Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - 27.04.2020
by Daily end-of-shift report 27 Apr '20

27 Apr '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 24-04-2020 18:00 − Montag 27-04-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ BazarBackdoor: TrickBot gang’s new stealthy network-hacking malware ∗∗∗ --------------------------------------------- A new phishing campaign is delivering a new stealthy backdoor from the developers of TrickBot that is used to compromise and gain full access to corporate networks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/bazarbackdoor-trickbot-gang-… ∗∗∗ Asnarök malware exploits firewall zero-day to steal credentials ∗∗∗ --------------------------------------------- Some Sophos firewall products were attacked with a new Trojan malware, dubbed Asnarök by researchers cyber-security firm Sophos, to steal usernames and hashed passwords starting with April 22 according to an official timeline. --------------------------------------------- https://www.bleepingcomputer.com/news/security/asnar-k-malware-exploits-fir… ∗∗∗ Shade Ransomware shuts down, releases 750K decryption keys ∗∗∗ --------------------------------------------- The operators behind the Shade Ransomware (Troldesh) have shut down their operations, released over 750,000 decryption keys, and apologized for the harm they caused their victims. --------------------------------------------- https://www.bleepingcomputer.com/news/security/shade-ransomware-shuts-down-… ∗∗∗ Eight Common OT / Industrial Firewall Mistakes ∗∗∗ --------------------------------------------- Firewalls are easy to misconfigure. While the security consequences of such errors may be acceptable for some firewalls, the accumulated risks of misconfigured firewalls in a defense-in-depth OT network architecture are generally unacceptable. --------------------------------------------- https://threatpost.com/waterfall-eight-common-ot-industrial-firewall-mistak… ∗∗∗ Understanding the basics of API security ∗∗∗ --------------------------------------------- This is the first of a series of articles that introduces and explains application programming interfaces (API) security threats, challenges, and solutions for participants in software development, operations, and protection. --------------------------------------------- https://www.helpnetsecurity.com/2020/04/27/basics-api-security/ ∗∗∗ GDPR.EU has er… a data leakage issue ∗∗∗ --------------------------------------------- The web site GDPR.EU is an advice site ‘operated by Proton Technologies AG, co-funded by … the EU Horizon Framework’. It’s full of useful advice for organisations that need to [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/gdpr-eu-has-er-a-data-leakage… ===================== = Vulnerabilities = ===================== ∗∗∗ Hacker nutzen Zero-Day-Lücke in Sophos-Firewall aus ∗∗∗ --------------------------------------------- Unbekannte stehlen Dateien mit Anmeldedaten von Firewall-Administratoren und lokalen Nutzern. Sophos findet keinen Hinweis auf einen Missbrauch dieser Daten. Inzwischen steht ein Notfall-Update für die Schwachstelle zur Verfügung. --------------------------------------------- https://www.zdnet.de/88379086/hacker-nutzen-zero-day-luecke-in-sophos-firew… ∗∗∗ Duplicated Vulnerabilities in WordPress Plugins ∗∗∗ --------------------------------------------- During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post. With a bit of research, we came to the following conclusion: Many of these plugins came from the same source — and contained the same vulnerabilities. --------------------------------------------- https://blog.sucuri.net/2020/04/duplicated-vulnerabilities-in-wordpress-plu… ∗∗∗ Authentication bypass in FortiMail and FortiVoiceEntreprise ∗∗∗ --------------------------------------------- An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface. --------------------------------------------- https://fortiguard.com/psirt/FG-IR-20-045 ∗∗∗ High Severity Vulnerability Patched in Real-Time Find and Replace Plugin ∗∗∗ --------------------------------------------- On April 22, 2020, our Threat Intelligence team discovered a vulnerability in Real-Time Find and Replace, a WordPress plugin installed on over 100,000 sites. This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an action, like clicking on a link in [...] --------------------------------------------- https://www.wordfence.com/blog/2020/04/high-severity-vulnerability-patched-… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium), Debian (eog, jsch, libgsf, mailman, ncmpc, openjdk-11, php5, python-reportlab, radicale, and rzip), Fedora (ansible, dolphin-emu, git, gnuchess, liblas, openvpn, php, qt5-qtbase, rubygem-rake, snakeyaml, webkit2gtk3, and wireshark), Mageia (chromium-browser-stable, git, java-1.8.0-openjdk, kernel, kernel-linus, mp3gain, and virtualbox), openSUSE (crawl, cups, freeradius-server, kubernetes, and otrs), SUSE (apache2, kernel, pam_radius, [...] --------------------------------------------- https://lwn.net/Articles/818763/ ∗∗∗ JSA11021 - 2020-04 Out of Cycle Security Advisory: Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11021&actp=RSS ∗∗∗ HPESBHF03945 rev.1 - HPE Servers using Supplemental Update / Online ROM Flash Component for Linux, Local Execution of Arbitrary Code. ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ OTRS: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0372 ∗∗∗ ILIAS: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0370 ∗∗∗ Postfix: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0376 ∗∗∗ Security Bulletin: IBM Integration Bus affected by multiple Apache Tomcat (core only) vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-affec… ∗∗∗ Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilties ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Websphere Message Broker V8. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Oct 2019 CPU (CVE-2019-2964, CVE-2019-2989 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7, Version 8, that is used by IBM Workload Scheduler. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulner… ∗∗∗ Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7, Version 8, that is used by IBM Workload Scheduler. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulner… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.04.2020
by Daily end-of-shift report 24 Apr '20

24 Apr '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-04-2020 18:00 − Freitag 24-04-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Protecting your organization against password spray attacks ∗∗∗ --------------------------------------------- If your users sign in with guessable passwords, you may be at risk of a password spray attack.The post Protecting your organization against password spray attacks appeared first on Microsoft Security. --------------------------------------------- https://www.microsoft.com/security/blog/2020/04/23/protecting-organization-… ∗∗∗ Malicious Excel With a Strong Obfuscation and Sandbox Evasion, (Fri, Apr 24th) ∗∗∗ --------------------------------------------- For a few weeks, we see a bunch of Excel documents spread in the wild with Macro V4[1]. But VBA macros remain a classic way to drop the next stage of the attack on the victims computer. The attacker has many ways to fetch the next stage. He can download it from a compromised server or a public service like pastebin.com, dropbox.com, or any other service that allows sharing content. The problem is, in this case, that it generates more noise via new network flows and the attack [...] --------------------------------------------- https://isc.sans.edu/diary/rss/26048 ∗∗∗ Gefahren durch Webshells: NSA nennt beliebte Einfallstore für Server-Angriffe ∗∗∗ --------------------------------------------- US- und australische Behörden geben Tipps zum Aufspüren von Webshells und nennen einige teils recht alte, bei Angreifern aber noch immer beliebte Lücken. --------------------------------------------- https://heise.de/-4709470 ∗∗∗ When in Doubt: Hang Up, Look Up, & Call Back ∗∗∗ --------------------------------------------- Many security-conscious people probably think theyd never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Heres how one security and tech-savvy reader got taken for more than $10,000 in an elaborate, weeks-long ruse. --------------------------------------------- https://krebsonsecurity.com/2020/04/when-in-doubt-hang-up-look-up-call-back/ ===================== = Vulnerabilities = ===================== ∗∗∗ Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution ∗∗∗ --------------------------------------------- The FTTH provisioning solution suffers from an unauthenticated remote code execution vulnerability due to an unsafe deserialization of Java objects (ViewState) triggered via the javax.faces.ViewState HTTP POST parameter. The deserialization can cause the vulnerable JSF web application to execute arbitrary Java functions, malicious Java bytecode, and system shell commands with root privileges. --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5565.php ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (lib32-openssl), Debian (git), Gentoo (chromium, firefox, git, and openssl), Oracle (kernel and python-twisted-web), Red Hat (python-twisted-web), Scientific Linux (python-twisted-web), and SUSE (file-roller, kernel, and resource-agents). --------------------------------------------- https://lwn.net/Articles/818565/ ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBMJava SDK affect IBM Cloud App Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service attack caused by an authenticated user crafting a malicious message (CVE-2019-4656) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulne… ∗∗∗ Security Bulletin: IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. (CVE-2019-4619) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-al… ∗∗∗ Security Bulletin: IBM Cloud App Management is vulnerable to cross-site request forgery (CVE-2019-4750) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-app-management-… ∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Cloud App Management (CVE-2020-2593) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a tcpdump vulnerability (CVE-2018-19519) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service attack due to an error in the Channel processing function. (CVE-2019-4762) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulne… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2020-4267) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud App Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM MQ Appliance could allow a local attacker to obtain sensitive information. (CVE-2019-4719) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-al… ∗∗∗ BIG-IQ HA vulnerability CVE-2020-5870 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K69422435 ∗∗∗ BIG-IQ HA vulnerability CVE-2020-5869 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K28855111 ∗∗∗ BIG-IQ Grafana vulnerability CVE-2020-5868 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K37130415 ∗∗∗ HPESBHF03947 rev.1 - HPE UIoT, Remote Unauthorized Access and Access to Sensitive Data ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ Red Hat Enterprise Linux: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0362 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.04.2020
by Daily end-of-shift report 23 Apr '20

23 Apr '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-04-2020 18:00 − Donnerstag 23-04-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ iPhones durch Zero-Day-Lücken in Apple Mail angreifbar ∗∗∗ --------------------------------------------- iOS-Nutzer sollten die Mail-App vorübergehend nicht benutzen, warnen Sicherheitsforscher. Schwachstellen erlauben unbemerktes Code-Einschleusen. --------------------------------------------- https://heise.de/-4707901 ∗∗∗ New Data Center Requirements - Can You Help Host Shadowserver? ∗∗∗ --------------------------------------------- Shadowserver urgently needs to move our current data center by August 2020. We are blogging our data center requirements for hosting and colocation providers, or other companies who might be able to help provide a new home for our public benefit services for the global Internet. Please reach out and get in touch if you can help. --------------------------------------------- https://www.shadowserver.org/news/new-data-center-requirements-can-you-help… ∗∗∗ Maze Ransomware – What You Need to Know ∗∗∗ --------------------------------------------- What’s this Maze thing I keep hearing about? Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organizations around the world and demanded that a cryptocurrency payment be made in exchange for the safe recovery of encrypted data. There’s been plenty of ransomware before. What makes Maze so special? --------------------------------------------- https://www.tripwire.com/state-of-security/featured/maze-ransomware-what-yo… ∗∗∗ Researchers Turn Antivirus Software Into Destructive Tools ∗∗∗ --------------------------------------------- A vulnerability impacting nearly all antivirus products out there could have been exploited to disable anti-malware protection or render the operating system unusable, RACK911 Labs security researchers reveal. --------------------------------------------- https://www.securityweek.com/researchers-turn-antivirus-software-destructiv… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (openssl), openSUSE (freeradius-server, kernel, thunderbird, and vlc), Oracle (git, java-1.7.0-openjdk, java-1.8.0-openjdk, and java-11-openjdk), SUSE (ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, [...] --------------------------------------------- https://lwn.net/Articles/818481/ ∗∗∗ Security Advisory - Three Out of Bounds Vulnerabilities in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200422-… ∗∗∗ Security Advisory - Local Privilege Escalation Vulnerability in Huawei OSD Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200422-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OpenSSL vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an SQLite vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM NeXtScale Fan Power Controller (FPC) is affected by vulnerabilities in OpenSSL (CVE-2019-1547 and CVE-2019-1563) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-nextscale-fan-power-c… ∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale packaged in IBM Elastic Storage System 3000(CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-we… ∗∗∗ Security Bulletin: Vulnerability in IBM WebSphere Liberty Profile affects IBM Spectrum Symphony and IBM Platform Symphony ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-webs… ∗∗∗ Security Bulletin: IBM Tivoli Monitoring insufficient default file/folder permissions on windows. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-ins… ∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Elastic Storage System (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to side channel attack with Intel CPUs (CVE-2019-11135) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ NGINX Controller sensitive command-line arguments vulnerability CVE-2020-5866 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11922628 ∗∗∗ NGINX Controller vulnerability CVE-2020-5864 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K27205552 ∗∗∗ NGINX Controller insecure database transport vulnerability CVE-2020-5865 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K21009022 ∗∗∗ NGINX Controller vulnerability CVE-2020-5867 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00958787 ∗∗∗ HPESBHF03988 rev.1 - HPE Onboard Administrator, Remote Reflected Cross Site Scripting ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBNS03996 rev.1 - HPE NonStop Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ Squid: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0360 ∗∗∗ Red Hat JBoss A-MQ: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0361 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.04.2020
by Daily end-of-shift report 22 Apr '20

22 Apr '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-04-2020 18:00 − Mittwoch 22-04-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ You Wont Believe what this One Line Change Did to the Chrome Sandbox ∗∗∗ --------------------------------------------- The Chromium sandbox on Windows has stood the test of time. It’s considered one of the better sandboxing mechanisms deployed at scale without requiring elevated privileges to function. For all the good, it does have its weaknesses. The main one being the sandbox’s implementation is reliant on the security of the Windows OS. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-o… ∗∗∗ New iPhone Zero-Day Discovered ∗∗∗ --------------------------------------------- Last year, ZecOps discovered two iPhone zero-day exploits. They will be patched in the next iOS release: Avraham declined to disclose many details about who the targets were, and did not say whether they lost any data as a result of the attacks, but said "we were a bit surprised about who was targeted." --------------------------------------------- https://www.schneier.com/blog/archives/2020/04/new_iphone_zero.html ∗∗∗ NSA, ASD Release Guidance for Mitigating Web Shell Malware ∗∗∗ --------------------------------------------- The U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) have jointly released a Cybersecurity Information Sheet (CSI) on mitigating web shell malware. Malicious cyber actors are increasingly deploying web shell malware on victim web servers to execute arbitrary system commands. By deploying web shell malware, cyber attackers can gain persistent access to compromised networks. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2020/04/22/nsa-asd-release-gu… ∗∗∗ Achtung vor Shops mit service6(a)vinayotap.com E-Mail-Adressen ∗∗∗ --------------------------------------------- Derzeit melden LeserInnen der Watchlist Internet vermehrt neue Fake-Shops, die vor allem eines gemeinsam haben: Sie verweisen alle auf die E-Mail-Adresse --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-shops-mit-service6vinayo… ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft Issues Out-Of-Band Security Update For Office, Paint 3D ∗∗∗ --------------------------------------------- The flaws exist in Autodesks FBX library, integrated in Microsofts Office, Office 365 ProPlus and Paint 3D applications. --------------------------------------------- https://threatpost.com/microsoft-issues-out-of-band-security-update-for-off… ∗∗∗ Zero-Day-Lücken in IBM Data Risk Manager - Forscher-Report ignoriert ∗∗∗ --------------------------------------------- Sicherheitsforscher haben im Überwachungstool IBM Data Risk Manager vier Lücken entdeckt - drei gelten als kritisch. Erste Patches sind bereits da. --------------------------------------------- https://heise.de/-4707165 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Oracle (java-1.7.0-openjdk and java-1.8.0-openjdk), Red Hat (git, java-1.8.0-openjdk, java-11-openjdk, and kernel), Scientific Linux (kernel), Slackware (git), SUSE (openssl-1_1 and puppet), and Ubuntu (binutils and thunderbird). --------------------------------------------- https://lwn.net/Articles/818359/ ∗∗∗ 2020-04-21: Multiple vulnerabilities in B&R Automation Studio ∗∗∗ --------------------------------------------- https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-… ∗∗∗ 2020-04-21: TPM-Fail vulnerability in several B&R products ∗∗∗ --------------------------------------------- https://www.br-automation.com/en/downloads/022020-tpm-fail/ ∗∗∗ 2020-04-22: UPS Adapter CS141 – Path traversal vulnerability ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A4579&Lan… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200422-… ∗∗∗ Security Advisory - Local Privilege Escalation Vulnerability in Huawei PCManager Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200422-… ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200422-… ∗∗∗ Security Bulletin: CVE-2020-4202IBM UrbanCode Deploy (UCD) could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-4202ibm-urbancod… ∗∗∗ Security Bulletin: Windows DLL injection vulnerability in IBM Java Runtime affects Collaboration and Deployment Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-windows-dll-injection-vul… ∗∗∗ Security Bulletin: Ansible vulnerability affects IBM Elastic Storage System 3000 (CVE-2020-1734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ansible-vulnerability-aff… ∗∗∗ Security Bulletin: CVE-2019-4668 Pattern integration passwords stored in db without current encryption ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4668-pattern-int… ∗∗∗ Security Bulletin: CVE-2014-3524 CSV Injection in reports ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2014-3524-csv-injecti… ∗∗∗ Security Bulletin: Stack-based Buffer Overflow vulnerability in IBM Spectrum Protect Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-stack-based-buffer-overfl… ∗∗∗ Security Bulletin: IBM Elastic Storage System 3000 is affected by a vulnerability where an unprivileged user could execute commands as root ( CVE-2020-4273) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-syste… ∗∗∗ Atlassian Confluence: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0355 ∗∗∗ Red Hat Enterprise Linux: Mehrere Schwachstellen ermöglichen Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0351 ∗∗∗ OpenSSL: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0357 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.04.2020
by Daily end-of-shift report 21 Apr '20

21 Apr '20

===================== = End-of-Day report = ===================== Timeframe: Montag 20-04-2020 18:00 − Dienstag 21-04-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Windows 10 SMBGhost RCE exploit demoed by researchers ∗∗∗ --------------------------------------------- A proof-of-concept remote code execution (RCE) exploit for the Windows 10 CVE-2020-0796 wormable pre-auth remote code execution vulnerability was developed and demoed today by researchers at Ricerca Security. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-10-smbghost-rce-expl… ∗∗∗ SpectX: Log Parser for DFIR, (Tue, Apr 21st) ∗∗∗ --------------------------------------------- I hope this finds you all safe, healthy, and sheltered to the best of your ability. In February I received a DM via Twitter from Liisa at SpectX regarding my interest in checking out SpectX. Never one to shy away from a tool review offer, I accepted. SpectX, available in a free, community desktop version, is a log parser and query engine that enables you to investigate incidents via log files from multiple sources such as log servers, AWS, Azure, Google Storage, Hadoop, ELK and SQL-databases. --------------------------------------------- https://isc.sans.edu/diary/rss/26040 ∗∗∗ Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining ∗∗∗ --------------------------------------------- Recently, we wrote an article about more than 8,000 unsecured Redis instances found in the cloud. In this article, we expound on how these instances can be abused to perform remote code execution (RCE), as demonstrated by malware samples captured in the wild. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/l3TOyRDK1yA/ ∗∗∗ Grouping Linux IoT Malware Samples With Trend Micro ELF Hash ∗∗∗ --------------------------------------------- We created Trend Micro ELF Hash (telfhash), an open-source clustering algorithm that effectively clusters Linux IoT malware created using ELF files. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/tFHtqxisecc/ ∗∗∗ Kerberos Tickets on Linux Red Teams ∗∗∗ --------------------------------------------- At FireEye Mandiant, we conduct numerous red team engagements within Windows Active Directory environments. Consequently, we frequently encounter Linux systems integrated within Active Directory environments. Compromising an individual domain-joined Linux system can provide useful data on its own, but the best value is obtaining data, such as Kerberos tickets, that will facilitate lateral movement techniques. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/04/kerberos-tickets-on-lin… ∗∗∗ Unsichere Deserialisierung gefährdet Steam-Spiele ∗∗∗ --------------------------------------------- Viele Videospiele, die .Net oder Unity verwenden, sind angreifbar und führen Schadcode aus. Steam bietet die Möglichkeit einer wurmähnlichen Infektion. --------------------------------------------- https://heise.de/-4706122 ∗∗∗ 46% of SMBs have been targeted by ransomware, 73% have paid the ransom ∗∗∗ --------------------------------------------- Ransomware attacks are not at all unusual in the SMB community, as 46% of these businesses have been victims. And 73% of those SMBs that have been the targets of ransomware attacks actually have paid a ransom, Infrascale reveals. Yet, more than a quarter of the total SMB survey group said they lack a plan to mitigate a ransomware attack. --------------------------------------------- https://www.helpnetsecurity.com/2020/04/21/paying-ransom/ ∗∗∗ BSI aktualisiert den Mindeststandard TLS ∗∗∗ --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat zum 9. April 2020 den "Mindeststandard zur Verwendung von Transport Layer Security (TLS)" aktualisiert. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/AktualisierterMST… ∗∗∗ Microsoft Will Not Patch Security Bypass Flaw Abusing MSTSC ∗∗∗ --------------------------------------------- A DLL side-loading vulnerability related to the Microsoft Terminal Services Client (MSTSC) can be exploited to bypass security controls, but Microsoft says it will not be releasing a patch due to exploitation requiring elevated privileges. --------------------------------------------- https://www.securityweek.com/microsoft-will-not-patch-security-bypass-flaw-… ∗∗∗ Zahlungsaufforderungen von angeblichen Streamingdiensten sind Fake ∗∗∗ --------------------------------------------- bodaflix.de, ebaflix.de, teraflix.de, nodaflix.de – angeblich kostenlose Streamingdienste. Nach einer Registrierung erhalten Sie jedoch eine Zahlungsaufforderung über 395,88 Euro. Wird diese ignoriert, folgen meist weitere Zahlungsaufforderungen und Mahnungen von vermeintlichen Inkassobüros. Überweisen Sie kein Geld und antworten Sie auch nicht! Es handelt sich um ein betrügerisches Schreiben. --------------------------------------------- https://www.watchlist-internet.at/news/zahlungsaufforderungen-von-angeblich… ∗∗∗ Hey there! Are you using WhatsApp? Your account may be hackable ∗∗∗ --------------------------------------------- Can someone take control of your WhatsApp account by just knowing your phone number? We ran a small test to find out. --------------------------------------------- https://www.welivesecurity.com/2020/04/20/hey-there-using-whatsapp-your-acc… ===================== = Vulnerabilities = ===================== ∗∗∗ P5 FNIP-8x16A/FNIP-4xSH CSRF Stored Cross-Site Scripting ∗∗∗ --------------------------------------------- The controller suffers from CSRF and XSS vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Input passed to several GET/POST parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a [...] --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5564.php ∗∗∗ [R2] Tenable.sc 5.14.0 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- Tenable.sc leverages third-party software to help provide underlying functionality. One third-party component (jQuery) was found to contain vulnerabilities, and updated versions have been made available by the providers. --------------------------------------------- https://www.tenable.com/security/tns-2020-02 ∗∗∗ Versionsverwaltung: Erneute Sicherheitswarnung für Git ∗∗∗ --------------------------------------------- Updates beheben eine Schwachstelle in Git, die der jüngsten ähnelt und ebenfalls die Credential-Helper-Programme betrifft. --------------------------------------------- https://heise.de/-4706272 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (webkit2gtk), Debian (awl, git, and openssl), Red Hat (chromium-browser, git, http-parser, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, qemu-kvm-ma, rh-git218-git, and rh-maven35-jackson-databind), Scientific Linux (advancecomp, avahi, bash, bind, bluez, cups, curl, dovecot, doxygen, evolution, expat, file, firefox, gettext, git, GNOME, httpd, ImageMagick, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, kernel, lftp, [...] --------------------------------------------- https://lwn.net/Articles/818223/ ∗∗∗ High-Severity Vulnerability in OpenSSL Allows DoS Attacks ∗∗∗ --------------------------------------------- An update released on Tuesday for OpenSSL patches a high-severity vulnerability that can be exploited for denial-of-service (DoS) attacks. --------------------------------------------- https://www.securityweek.com/high-severity-vulnerability-openssl-allows-dos… ∗∗∗ [20200403] - Core - Incorrect access control in com_users access level deletion function ∗∗∗ --------------------------------------------- https://developer.joomla.org/security-centre/811-20200403-core-incorrect-ac… ∗∗∗ [20200402] - Core - Missing checks for the root usergroup in usergroup table ∗∗∗ --------------------------------------------- https://developer.joomla.org/security-centre/810-20200402-core-missing-chec… ∗∗∗ [20200401] - Core - Incorrect access control in com_users access level editing function ∗∗∗ --------------------------------------------- https://developer.joomla.org/security-centre/809-20200401-core-incorrect-ac… ∗∗∗ 2020-04-21: SECURITY ABB Central Licensing System Vulnerabilities, impact on System 800xA, Compact HMI and Control Builder Safe ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&Language… ∗∗∗ 2020-04-21: SECURITY Multiple Vulnerabilities in ABB Central Licensing System ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231&Language… ∗∗∗ 2020-04-21: SECURITY Inter process communication vulnerability in System 800xA ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&Language… ∗∗∗ Security Bulletin: A denial of service vulnerability in IBM WebSphere Liberty Profile affects IBM Spectrum Conductor and IBM Spectrum Conductor with Spark ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-denial-of-service-vulne… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.04.2020
by Daily end-of-shift report 20 Apr '20

20 Apr '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 17-04-2020 18:00 − Montag 20-04-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Microsoft helped stop a botnet controlled via an LED light console ∗∗∗ --------------------------------------------- Microsoft says that its Digital Crimes Unit (DCU) discovered and helped take down a botnet of 400,000 compromised devices controlled with the help of an LED light control console. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-helped-stop-a-botn… ∗∗∗ KPOT Analysis: Obtaining the Decrypted KPOT EXE, (Sun, Apr 19th) ∗∗∗ --------------------------------------------- https://isc.sans.edu/diary/rss/26014 ∗∗∗ KPOT AutoIt Script: Analysis, (Mon, Apr 20th) ∗∗∗ --------------------------------------------- https://isc.sans.edu/diary/rss/26012 ∗∗∗ Finding Zoom Meeting Details in the Wild ∗∗∗ --------------------------------------------- The popular web conference platform Zoom has been in the storm for a few weeks. With the COVID19 pandemic, more and more people are working from home and the demand for web conference tools has been growing. --------------------------------------------- https://blog.rootshell.be/2020/04/18/finding-zoom-meeting-details-in-the-wi… ∗∗∗ Clipboard hijacking malware found in 725 Ruby libraries ∗∗∗ --------------------------------------------- Security researchers from ReversingLabs say theyve discovered 725 Ruby libraries uploaded on the official RubyGems repository that contained malware meant to hijack users clipboards. The malicious packages were uploaded on RubyGems between February 16 and 25 by two accounts [...] --------------------------------------------- https://www.zdnet.com/article/clipboard-hijacking-malware-found-in-725-ruby… ∗∗∗ PayPal über Google Pay: Lücke von Februar anscheinend klammheimlich behoben ∗∗∗ --------------------------------------------- Die Lücke, die unautorisierte PayPal-Abbuchungen via Google Pay erlaubte, wurde anscheinend – erst kürzlich – von PayPal gefixt. --------------------------------------------- https://heise.de/-4704339 ∗∗∗ Warten auf Patches: Schwachstellen in Nagios XI gefährden Netzwerke ∗∗∗ --------------------------------------------- Die Monitoring-Software für komplexe IT-Infrastrukturen Nagios XI ist verwundbar. Abhilfe gibt es noch nicht. --------------------------------------------- https://heise.de/-4704444 ∗∗∗ Several Botnets Using Zero-Day Vulnerability to Target Fiber Routers ∗∗∗ --------------------------------------------- Multiple botnets are targeting a zero-day vulnerability in fiber routers in an attempt to ensnare them and leverage their power for malicious purposes, security researchers warn. --------------------------------------------- https://www.securityweek.com/several-botnets-using-zero-day-vulnerability-t… ∗∗∗ In eigener Sache: CERT.at/nic.at sucht Verstärkung (Research Engineer Internet, Vollzeit) ∗∗∗ --------------------------------------------- Unser Research- & Developmentteam sucht für ein Projekt mit CERT.at und Security-Bezug eine/n Research Engineer (m/w, Vollzeit mit 38,5 Stunden) zum ehestmöglichen Einstieg. Dienstort ist Wien. Details finden sich auf der nic.at Jobs-Seite. --------------------------------------------- https://cert.at/de/blog/2020/4/in-eigener-sache-certatnicat-sucht-verstarku… ===================== = Vulnerabilities = ===================== ∗∗∗ CVE-2019-9506 Encryption Key Negotiation of Bluetooth Vulnerability ∗∗∗ --------------------------------------------- The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. --------------------------------------------- https://fortiguard.com/psirt/FG-IR-19-224 ∗∗∗ Kritische Sicherheitslücke in mehreren Xilinx-FPGAs ∗∗∗ --------------------------------------------- Bei Xilinx-FPGAs der Serie 7 (Spartan-7, Artix-7, Kintex-7, Virtex-7) und Virtex-6 lässt sich die Verschlüsselung der Bitstream-Konfigurationsdaten aushebeln. --------------------------------------------- https://heise.de/-4706002 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (openvpn), Debian (awl, file-roller, jackson-databind, and shiro), Fedora (chromium, git, and libssh), Mageia (php, python-bleach, and webkit2), openSUSE (chromium, gstreamer-rtsp-server, and mp3gain), Oracle (thunderbird and tigervnc), SUSE (thunderbird), and Ubuntu (file-roller and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/817987/ ∗∗∗ Prestashop 1.7.6.4 XSS / CSRF / Remote Code Execution ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2020040108 ∗∗∗ Toshiba Electronic Devices & Storage software registers unquoted service paths ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN13467854/ ∗∗∗ Security Bulletin: Information disclosure vulnerability in WebSphere Application Server shipped with Jazz for Service Management (CVE-2019-4441) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: Windows DLL injection vulnerability with IBM Java Affects SPSS Modeler ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-windows-dll-injection-vul… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Nimbus-JOSE-JWT affect IBM Spectrum Symphony ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Squid: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0347 ∗∗∗ Citrix Hypervisor Multiple Security Updates ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX270837 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.04.2020
by Daily end-of-shift report 17 Apr '20

17 Apr '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 16-04-2020 18:00 − Freitag 17-04-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Fehlerhaftes Update legt Virenschutz in Windows 10 lahm ∗∗∗ --------------------------------------------- Die MS-Virenwächter fielen nach einem Update aus. Die betroffenen Programme können manuell aktualisiert werden. --------------------------------------------- https://futurezone.at/produkte/fehlerhaftes-update-legt-virenschutz-in-wind… ∗∗∗ Using AppLocker to Prevent Living off the Land Attacks, (Thu, Apr 16th) ∗∗∗ --------------------------------------------- STI student David Brown published an STI research paper in January with some interesting ideas to prevent living off the land attacks with AppLocker. Living off the land attacks use existing Windows binaries instead of downloading specific attack tools. This post-compromise technique is very difficult to block. AppLocker isn't really designed to block these attacks because AppLocker by default does allow standard Windows binaries to run. --------------------------------------------- https://isc.sans.edu/diary/rss/26032 ∗∗∗ Weaponized RTF Document Generator & Mailer in PowerShell, (Fri, Apr 17th) ∗∗∗ --------------------------------------------- Another piece of malicious PowerShell script that I found while hunting. Like many malicious activities that occur in those days, it is related to the COVID19 pandemic. Its purpose of simple: It checks if Outlook is used by the victim and, if it's the case, it generates a malicious RTF document that is spread to all contacts extracted from Outlook. Let's have a look at it. --------------------------------------------- https://isc.sans.edu/diary/rss/26030 ∗∗∗ Excel Malspam: Password Protected ... Not! ∗∗∗ --------------------------------------------- Early March of this year, we blogged about multiple malspam campaigns utilizing Excel 4.0 Macros in .xls 97-2003 binary format. In this blog, we will present one more Excel 4.0 Macro spam campaign in the same format crafted with another old MS Excel feature to evade detection. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/excel-malsp… ∗∗∗ Web Skimmer with a Domain Name Generator ∗∗∗ --------------------------------------------- Our security analyst Moe Obaid recently found yet another variation of a web skimmer script injected into a Magento database. The malicious script loads the credit card stealing code from qr201346[.]pw and sends the stolen details to hxxps://gooogletagmanager[.]online/get.php. This approach is pretty typical for skimmers. However, we noticed one interesting feature of the script — instead of using one predefined domain, it generates domain names based on the current date. --------------------------------------------- https://blog.sucuri.net/2020/04/web-skimmer-with-a-domain-name-generator.ht… ∗∗∗ Continued Threat Actor Exploitation Post Pulse Secure VPN Patching ∗∗∗ --------------------------------------------- [...] This Alert provides an update to Cybersecurity and Infrastructure Security Agency (CISA) Alert AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability, which advised organizations to immediately patch [...] --------------------------------------------- https://www.us-cert.gov/ncas/alerts/aa20-107a ∗∗∗ Sophos zieht problematisches Firmware-Update 9.703 für UTM zurück ∗∗∗ --------------------------------------------- Achtung, nicht installieren: Das Firmware-Update 9.703 für Sophos UTM-Appliances wurde vom Hersteller wegen gravierender Probleme wieder zurückgezogen. --------------------------------------------- https://heise.de/-4704634 ∗∗∗ New AgentTesla variant steals WiFi credentials ∗∗∗ --------------------------------------------- The popular infostealer AgentTesla recently added a new feature that can steal WiFi usernames and passwords, which can potentially be used to spread the malware. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2020/04/new-agenttesla-varian… ===================== = Vulnerabilities = ===================== ∗∗∗ Apple Releases Security Update for Xcode ∗∗∗ --------------------------------------------- Apple has released a security update to address vulnerabilities in Xcode. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security page for Xcode 11.4.1 and apply the necessary update. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2020/04/17/apple-releases-sec… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (apache and chromium), Debian (webkit2gtk), Fedora (firefox, nss, and thunderbird), Mageia (chromium-browser-stable and git), openSUSE (gnuhealth), Oracle (thunderbird), Red Hat (kernel-alt, thunderbird, and tigervnc), Scientific Linux (thunderbird), Slackware (openvpn), and SUSE (freeradius-server and libqt4). --------------------------------------------- https://lwn.net/Articles/817720/ ∗∗∗ Foxit Reader und Foxit Phantom PDF Suite: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0344 ∗∗∗ Security Bulletin: IBM TRIRIGA Application Platform discloses error messages that could aid an attacker formulate future attacks (CVE-2020-4277) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tririga-application-p… ∗∗∗ Security Bulletin: Version 10.16.3 of Node.js included in IBM Cloud Event Management 2.5.0 has several security vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-version-10-16-3-of-node-j… ∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server and Liberty affects IBM Cloud App Management (CVE-2019-4441) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-we… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect for Enterprise Resource Planning on Windows (CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to Insecure Permissions (CVE-2019-4446) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct FTP+ ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Version 10.16.3 of Node.js included in IBM Cloud Event Management 2.5.0 has several security vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-version-10-16-3-of-node-j… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2019-4749) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2019-4644) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.04.2020
by Daily end-of-shift report 16 Apr '20

16 Apr '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 15-04-2020 18:00 − Donnerstag 16-04-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Polizei warnt vor Fake-Mail von Gesundheitsministerium ∗∗∗ --------------------------------------------- Das gefälschte E-Mail enthält einen Trojaner, der die Daten am Computer verschlüsselt und Lösegeld fordert. --------------------------------------------- https://futurezone.at/digital-life/polizei-warnt-vor-fake-mail-von-gesundhe… ∗∗∗ Sicherheitsupdates: Root-Lücken gefährden IP-Telefone von Cisco ∗∗∗ --------------------------------------------- Verschiedene Produkte des Netzwerkausrüsters Cisco sind verwundbar. Mehrere Lücken gelten als "kritisch". --------------------------------------------- https://heise.de/-4703471 ===================== = Vulnerabilities = ===================== ∗∗∗ JSON:API - Critical - Unsupported - SA-CONTRIB-2020-010 ∗∗∗ --------------------------------------------- Project: JSON:API Version: 8.x-1.26 Date: 2020-April-15 Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All Vulnerability: Unsupported Description: This module provides a JSON API standards-compliant API for accessing andmanipulating Drupal content and configuration entities. The security team and module maintainers are marking this project unsupported. Both the 8.x-1.x and 8.x-2.x versions are unsupported, and users of either version are strongly encouraged to upgrade [...] --------------------------------------------- https://www.drupal.org/sa-contrib-2020-010 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (git), Fedora (cacti, cacti-spine, chromium, golang-github-buger-jsonparser, kernel, kernel-headers, and kernel-tools), openSUSE (ansible, git, and mp3gain), Oracle (container-tools:ol8, nodejs:10, and virt:ol), Red Hat (chromium-browser, ipmitool, and thunderbird), Slackware (bind), SUSE (quartz), and Ubuntu (php5, php7.0, php7.2, php7.3). --------------------------------------------- https://lwn.net/Articles/817649/ ∗∗∗ CA API Developer Portal 4.2.x / 4.3.1 Access Bypass / Privilege Escalation ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2020040090 ∗∗∗ Cisco IP Phones Web Application Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Wireless LAN Controller 802.11 Generic Advertisement Service Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Wireless LAN Controller CAPWAP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Path Traversal Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Aironet Series Access Points Client Packet Processing Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Path Traversal Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor and IBM Spectrum Conductor with Spark ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM MQ is vulnerable to a denial of service attack due to an error in the Channel processing function. (CVE-2019-4762) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM InfoSphere Information Server may be vulnerable to attacks based on privilege escalation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect for Enterprise Resource Planning on Windows (CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: IBM MQ and IBM MQ Appliance could allow a local attacker to obtain sensitive information. (CVE-2020-4338) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-ibm-mq-applian… ∗∗∗ Security Bulletin: CVE-2020-4260 Secure properties can be revealed using a generic process ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-4260-secure-prop… ∗∗∗ Security Bulletin: OpenSSL Vulnerability Affects IBM Sterling Connect:Express for UNIX (CVE-2019-1551) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-aff… ∗∗∗ Security Bulletin: IBM MQ is affected by a vulnerability within cURL libcurl (CVE-2019-15601) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-v… ∗∗∗ Security Bulletin: Multiple Apache CXF vulnerabilities identified in IBM Tivoli Application Dependency Discovery Manager. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-apache-cxf-vulne… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.04.2020
by Daily end-of-shift report 15 Apr '20

15 Apr '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 14-04-2020 18:00 − Mittwoch 15-04-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Patchday: Microsoft schließt über 100 Lücken, drei Windows-Lücken unter Beschuss ∗∗∗ --------------------------------------------- Wichtige Sicherheitsupdates schützen Windows & Co. 17 Schwachstellen sind mit dem Angriffsrisiko "kritisch" eingestuft. --------------------------------------------- https://heise.de/-4702540 ∗∗∗ Sicherheitswarnungen für Git und GitHub ∗∗∗ --------------------------------------------- Eine Schwachstelle in Git ermöglicht das Umleiten von Credentials, und GitHub warnt vor einer Welle von Phishing-Mails. --------------------------------------------- https://heise.de/-4702519 ∗∗∗ Medikamente sicher und legal online kaufen ∗∗∗ --------------------------------------------- Apotheken sind in Österreich trotz Corona-Krise geöffnet. Dennoch wollen Menschen die Ansteckungsgefahr in den Apotheken vermeiden und kaufen rezeptfreie Medikamente online. Es gibt jedoch zahlreiche Fake-Apotheken im Internet, die mit scheinbar rezeptfreien Medikamenten werben. Mit dem EU-Sicherheitslogo erkennen Sie legale Apotheken und können Medikamente ohne Risiko legal online kaufen. --------------------------------------------- https://www.watchlist-internet.at/news/medikamente-sicher-und-legal-online-… ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft Office April security updates fix critical RCE bugs ∗∗∗ --------------------------------------------- Microsoft released the April 2020 Office security updates on April 14, 2020, with a total of 55 security updates and 5 cumulative updates for 7 different products, and patching 5 critical bugs allowing attackers to run scripts as the current user and remotely execute arbitrary code on unpatched systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-office-april-secur… ∗∗∗ Eaton HMiSoft VU3 ∗∗∗ --------------------------------------------- This advisory contains mitigations for stack-based buffer overflow and out-of-bounds read vulnerabilities in Eatons HMiSoft VU3 human-machine interface (HMI). --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-105-01 ∗∗∗ Triangle MicroWorks DNP3 Outstation Libraries ∗∗∗ --------------------------------------------- This advisory contains mitigations for a stack-based buffer overflow vulnerability in Triangle MicroWorks DNP3 components and source code libraries. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-105-02 ∗∗∗ Triangle MicroWorks SCADA Data Gateway ∗∗∗ --------------------------------------------- This advisory contains mitigations for stack-based buffer overflow, out-of-bounds read, and type confusion vulnerabilities in the Triangle MicroWorks SCADA Data Gateway. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-105-03 ∗∗∗ VMSA-2020-0007 ∗∗∗ --------------------------------------------- VMware vRealize Log Insight addresses Cross Site Scripting (XSS) and Open Redirect vulnerabilities (CVE-2020-3953, CVE-2020-3954) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0007.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (git, graphicsmagick, php-horde-data, and php-horde-trean), Mageia (apache, gnutls, golang, krb5-appl, libssh, libvncserver, mediawiki, thunderbird, tor, and wireshark), openSUSE (chromium, nagios, and thunderbird), Oracle (kernel and krb5-appl), Red Hat (elfutils, kernel, nss-softokn, ntp, procps-ng, and python), Scientific Linux (firefox), Slackware (git), SUSE (git and ruby2.5), and Ubuntu (git). --------------------------------------------- https://lwn.net/Articles/817565/ ∗∗∗ IPAS: Security Advisories for April 2020 ∗∗∗ --------------------------------------------- Hello, Today, in addition to the 6 security advisories we are releasing, we want to call your attention to a new whitepaper we have just published addressing CVE-2019-0090, a vulnerability in the Intel® Converged Security Management Engine (CSME) that we first disclosed in May of last year. You can read the whitepaper HERE. --------------------------------------------- https://blogs.intel.com/technology/2020/04/ipas-security-advisories-for-apr… ∗∗∗ BSRT-2020-001 Local File Inclusion Vulnerability in Apache Tomcat Impacts BlackBerry Workspaces Server and BlackBerry Good Control ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Security Advisory - Denial of Service Vulnerability on Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200415-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200415-… ∗∗∗ Security Advisory - Out of Bounds Read Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200415-… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to privilege escalation (CVE-2020-4270) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A vulnerability in IBM Websphere Application Server affects the IBM Performance Management product (CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-we… ∗∗∗ Security Bulletin: A vulnerability in jQuery affects the IBM Performance Management product (CVE-2019-11358) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-jquery… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to PHP object injection (CVE-2020-4271) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to information exposure (CVE-2019-4593) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to instantiation of arbitrary objects (CVE-2020-4272) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nx-os-fi… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to Server-Side Request Forgery (SSRF) (CVE-2020-4294) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Überschreiben von Dateien ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0325 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.04.2020
by Daily end-of-shift report 14 Apr '20

14 Apr '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 10-04-2020 18:00 − Dienstag 14-04-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Think Fast: Time Between Disclosure, Patch Release and VulnerabilityExploitation — Intelligence for Vulnerability Management, Part Two ∗∗∗ --------------------------------------------- One of the critical strategic and tactical roles that cyber threat intelligence (CTI) plays is in the tracking, analysis, and prioritization of software vulnerabilities that could potentially put an organization’s data, employees and customers at risk. In this four-part blog series, FireEye Mandiant Threat Intelligence highlights the value of CTI in enabling vulnerability management, and unveils new research into the latest threats, trends and recommendations. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/04/time-between-disclosure… ∗∗∗ WhatsApp-Nachricht: Billa verlost keinen 250 € Gutschein ∗∗∗ --------------------------------------------- Sie haben von einem WhatsApp-Kontakt einen Link zu einem Billa-Gutschein erhalten und fragen sich was dahintersteckt? Die Watchlist Internet hat sich diesen sogenannten Kettenbrief näher angesehen! Unser Fazit: Sie erhalten weder einen Gutschein, noch stammt diese Verlosung von Billa. --------------------------------------------- https://www.watchlist-internet.at/news/whatsapp-nachricht-billa-verlost-kei… ∗∗∗ APT41 Using New Speculoos Backdoor to Target Organizations Globally ∗∗∗ --------------------------------------------- Unit 42 identifies new payload, named Speculoos, exploiting CVE-2019-19781 to target organizations around the world, including state government in the United States. --------------------------------------------- https://unit42.paloaltonetworks.com/apt41-using-new-speculoos-backdoor-to-t… ∗∗∗ Malicious Attackers Target Government and Medical Organizations With COVID-19 Themed Phishing Campaigns ∗∗∗ --------------------------------------------- New research shows COVID-19 themed phishing campaigns are targeting healthcare organizations and medical research facilities around the world. --------------------------------------------- https://unit42.paloaltonetworks.com/covid-19-themed-cyber-attacks-target-go… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe ColdFusion (APSB20-18), Adobe After Effects (APSB20-21) and Adobe Digital Editions (APSB20-23). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1859 ∗∗∗ Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update ∗∗∗ --------------------------------------------- Oracle will detail 405 new security vulnerabilities Tuesday, part of its quarterly Critical Patch Update Advisory. --------------------------------------------- https://threatpost.com/oracle-tackles-405-bugs-for-april-quarterly-patch-up… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (haproxy), Gentoo (chromium and libssh), openSUSE (ansible, chromium, gmp, gnutls, libnettle, libssh, mgetty, nagios, permissions, and python-PyYAML), and Oracle (firefox, kernel, qemu-kvm, and telnet). --------------------------------------------- https://lwn.net/Articles/817399/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (thunderbird), Debian (thunderbird), Fedora (drupal7-ckeditor, nrpe, and php-robrichards-xmlseclibs1), Red Hat (firefox and kernel), SUSE (quartz), and Ubuntu (thunderbird). --------------------------------------------- https://lwn.net/Articles/817471/ ∗∗∗ SSA-102233: SegmentSmack in VxWorks-based Industrial Devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-102233.txt ∗∗∗ SSA-162506: DHCP Client Vulnerability in SIMOTICS CONNECT 400, Desigo PXC/PXM, APOGEE MEC/MBC/PXC, APOGEE PXC Series, and TALON TC Series ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-162506.txt ∗∗∗ SSA-359303: Debug Port in TIM 3V-IE and 4R-IE Family Devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-359303.txt ∗∗∗ SSA-377115: SegmentSmack in Linux IP-Stack based Industrial Devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-377115.txt ∗∗∗ SSA-593272: SegmentSmack in Interniche IP-Stack based Industrial Devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-593272.txt ∗∗∗ SSA-886514: Persistent XSS Vulnerabilities in the Web Interface of Climatix POL908 and POL909 Modules ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-886514.txt ∗∗∗ Security Bulletin: A vulnerability in IBM Java affect IBM Decision Optimization Center (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: A vulnerability in IBM Java affects IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Services (CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Platform Symphony and IBM Spectrum Symphony ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Services v2.1.1 (CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere (CVE-2019-10209, 10211, 10210, 10208) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-postgresql-vulnerabilitie… ∗∗∗ Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere (CVE-2019-10164) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-postgresql-vulnerabilitie… ∗∗∗ Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-postgresql-vulnerabilitie… ∗∗∗ XSA-318 - Bad continuation handling in GNTTABOP_copy ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-318.html ∗∗∗ XSA-316 - Bad error path in GNTTABOP_map_grant ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-316.html ∗∗∗ XSA-314 - Missing memory barriers in read-write unlock paths ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-314.html ∗∗∗ XSA-313 - multiple xenoprof issues ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-313.html ∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0303 ∗∗∗ SAP Patchday April 2020 ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0300 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily