Online-Foren über vBulletin-Lücke attackierbar ∗∗∗ --------------------------------------------- Es sind mehrere abgesicherte Version der Foren-Software vBulletin erschienen. --------------------------------------------- https://heise.de/-4719217 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (a2ps and qutebrowser), openSUSE (cacti, cacti-spine, ghostscript, and python-markdown2), Oracle (kernel), Red Hat (chromium-browser, libreswan, and qemu-kvm-ma), Scientific Linux (thunderbird), and SUSE (kernel and libvirt). --------------------------------------------- https://lwn.net/Articles/820307/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/2020/05/ ∗∗∗ Bitdefender Antivirus: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0441 ∗∗∗ Exim: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0444 ∗∗∗ Symantec Endpoint Protection: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0443 ∗∗∗ SAP Patchday Mai 2020 ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0442 ∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0449 ∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Manipulation von Dateien ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0448 ∗∗∗ F5 BIG-IP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0445 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.05.2020
by Daily end-of-shift report 11 May '20

11 May '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 08-05-2020 18:00 − Montag 11-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sodinokibi ransomware can now encrypt open and locked files ∗∗∗ --------------------------------------------- The Sodinokibi (REvil) ransomware has added a new feature that makes it easier to encrypt all files, even those that are opened and locked by another process. --------------------------------------------- https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-can-no… ∗∗∗ Thunderspy: Nicht patchbare Sicherheitslücken in Thunderbolt ∗∗∗ --------------------------------------------- Mit einem Schraubendreher und einem SPI-Programmer lassen sich zentrale Sicherheitsfunktionen von Thunderbolt deaktivieren. --------------------------------------------- https://www.golem.de/news/thunderspy-nicht-patchbare-sicherheitsluecken-in-… ∗∗∗ Sphinx Malware Returns to Riddle U.S. Targets ∗∗∗ --------------------------------------------- The banking trojan has upgraded and is seeing a resurgence on the back of coronavirus stimulus payment themes. --------------------------------------------- https://threatpost.com/sphinx-riddle-us-targets-modifications/155621/ ∗∗∗ Lieferzeiten & Zahlung beim Online-Shopping: Das sind Ihre Rechte ∗∗∗ --------------------------------------------- Der Watchlist Internet werden in letzter Zeit vermehrt Online-Shops gemeldet, die zwar nicht unbedingt Fake-Shops sind, sich jedoch durch verzögerte Lieferzeiten nicht an geltende Gesetze halten. Aber welche Rechte haben Sie als Konsumentin oder Konsument eigentlich? Was können Sie machen, wenn sich ein Online-Shop nicht an die vereinbarte Lieferzeit hält? Wann müssen Sie Bestellungen bezahlen? Wie können Sie Ihre Rechte geltend machen? --------------------------------------------- https://www.watchlist-internet.at/news/lieferzeiten-zahlung-beim-online-sho… ∗∗∗ Intel und Microsoft entwickeln Deep-Learning-Technik zur Malware-Analyse ∗∗∗ --------------------------------------------- Das Stamina genannte Projekt wandelt Dateien in Graustufen-Bilder um. Microsoft analysiert die Bilder auf Textur- und Struktur-Muster. Bei Tests erreicht das System eine Genauigkeit von mehr als 99 Prozent. --------------------------------------------- https://www.zdnet.de/88379578/intel-und-microsoft-entwickeln-deep-learning-… ===================== = Vulnerabilities = ===================== ∗∗∗ Vulnerabilities Patched in Page Builder by SiteOrigin Affects Over 1 Million Sites ∗∗∗ --------------------------------------------- On Monday, May 4, 2020, the Wordfence Threat Intelligence team discovered two vulnerabilities present in Page Builder by SiteOrigin, a WordPress plugin actively installed on over 1,000,000 sites. Both of these flaws allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser. --------------------------------------------- https://www.wordfence.com/blog/2020/05/vulnerabilities-patched-in-page-buil… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium and firefox), Debian (libntlm, squid, thunderbird, and wordpress), Fedora (chromium, community-mysql, crawl, roundcubemail, and xen), Mageia (chromium-browser-stable), openSUSE (chromium, firefox, LibVNCServer, openldap2, opera, ovmf, php7, python-PyYAML, rpmlint, rubygem-actionview-5_1, slirp4netns, sqliteodbc, squid, thunderbird, and webkit2gtk3), Oracle (firefox, git, gnutls, kernel, libvirt, squid, and targetcli), Red Hat [...] --------------------------------------------- https://lwn.net/Articles/820196/ ∗∗∗ VMware to Patch Recent Salt Vulnerabilities in vROps ∗∗∗ --------------------------------------------- VMware is working on patches for its vRealize Operations Manager (vROps) product to fix two recently disclosed Salt vulnerabilities that have already been exploited to hack organizations. read more --------------------------------------------- https://www.securityweek.com/vmware-patch-recent-salt-vulnerabilities-vrops ∗∗∗ Data leak, phishing security flaws disclosed in Oracle iPlanet Web Server ∗∗∗ --------------------------------------------- Security patches will not be issued to fix the problems. --------------------------------------------- https://www.zdnet.com/article/data-leak-phishing-security-flaws-exposed-in-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200506-… ∗∗∗ Security Bulletin: CVE-2019-4667 Lack of Built in HSTS option ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4667-lack-of-bui… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: A Security Vulnerability in IBM Java Runtime affects IBM Cloud Private (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Private – Node.js (CVE-2019-15605, CVE-2019-15606) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-cast-iron-s… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-17495) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cloud Private ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.05.2020
by Daily end-of-shift report 08 May '20

08 May '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 07-05-2020 18:00 − Freitag 08-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Blue Mockingbird Monero-Mining Campaign Exploits Web Apps ∗∗∗ --------------------------------------------- The cybercriminals are using a deserialization vulnerability, CVE-2019-18935, to achieve remote code execution before moving laterally through the enterprise. --------------------------------------------- https://threatpost.com/blue-mockingbird-monero-mining/155581/ ∗∗∗ Navigating the MAZE: Tactics, Techniques and Procedures Associated WithMAZE Ransomware Incidents ∗∗∗ --------------------------------------------- Targeted ransomware incidents have brought a threat of disruptive and destructive attacks to organizations across industries and geographies. FireEye Mandiant Threat Intelligence has previously documented this threat in our investigations of trends across ransomware incidents, FIN6 activity, implications for OT networks, and other aspects of post-compromise ransomware deployment. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-proc… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, salt, and webkit2gtk), Fedora (firefox, mingw-gnutls, nss, and teeworlds), Mageia (firefox, libvncserver, matio, qt4, roundcubemail, samba, thunderbird, and vlc), Oracle (firefox and squid), SUSE (firefox, ghostscript, openldap2, rmt-server, syslog-ng, and webkit2gtk3), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/819969/ ∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0436 ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerabilities exist in IBM Data Risk Manager (CVE-2020-4427, CVE-2020-4428, CVE-2020-4429, and CVE-2020-4430) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-exist-in-… ∗∗∗ Security Bulletin: Security vulnerabilities in Dojo and jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple security vulnerabilities in Swagger UI affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.05.2020
by Daily end-of-shift report 07 May '20

07 May '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 06-05-2020 18:00 − Donnerstag 07-05-2020 18:00 Handler: n/a Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Gefährliche Schadsoftware-Mail im Namen von A1 ∗∗∗ --------------------------------------------- Nehmen Sie sich vor einer gefälschten A1-Mail mit dem Betreff *Wichtige Mitteilung* in Acht. Es handelt sich um eine Nachricht, die von Kriminellen verschickt wird, die Schadsoftware auf Ihrem Smartphone installieren wollen. Wenn Sie den Aufforderungen nachkommen, können die VerbrecherInnen sensible Daten von Ihrem Mobiltelefon stehlen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaehrliche-schadsoftware-mail-im-n… ∗∗∗ Large scale Snake Ransomware campaign targets healthcare, more ∗∗∗ --------------------------------------------- The operators of the Snake Ransomware have launched a worldwide campaign of cyberattacks that have infected numerous businesses and at least one health care organization over the last few days. --------------------------------------------- https://www.bleepingcomputer.com/news/security/large-scale-snake-ransomware… ∗∗∗ Cisco Webex phishing uses fake cert errors to steal credentials ∗∗∗ --------------------------------------------- A highly convincing series of phishing attacks are using fake certificate error warnings with graphics and formatting lifted from Cisco Webex emails to steal users account credentials. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisco-webex-phishing-uses-fa… ∗∗∗ Keep your IR on the Ball ∗∗∗ --------------------------------------------- Even with the myriad of security tools we have at our disposal today, cybercriminals are still able to penetrate our networks. Is it really necessary to have a Cyber Incident Response Plan in place? --------------------------------------------- https://www.domaintools.com/resources/blog/keep-your-ir-on-the-ball ∗∗∗ How a favicon delivered a web credit card skimmer to victims ∗∗∗ --------------------------------------------- Cyber crooks deploying web credit card skimmers on compromised Magento websites have a new trick up their sleeve: favicons that “turn” malicious when victims visit a checkout page. --------------------------------------------- https://www.helpnetsecurity.com/2020/05/07/favicons-card-skimmers/ ∗∗∗ Combined Attack on Elementor Pro and Ultimate Addons for Elementor Puts 1 Million Sites at Risk ∗∗∗ --------------------------------------------- On May 6, 2020, our Threat Intelligence team received reports of active exploitation of vulnerabilities in two related plugins, Elementor Pro and Ultimate Addons for Elementor. We have reviewed the log files of compromised sites to confirm this activity. As this is an active attack, we wanted to alert you so that you can take [...] --------------------------------------------- https://www.wordfence.com/blog/2020/05/combined-attack-on-elementor-pro-and… ===================== = Vulnerabilities = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB20-24) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB20-24) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, May 12, 2020. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well as the Adobe PSIRT Blog. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1869 ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- Cisco has released 34 Security Advisories for multiple products on 2020-05-06. 12 rated "High" 22 rated "Medium" --------------------------------------------- https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&first… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, keystone, mailman, and tomcat9), Fedora (ceph, firefox, java-1.8.0-openjdk, libldb, nss, samba, seamonkey, and suricata), Oracle (kernel), Scientific Linux (firefox and squid), SUSE (libvirt, php7, slirp4netns, and webkit2gtk3), and Ubuntu (linux-firmware and openldap). --------------------------------------------- https://lwn.net/Articles/819761/ ∗∗∗ For six years Samsung smartphone users have been at risk from critical security bug. Patch now ∗∗∗ --------------------------------------------- Samsung has released a security update for its popular Android smartphones which includes a critical fix for a vulnerability that affects all devices sold by the manufacturer since 2014. --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/six-yea… ∗∗∗ Joomla: Schwachstelle ermöglicht SQL-Injection ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0425 ∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0424 ∗∗∗ [webapps] Draytek VigorAP 1000C - Persistent Cross-Site Scripting ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/48436 ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics Subscription ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Node.js affects IBM App Connect Enterprise V11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability CVE-2020-8492 in Python affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2020-84… ∗∗∗ Security Bulletin: Vulnerability CVE-2019-18348 in Python affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2019-18… ∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-2949-may-affect-… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics Subscription ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssh-… ∗∗∗ Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2019-1551 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-for-hp-nonst… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.05.2020
by Daily end-of-shift report 06 May '20

06 May '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 05-05-2020 18:00 − Mittwoch 06-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Vorsicht: Betrügerische FinanzOnline E-Mails im Umlauf ∗∗∗ --------------------------------------------- „Ihre Steuerrückerstattung von 1.850 EUR wurde zurückerstattet“ heißt es in einer E-Mail, angeblich vom Finanzamt. Doch Vorsicht: Dieses E-Mail stammt nicht vom Finanzamt, sondern von Kriminellen. Klicken Sie keinesfalls auf den Link, Sie landen auf einer gefälschten FinanzOnline-Seite. Kriminelle stehlen mit dieser nachgebauten FinanzOnline-Website sensible Daten! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-betruegerische-finanzonline… ∗∗∗ Least Privilege: The Most Effective Approach to Endpoint Security ∗∗∗ --------------------------------------------- I always try to remind people that the principle of least privilege is not just about security, but about productivity as well. I have multiple customers who have decreased the number of tickets to their service desk by a whopping 75% by getting rid of end-user admin rights. --------------------------------------------- https://www.beyondtrust.com/blog/entry/least-privilege-the-most-effective-a… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libmicrodns and salt), Debian (graphicsmagick, salt, sqlite3, and wordpress), Fedora (java-11-openjdk), openSUSE (chromium and sqliteodbc), Red Hat (firefox, squid, and squid:4), Slackware (firefox and thunderbird), SUSE (ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, [...] --------------------------------------------- https://lwn.net/Articles/819600/ ∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Private – Go (CVE-2019-16276) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM Maximo Anywhere does not have device jailbreak detection. (CVE-2019-4266) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-anywhere-does-… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect for Enterprise Resource Planning on Windows (CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Information disclosure vulnerability affecting IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4446 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: Potential spoofing attack in Webshere Application Server (CVE-2020-4421) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-spoofing-attack… ∗∗∗ Security Bulletin: IBM InfoSphere QualityStage is affected by a Cross-site scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-qualitysta… ∗∗∗ HPESBHF03966 rev.1 - HPE Servers with certain Intel Core and Xeon Processors System Memory Management (SMM), Local Disclosure of Privileged Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03934 rev.1 - HPE CloudLIne servers using AMI BMC Remote Unauthorized Disclosure of Information, Unauthorized Modification and Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03961 rev.1 - Certain HPE Servers with 6th Generation Intel Core Processors and greater supporting SGX and TXT, Local Disclosure of Privileged Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.05.2020
by Daily end-of-shift report 05 May '20

05 May '20

===================== = End-of-Day report = ===================== Timeframe: Montag 04-05-2020 18:00 − Dienstag 05-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Weitere Zero-Day-Schwachstelle in iOS: Apps können aus Sandbox ausbrechen ∗∗∗ --------------------------------------------- Mit manipulierten XML-Kommentaren ist es Apps auf iPhone und iPad offenbar möglich, sich ungehindert beliebige Berechtigungen einzuräumen. --------------------------------------------- https://heise.de/-4714373 ∗∗∗ Dell OS Recovery: Lücke in älteren Wiederherstellungs-Images für Windows 10 ∗∗∗ --------------------------------------------- Client-Systeme von Dell, auf denen Windows 10 mit einem älteren Recovery-Image wiederhergestellt wurde, benötigen ein Sicherheitsupdate. --------------------------------------------- https://heise.de/-4714810 ∗∗∗ New VCrypt Ransomware locks files in password-protected 7ZIPs ∗∗∗ --------------------------------------------- A new ransomware called VCrypt is targeting French victims by utilizing the legitimate 7zip command-line program to create password-protected archives of data folders. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-vcrypt-ransomware-locks-… ∗∗∗ LockBit ransomware self-spreads to quickly encrypt 225 systems ∗∗∗ --------------------------------------------- A feature of the LockBit ransomware allows threat actors to breach a corporate network and deploy their ransomware to encrypt hundreds of devices in just a few hours. --------------------------------------------- https://www.bleepingcomputer.com/news/security/lockbit-ransomware-self-spre… ∗∗∗ Airplane Hack Exposes Weaknesses of Alert and Avoidance Systems ∗∗∗ --------------------------------------------- Researchers warn commercial airplane systems can be spoofed impacting flight safety of nearby aircraft. --------------------------------------------- https://threatpost.com/airplane-hack-exposes-weaknesses-of-alert-and-avoida… ∗∗∗ New Kaiji Botnet Targets IoT, Linux Devices ∗∗∗ --------------------------------------------- The botnet uses SSH brute-force attacks to infect devices and uses a custom implant written in the Go Language. --------------------------------------------- https://threatpost.com/kaiji-botnet-iot-linux-devices/155463/ ∗∗∗ Nearly a Million WP Sites Targeted in Large-Scale Attacks ∗∗∗ --------------------------------------------- Our Threat Intelligence Team has been tracking a sudden uptick in attacks targeting Cross-Site Scripting(XSS) vulnerabilities that began on April 28, 2020 and increased over the next few days to approximately 30 times the normal volume we see in our attack data. The majority of these attacks appear to be caused by a single threat [...] --------------------------------------------- https://www.wordfence.com/blog/2020/05/nearly-a-million-wp-sites-targeted-i… ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: Google macht verschiedene Android-Versionen sicherer ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für Android. Zwei Lücken gelten als kritisch. --------------------------------------------- https://heise.de/-4714596 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ansible, ntp, and roundcube), Fedora (libldb and samba), Mageia (chromium-browser-stable, crawl, dolphin-emu, exiv2, fortune-mod, gnuchess, kernel, libsndfile, openexr, openldap, openvpn, qtbase5, ruby-json, squid, teeworlds, and webkit2), Red Hat (sqlite), and SUSE (icu, mailman, nginx, rmt-server, rpmlint, and rubygem-actionview-5_1). --------------------------------------------- https://lwn.net/Articles/819517/ ∗∗∗ Citrix ShareFile storage zones Controller multiple security updates ∗∗∗ --------------------------------------------- Security issues have been identified in customer-managed Citrix ShareFile storage zone controllers. These vulnerabilities, if exploited, would allow an unauthenticated attacker to compromise the storage zones controller potentially giving an attacker the ability to access ShareFile users’ documents and folders. --------------------------------------------- https://support.citrix.com/article/CTX269106 ∗∗∗ Security Bulletin: Java Vulnerability Impacts IBM Control Center (CVE-2019-4723) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerability-impact… ∗∗∗ Security Bulletin: Vulnerability in Ubuntu affects IBM Workload Scheduler 9.5 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ubuntu-a… ∗∗∗ Security Bulletin: Muluple vulnerabilities in Ubuntu affect IBM Workload Scheduler 9.5 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-muluple-vulnerabilities-i… ∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Automation Manager – Go (CVE-2019-17596) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Vulnerability in Ubuntu affects IBM Workload Scheduler 9.5 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ubuntu-a… ∗∗∗ Security Bulletin: Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-denial-of-servi… ∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Automation Manager – Node.js (CVE-2019-10747) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-denial-of-servi… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in Ubuntu affect IBM Workload Scheduler 9.5 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Digital Payments (CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.05.2020
by Daily end-of-shift report 04 May '20

04 May '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 30-04-2020 18:00 − Montag 04-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ New phishing campaign packs an info-stealer, ransomware punch ∗∗∗ --------------------------------------------- A new phishing campaign is distributing a double-punch of a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-phishing-campaign-packs-… ∗∗∗ Jetzt patchen! Angreifer attackieren Oracle WebLogic Server ∗∗∗ --------------------------------------------- Derzeit haben es Angreifer unter anderem auf eine kritische Sicherheitslücke in Oracle WebLogic Server abgesehen. --------------------------------------------- https://heise.de/-4713619 ∗∗∗ Power Supply Can Turn Into Speaker for Data Exfiltration Over Air Gap ∗∗∗ --------------------------------------------- A researcher has demonstrated that threat actors could exfiltrate data from an air-gapped device over an acoustic channel even if the targeted machine does not have any speakers, by abusing the power supply. --------------------------------------------- https://www.securityweek.com/power-supply-can-turn-speaker-data-exfiltratio… ∗∗∗ Vorsicht vor gefährlichen VPN-Diensten ∗∗∗ --------------------------------------------- VPN-Dienste sind momentan gefragt wie nie zuvor. „Virtuelle private Netzwerke“ erhalten besonders durch verstärktes Home-Office Zulauf. Sie ermöglichen beispielsweise sicheren Zugriff auf Firmennetzwerke von zu Hause aus. Doch Vorsicht: Die hohe Nachfrage wird von Kriminellen ausgenützt. Sie kopieren Websites echter VPN-Dienste und laden gefährliche Schadsoftware auf die Systeme ihrer Opfer! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-gefaehrlichen-vpn-diens… ∗∗∗ CursedChrome turns your browser into a hackers proxy ∗∗∗ --------------------------------------------- CursedChrome shows how hackers can take full control over your Chrome browser using just one extension. --------------------------------------------- https://www.zdnet.com/article/cursedchrome-turns-your-browser-into-a-hacker… ∗∗∗ Angriffe auf Salt, LineageOS, Ghost und Digicert ∗∗∗ --------------------------------------------- Hacker nutzen Schwachstellen aus, um Systeme zu attackieren. Im Blickpunkt stehen aktuell der SaltStack, das Handy-Betriebssystem LineageOS, die Bloggerplattform Ghost und der Zertifizierungsanbieter Digicert. --------------------------------------------- https://www.zdnet.de/88379335/angriffe-auf-salt-lineageos-ghost-und-digicer… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (git, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, python-twisted-web, and thunderbird), Debian (dom4j, miniupnpc, otrs2, pound, ruby2.1, vlc, w3m, and yodl), Fedora (git, java-latest-openjdk, mingw-libxml2, php-horde-horde, pxz, sqliteodbc, and xen), Gentoo (cacti, django, fontforge, and libu2f-host), openSUSE (cacti, cacti-spine, chromium, python-typed-ast, and salt), Red Hat (gnutls and kernel), SUSE (kernel), and Ubuntu (edk2). --------------------------------------------- https://lwn.net/Articles/819200/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mailman, openldap, pound, tomcat8, and trafficserver), Fedora (chromium, java-11-openjdk, kernel, openvpn, pxz, and rubygem-json), openSUSE (apache2, bouncycastle, chromium, git, python-typed-ast, resource-agents, ruby2.5, samba, squid, webkit2gtk3, and xen), Slackware (seamonkey), SUSE (LibVNCServer and permissions), and Ubuntu (mysql-5.7, mysql-8.0). --------------------------------------------- https://lwn.net/Articles/819394/ ∗∗∗ TP-Link Patches Multiple Vulnerabilities in NC Cloud Cameras ∗∗∗ --------------------------------------------- TP-Link has released firmware updates to address several vulnerabilities in its NC series cloud cameras, including bugs that could lead to the remote execution of arbitrary commands. --------------------------------------------- https://www.securityweek.com/tp-link-patches-multiple-vulnerabilities-nc-cl… ∗∗∗ Synology-SA-20:11 SRM ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to conduct denial-of-service attacks via a susceptible version of SRM. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_11 ∗∗∗ Synology-SA-20:10 WordPress ∗∗∗ --------------------------------------------- Multiple vulnerabilities allow remote attackers to inject arbitrary web script or HTML via a susceptible version of WordPress. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_10 ∗∗∗ Security Bulletin: Vulnerability in Xerces-C (CVE-2018-1311) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-xerces-c… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: OpenSSL disclosed vulnerability affects MessageGatweay (CVE-2020-1967) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-disclosed-vulnera… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect for Enterprise Resource Planning on Windows (CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Windows DLL injection vulnerability in IBM Java Runtime affects Collaboration and Deployment Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-windows-dll-injection-vul… ∗∗∗ Security Bulletin: IBM MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2019-1551 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-ser… ∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-we… ∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0409 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.04.2020
by Daily end-of-shift report 30 Apr '20

30 Apr '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 29-04-2020 18:00 − Donnerstag 30-04-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Microsoft Sway abused in PerSwaysion spear-phishing operation ∗∗∗ --------------------------------------------- Multiple threat actors running phishing attacks on corporate targets have been counting on Microsoft Sway service to trick victims into giving their Office 365 login credentials. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-sway-abused-in-per… ∗∗∗ „Sarah“ verschickt gefälschte HOFER-Umfrage ∗∗∗ --------------------------------------------- Unter dem Namen „Sarah“ verschicken Kriminelle derzeit willkürlich SMS mit einem Link, der zu einem gefälschten HOFER-Treueprogramm führt. Versprochen werden exklusive Preise, sofern an einer Umfrage zur Kundenzufriedenheit teilgenommen wird. Wir haben uns das vermeintliche Treueprogramm genauer angeschaut. Unser Fazit: Die versprochenen Preise erhalten Sie nicht. Stattdessen hoffen die BetrügerInnen, dass sie ein Abo abschließen. Dieses würde Sie [...] --------------------------------------------- https://www.watchlist-internet.at/news/sarah-verschickt-gefaelschte-hofer-u… ∗∗∗ Cybercriminals are using Google reCAPTCHA to hide their phishing attacks ∗∗∗ --------------------------------------------- Security researchers say that they are seeing cybercriminals deploying Google’s reCAPTCHA anti-bot tool in an effort to avoid early detection of their malicious campaigns. --------------------------------------------- https://hotforsecurity.bitdefender.com/blog/cybercriminal-are-using-google-… ∗∗∗ Cybereason warnt vor neuem mobilen Banking-Trojaner ∗∗∗ --------------------------------------------- EventBot ist erst seit März 2020 im Umlauf. Die Malware stiehlt Daten von Finanz-Apps und hebelt die 2-Faktor-Authentifizierung auf. Die Hintermänner sind so in der Lage, geschäftliche und private Finanztransaktionen zu kapern. --------------------------------------------- https://www.zdnet.de/88379272/cybereason-warnt-vor-neuem-mobilen-banking-tr… ===================== = Vulnerabilities = ===================== ∗∗∗ Salt peppered with holes? Automation tool vulnerable to auth bypass: Patch now ∗∗∗ --------------------------------------------- The Salt configuration tool has patched two vulnerabilities whose combined effect was to expose Salt installations to complete control by an attacker. A patch for the issues was released last night, but systems that are not set to auto-update may still be vulnerable. --------------------------------------------- https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/04/30/salt_aut… ∗∗∗ WordPress Releases Security Update ∗∗∗ --------------------------------------------- WordPress 5.4 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 5.4.1. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2020/04/30/wordpress-releases… ∗∗∗ macOS: Sandbox-Ausbruch per Editor ∗∗∗ --------------------------------------------- In TextEdit steckt ein Bug, mit dem böswillige Apps eigentlich verbotene Kommandos ausführen können. --------------------------------------------- https://heise.de/-4712045 ∗∗∗ High Severity Vulnerability Patched in Ninja Forms ∗∗∗ --------------------------------------------- On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress plugin with over 1 million installations. This vulnerability could allow an attacker to trick an administrator into importing a contact form containing malicious JavaScript and replace any existing contact form with the malicious version. --------------------------------------------- https://www.wordfence.com/blog/2020/04/high-severity-vulnerability-patched-… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, git, and webkit2gtk), Debian (nodejs and tiff), Fedora (libxml2, php-horde-horde, pxz, and sqliteodbc), Oracle (python-twisted-web), Red Hat (chromium-browser, git, and rh-git218-git), Scientific Linux (python-twisted-web), SUSE (ceph, kernel, munge, openldap2, salt, squid, and xen), and Ubuntu (mailman, python3.8, samba, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/819064/ ∗∗∗ Synology-SA-20:08 Cloud Station Backup ∗∗∗ --------------------------------------------- A vulnerability allows local users to execute arbitrary code via a susceptible version of Cloud Station Backup. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_08_Cloud… ∗∗∗ Synology-SA-20:07 Synology Calendar ∗∗∗ --------------------------------------------- Multiple vulnerabilities allow remote authenticated users to download arbitrary files or hijack the authentication of administrators via a susceptible version of Synology Calendar. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_07_Synol… ∗∗∗ Synology-SA-20:06 DSM ∗∗∗ --------------------------------------------- Multiple vulnerabilities allow remote authenticated users to conduct denial-of-service attacks or obtain user credentials via a susceptible version of DSM. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_06_DSM ∗∗∗ Citrix Hypervisor Security Update ∗∗∗ --------------------------------------------- An issue has been discovered in Citrix Hypervisor that, if exploited, could potentially allow an attacker on the management network to enumerate valid administrative account usernames. Note that this attack does not disclose the corresponding passwords [...] --------------------------------------------- https://support.citrix.com/article/CTX272237 ∗∗∗ Security Advisory - Invalid Pointer Access Vulnerability in Huawei OceanStor Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200429-… ∗∗∗ Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-1938) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-open-source-apache-tomcat… ∗∗∗ Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-2019-1551) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclose… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability found by vFinder in IBM eDiscovery Analyzer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ F5 BIG-IP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0402 ∗∗∗ The BIG-IP AFM ACL and IPI features may not function as designed ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K72423000 ∗∗∗ Intel QAT cryptography driver vulnerability CVE-2020-5882 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43815022 ∗∗∗ The BIG-IP ASM system may fail to mask a configured sensitive parameter in the Referer header value ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K33572148 ∗∗∗ BIG-IP APM logs may contain random data after the APM session ID ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43404365 ∗∗∗ BIG-IP SSL connection Alert Timeout security exposure ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K25165813 ∗∗∗ BIG-IP may not detect invalid Transfer-Encoding headers ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10701310 ∗∗∗ HPESBMU03997 rev.1 - HPE Smart Update Manager (SUM), Remote Unauthorized Access ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ OpenLDAP: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0405 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.04.2020
by Daily end-of-shift report 29 Apr '20

29 Apr '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 28-04-2020 18:00 − Mittwoch 29-04-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Would You Have Fallen for This Phone Scam? ∗∗∗ --------------------------------------------- You may have heard that todays phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. But you probably didnt know that your bank may be making it super easy for thieves to impersonate the bank, by giving away information about recent transactions on your account via automated, phone-based customer support systems. --------------------------------------------- https://krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-sc… ∗∗∗ Cloud Under Pressure: Keeping AWS Projects Secure ∗∗∗ --------------------------------------------- Amazon Web Services (AWS) allow organizations to take advantage of numerous services and capabilities. As the number of available options under the cloud infrastructure of the company grows, so too do the security risks and the possible weaknesses. --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/cloud/c… ∗∗∗ Google Researchers Find Multiple Vulnerabilities in Apples ImageIO Framework ∗∗∗ --------------------------------------------- Google Project Zero security researchers have discovered multiple vulnerabilities in ImageIO, the image parsing API used by Apple’s iOS and macOS operating systems. --------------------------------------------- https://www.securityweek.com/google-researchers-find-multiple-vulnerabiliti… ∗∗∗ Emotet C2 and RSA Key Update - 04/28/2020 23:59 ∗∗∗ --------------------------------------------- Emotet C2 and RSA Key - Update 04/28/2020 at 23:59 UTC News: Still no Emotet back this week for spamming but once again more shennanigans with Trickbot installs doing option 42 to drop Emotet E2 as shown by Fate112 in his post here: https://twitter.com/tosscoinwitcher/status/1255259004164542464 Watch for the falling C2 combos… seems like they are doing a lot of spring cleaning as counts plummet as of late. Key and current C2 list below for each Epoch [...] --------------------------------------------- https://paste.cryptolaemus.com/emotet/2020/04/28/emotet-c2-rsa-update-04-28… ∗∗∗ Check Point: Android-Ransomware verschlüsselt Dateien angeblich im Namen des FBI ∗∗∗ --------------------------------------------- Die Erpressersoftware fordert im Namen der US-Bundespolizei ein Lösegeld von 500 Dollar. Sie kann aber auch die vollständige Kontrolle über ein Smartphone übernehmen und weitere schädliche Apps installieren. Check Point vermutet die Hintermänner in Russland. --------------------------------------------- https://www.zdnet.de/88379222/check-point-android-ransomware-verschluesselt… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco IOS XE SD-WAN Software Command Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Updates Available for Magento | APSB20-22 ∗∗∗ --------------------------------------------- Magento has released updates for Magento Commerce and Open Source editions. These updates resolve vulnerabilities rated Critical, Important and Moderate (severity ratings). Successful exploitation could lead to arbitrary code execution. --------------------------------------------- https://helpx.adobe.com/security/products/magento/apsb20-22.html ∗∗∗ VMSA-2020-0008 ∗∗∗ --------------------------------------------- VMware ESXi patches address Stored Cross-Site Scripting (XSS) vulnerability (CVE-2020-3955) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0008.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel, openjdk-7, openjdk-8, and openldap), Fedora (openvpn), openSUSE (teeworlds and vlc), Red Hat (bind, binutils, bluez, container-tools:1.0, container-tools:2.0, container-tools:rhel8, cups, curl, dnsmasq, dpdk, e2fsprogs, edk2, evolution, exiv2, fontforge, freeradius:3.0, gcc, gdb, glibc, GNOME, grafana, GStreamer, libmad, and SDL, haproxy, ibus and glib2, irssi, kernel, kernel-rt, liblouis, libmspack, libreoffice, libsndfile, libtiff, libxml2, [...] --------------------------------------------- https://lwn.net/Articles/818950/ ∗∗∗ Advisory: Sophos XG Firewall: Asnarok Vulnerability - Actions required for SFM/CFM managed devices ∗∗∗ --------------------------------------------- This article outlines the remediation steps for XG Firewalls with severed connections to SFM and CFM central management product. --------------------------------------------- https://community.sophos.com/kb/en-US/135429 ∗∗∗ Advisory - Sophos XG Firewall v18: Upgrade from v17.5.x to v18 Build_354 will take longer than previous upgrades ∗∗∗ --------------------------------------------- https://community.sophos.com/kb/en-US/135437 ∗∗∗ April 28, 2020 TNS-2020-03 [R1] Nessus Agent 7.6.3 Fixes Multiple Third-party Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2020-03 ∗∗∗ Red Hat Security Advisories ∗∗∗ --------------------------------------------- https://access.redhat.com/errata/#/?q=&p=1&sort=portal_publication_date%20d… ∗∗∗ Security Bulletin: Vulnerability in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-webspher… ∗∗∗ Security Bulletin: Vulnerabilities exist in Watson Explorer (CVE-2019-4720, CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-exist-in-… ∗∗∗ Security Bulletin: Vulnerabilities in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-websph… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Jan 2020 CPU (CVE-2020-2583, CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A vulnerability in in IBM® Runtime Environment Java™ Version affects IBM WIoTP MessageGateway (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-in-ibm… ∗∗∗ Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2019-1551) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affects-wat… ∗∗∗ Security Bulletin: Sensitive Information Disclosed in Logs (CVE-2019-4286) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sensitive-information-dis… ∗∗∗ Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nss-nss-… ∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.04.2020
by Daily end-of-shift report 28 Apr '20

28 Apr '20

===================== = End-of-Day report = ===================== Timeframe: Montag 27-04-2020 18:00 − Dienstag 28-04-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Achtung Schadsoftware: Bundeskriminalamt warnt vor gefälschter Polizei-Mail ∗∗∗ --------------------------------------------- Zurzeit kursiert eine Mail mit dem Betreff "Letzte Einladung der Polizei". Darin werden die Empfänger aufgefordert, mit der Polizei Kontakt aufzunehmen und die Anhänge zu öffnen. Dabei handelt es sich mit hoher Wahrscheinlichkeit um Schadsoftware. --------------------------------------------- http://www.bmi.gv.at/news.aspx?id=414F7246445856707A58773D ∗∗∗ Agent Tesla delivered by the same phishing campaign for over a year, (Tue, Apr 28th) ∗∗∗ --------------------------------------------- While going over malicious e-mails caught by our company gateway in March, I noticed that several of those, that carried ACE file attachments, appeared to be from the same sender. That would not be that unusual, but and after going through the historical logs, I found that e-mails from the same address with similar attachments were blocked by the gateway as early as March 2019. --------------------------------------------- https://isc.sans.edu/diary/rss/26062 ∗∗∗ Cybercrime: Führungskräfte geduldig ausspionieren und dann ausnehmen ∗∗∗ --------------------------------------------- Über Man-in-the-Middle-Attacken greift die "Florentiner Bankengruppe" gezielt Entscheidungsträger an – ein erfolgreiches Spiel auf Zeit. --------------------------------------------- https://heise.de/-4710607 ∗∗∗ New Version of Infection Monkey Maps to MITRE ATT&CK Framework ∗∗∗ --------------------------------------------- Guardicores open source breach and attack simulation platform Infection Monkey now maps its attack results to the MITRE ATT&CK framework, allowing users to quickly discover internal vulnerabilities and rapidly fix them. --------------------------------------------- https://www.securityweek.com/new-version-infection-monkey-maps-mitre-attck-… ∗∗∗ Website-BetreiberInnen aufgepasst: Erpressungsmails im Umlauf ∗∗∗ --------------------------------------------- Zahlreiche Website-BetreiberInnen erhalten aktuell betrügerische Erpressungsmails. Kriminelle behaupten auf Englisch, sie hätten Ihre Website gehackt und nun Zugriff auf sämtliche Datensätze. Diese drohen sie zu veröffentlichen und Ihre KundInnen über das angebliche Datenleck zu informieren. Damit das nicht geschieht fordern sie 2000 USD in Form von Bitcoins. Gehen Sie nicht darauf ein, es handelt sich um ein betrügerisches Spam-E-Mail! --------------------------------------------- https://www.watchlist-internet.at/news/website-betreiberinnen-aufgepasst-er… ∗∗∗ Anatomy of Formjacking Attacks ∗∗∗ --------------------------------------------- A detailed look at the fast-growing crime of formjacking, where cybercriminals hack a website to collect sensitive user information and steal credit card numbers. --------------------------------------------- https://unit42.paloaltonetworks.com/anatomy-of-formjacking-attacks/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Bridge (APSB20-19) and Adobe Illustrator (APSB20-20). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1864 ∗∗∗ High-Severity Vulnerabilities Patched in LearnPress ∗∗∗ --------------------------------------------- On March 16, 2020, LearnPress – WordPress LMS Plugin, a WordPress plugin with over 80,000 installations, patched a high-severity vulnerability that allowed subscriber-level users to elevate their permissions to those of an “LP Instructor”, a custom role with capabilities similar to the WordPress “author” role, including the ability to upload files and create posts containing [...] --------------------------------------------- https://www.wordfence.com/blog/2020/04/high-severity-vulnerabilities-patche… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox, java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, qemu-kvm, and thunderbird), Debian (qemu and ruby-json), Fedora (chromium, haproxy, and libssh), openSUSE (cacti, cacti-spine and teeworlds), Oracle (kernel), SUSE (apache2, git, kernel, ovmf, and xen), and Ubuntu (cups, file-roller, and re2c). --------------------------------------------- https://lwn.net/Articles/818821/ ∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2020-0005 ∗∗∗ --------------------------------------------- Date Reported: April 27, 2020 Advisory ID: WSA-2020-0005 CVE identifiers: CVE-2020-3885, CVE-2020-3894,CVE-2020-3895, CVE-2020-3897,CVE-2020-3899, CVE-2020-3900,CVE-2020-3901, CVE-2020-3902. Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2020-3885 Versions affected: WebKitGTK before 2.28.0 and WPE WebKit before2.28.0. Credit to Ryan Pickren (ryanpickren.com). Impact: A file URL may be incorrectly processed. Description: Alogic issue was addressed with improved [...] --------------------------------------------- https://webkitgtk.org/security/WSA-2020-0005.html ∗∗∗ IntelMQ Manager release 2.1.1 fixes critical security issue ∗∗∗ --------------------------------------------- The IntelMQ Manager version 2.1.1 released yesterday fixes a Remote Code Execution flaw (CWE-78: OS Command Injection). The documentation for version 2.1.1 and installation instructions can be found on our GitHub repository. Always run IntelMQ Manager instances in private networks with proper authentication & TLS. Further, restrict access to the tool to web-browsers which can only access internal web-sites, as workaround for existing CSRF issues. See also our security considerations with [...] --------------------------------------------- https://cert.at/en/blog/2020/4/intelmq-manager-release-211-fixes-critical-s… ∗∗∗ Security Bulletin: CVE-2019-1552 vulnerability in OpenSSL affect IBM Workload Scheduler ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-1552-vulnerabili… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a denial of service that affect TXSeries for Multiplatforms ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2020-4329) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in… ∗∗∗ Security Bulletin: NVIDIA Windows and Linux GPU Display drivers are have resolved several security vulnerabilities as described below. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-nvidia-windows-and-linux-… ∗∗∗ Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM)(CVE-2019-12418, CVE-2019-17563) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-open-source-apache-tomcat… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a denial of service that affect IBM CICS TX on Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect TXSeries for Multiplatforms ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect DB2 Recovery Expert for Linux, Unix and Windows(IBM SDK, Java Technology Edition Quarterly CPU – Jan 2020) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Jan 2020 CPU (CVE-2020-2583, CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ HPESBHF03970 rev.1 - HPE Products with Intel Ethernet 700 Series Processors, Local Escalation of Privilege, Local Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ Samba: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0377 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily