- Daily - CERT.at

Tageszusammenfassung - 20.11.2020
by Daily end-of-shift report 20 Nov '20

20 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 19-11-2020 18:00 − Freitag 20-11-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ IAM-Driven Biometrics: The Security Issues with Biometric Identity and Access Management ∗∗∗ --------------------------------------------- The increase of cybersecurity incidents brings along a higher demand for enhanced security protections. Thus, in the attempt of preventing unauthorized third parties from accessing their accounts and sensitive data, companies are increasingly turning to biometric authentication. Contemporary Identity and Access Management (IAM) technologies have moved beyond basic login methods based on usernames and passwords. --------------------------------------------- https://heimdalsecurity.com/blog/iam-driven-biometrics/ ∗∗∗ [SANS ISC] Malicious Python Code and LittleSnitch Detection ∗∗∗ --------------------------------------------- I published the following diary on isc.sans.edu: “Malicious Python Code and LittleSnitch Detection“: We all run plenty of security tools on our endpoints. Their goal is to protect us by preventing infection (or trying to prevent it). But all those security tools are present on our devices like normal applications --------------------------------------------- https://blog.rootshell.be/2020/11/20/sans-isc-malicious-python-code-and-lit… ∗∗∗ The malware that usually installs ransomware and you need to remove right away ∗∗∗ --------------------------------------------- [...] This article focuses on the known malware strains that have been used over the past two years to install ransomware. [...] Once any of these malware strains are detected, system administrators should drop everything, take systems offline, and audit and remove the malware as a top priority. ZDNet will keep the list up to date going forward. --------------------------------------------- https://www.zdnet.com/article/the-malware-that-usually-installs-ransomware-… ∗∗∗ Exploiting dynamic rendering engines to take control of web apps ∗∗∗ --------------------------------------------- tl;dr: - Dynamic rendering is a technique used to serve prerendered web site pages to crawlers (e.g., Google search engine, Slack or Twitter bots, etc.) - The most popular open source applications for dynamic rendering are Rendertron and Prerender; both of which may introduce vulnerabilities to a network if used improperly. --------------------------------------------- https://r2c.dev/blog/2020/exploiting-dynamic-rendering-engines-to-take-cont… ∗∗∗ Consul by HashiCorp: from Infoleak to RCE ∗∗∗ --------------------------------------------- Consul is a software first released in 2014 for DNS-based service discovery. It provides distributed key-value storage, segmentation, and configuration. Registered services and nodes can be queried using a DNS interface or an HTTP interface. [...] An attacker can use public access to the system to obtain information about the infrastructure and its configuration. --------------------------------------------- https://lab.wallarm.com/consul-by-hashicorp-from-infoleak-to-rce/ ∗∗∗ WordPress Malware Setting Up SEO Shops ∗∗∗ --------------------------------------------- While recently looking over my honeypots, I discovered an infection where a malicious actor added a storefront on top of my existing WordPress installation. For background, this particular honeypot is a full instance of WordPress running on a Docker image. The administrator credentials are intentionally weak, in order to give those with malicious intent easy access. This way I can examine what attacks the vulnerable site will undergo and what the login access will be used for. --------------------------------------------- https://blogs.akamai.com/sitr/2020/11/wordpress-malware-setting-up-seo-shop… ∗∗∗ Purgalicious VBA: Macro Obfuscation With VBA Purging ∗∗∗ --------------------------------------------- Malicious Office documents remain a favorite technique for every type of threat actor, from red teamers to FIN groups to APTs. In this blog post, we will discuss "VBA Purging", a technique we have increasingly observed in the wild and that was first publicly documented by Didier Stevens in February 2020. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/11/purgalicious-vba-macro-… ∗∗∗ Demystifying two common misconceptions with e-commerce security ∗∗∗ --------------------------------------------- HTTPS and iframe containers augment security, but are not a panacea for online shoppers and merchants. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2020/11/demystifying-two-common-mi… ∗∗∗ Vorsicht: Zahlreiche Fake-Shops werben mit Black Friday Deals ∗∗∗ --------------------------------------------- In einer Woche ist es soweit: Der Black Friday lässt das Herz von Schnäppchenjägern höherschlagen. Ab Montag beginnt die Cyber Week, bei denen sich KonsumentInnen schon vor dem Black Friday über Rabatte im Online-Handel freuen können. Doch seien Sie vorsichtig auf der Schnäppchenjagd. Denn zu dieser Zeit macht nicht nur der Online-Handel ein gutes Geschäft, sondern auch BetrügerInnen. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-zahlreiche-fake-shops-werbe… ∗∗∗ IAMFinder: Open Source Tool to Identify Information Leaked from AWS IAM Reconnaissance ∗∗∗ --------------------------------------------- IAMFinder is a custom open-source tool that can identify users and IAM roles in AWS accounts, showing where to harden IAM configurations. --------------------------------------------- https://unit42.paloaltonetworks.com/iamfinder/ ===================== = Vulnerabilities = ===================== ∗∗∗ About the security content of macOS Big Sur 11.0.1 ∗∗∗ --------------------------------------------- The macOS Big Sur 11.0.1 software update is available for Mac mini (M1, 2020), MacBook Air (M1, 2020), and MacBook Air (13-inch, 2020), and together with macOS 11.0 includes the security content listed in this advisory. --------------------------------------------- https://support.apple.com/en-us/HT211982 ∗∗∗ VMSA-2020-0026 VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) ∗∗∗ --------------------------------------------- Multiple vulnerabilities in VMware ESXi, Workstation and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0026.html ∗∗∗ VMSA-2020-0023 Updates ∗∗∗ --------------------------------------------- Updated security advisory to add Workstation 15.x version in the response matrix of section 3(c) and 3(d). --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0023.html ∗∗∗ VMSA-2020-0020 Updates ∗∗∗ --------------------------------------------- Updated security advisory to add Fusion 11.x version in the response matrix of section 3(a) and Workstation 15.x version in the response matrix of section 3(b), 3(c) & 3(d). --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0020.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Fedora (chromium, microcode_ctl, mingw-libxml2, seamonkey, and xen), openSUSE (slurm_18_08 and tor), Oracle (thunderbird), SUSE (buildah, firefox, go1.14, go1.15, krb5, microcode_ctl, perl-DBI, podman, postgresql12, thunderbird, ucode-intel, wireshark, wpa_supplicant, and xen), and Ubuntu (firefox and phpmyadmin). --------------------------------------------- https://lwn.net/Articles/837915/ ∗∗∗ CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance ∗∗∗ --------------------------------------------- A vulnerability has been identified in Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway that, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution. --------------------------------------------- https://support.citrix.com/article/CTX267027 ∗∗∗ Security Bulletin: Cryptographic Vulnerability Affects Map Editor in IBM Sterling B2B Integrator (CVE-2020-4937) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cryptographic-vulnerabili… ∗∗∗ Security Bulletin: Vulnerability CVE-2020-4788 in the IBM Power9 processor affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2020-47… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: InfoSphere Master Data Management 11.6 affected due to vulnerability in OpenSSL ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-infosphere-master-data-ma… ∗∗∗ Security Bulletin: IBM® Db2® could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. (CVE-2020-4739) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-could-allow-a-loc… ∗∗∗ Security Bulletin: IBM has released AIX and VIOS iFixes in response to a vulnerability in IBM POWER9 (CVE-2020-4788) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-released-aix-and-… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Apr 2020 – Includes Oracle Apr 2020 CPU minus CVE-2020-2773 affects IBM MQ ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.11.2020
by Daily end-of-shift report 19 Nov '20

19 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 18-11-2020 18:00 − Donnerstag 19-11-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Android chat app with 100 million installs exposes private messages ∗∗∗ --------------------------------------------- GO SMS Pro, an Android instant messaging application with over 100 million installs, is publicly exposing private multimedia files shared between its users. --------------------------------------------- https://www.bleepingcomputer.com/news/security/android-chat-app-with-100-mi… ∗∗∗ CodeQL: Github findet Sicherheitslücke in Corona-Warn-App-Server ∗∗∗ --------------------------------------------- Das Sicherheitsteam von Github hat eine Remote Code Execution im Server-Code der Corona-Warn-App gefunden --------------------------------------------- https://www.golem.de/news/codeql-github-findet-sicherheitsluecke-in-corona-… ∗∗∗ Egregor-Ransomware bombardiert Nutzer mit gedruckten Lösegeldforderungen ∗∗∗ --------------------------------------------- Die Cyberkriminellen wenden die Taktik erstmals bei einem Angriff auf einen chilenischen Handelskonzern an. Sie begnügen sich nicht nur mit Office-Druckern und geben ihre Lösegeldforderung sogar auf Quittungsdruckern aus. Unklar ist, wie die Hacker dabei vorgehen. --------------------------------------------- https://www.zdnet.de/88389908/egregor-ransomware-bombardiert-nutzer-mit-ged… ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal core - Critical - Remote code execution - SA-CORE-2020-012 ∗∗∗ --------------------------------------------- Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting [...] --------------------------------------------- https://www.drupal.org/sa-core-2020-012 ∗∗∗ SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-038 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2020-038 ∗∗∗ Ink Filepicker - Critical - Unsupported - SA-CONTRIB-2020-037 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2020-037 ∗∗∗ Media: oEmbed - Critical - Remote Code Execution - SA-CONTRIB-2020-036 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2020-036 ∗∗∗ Examples for Developers - Critical - Remote Code Execution - SA-CONTRIB-2020-035 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2020-035 ∗∗∗ VMware SD-WAN Orchestrator updates address multiple security vulnerabilities ∗∗∗ --------------------------------------------- Multiple vulnerabilities in SD-WAN Orchestrator were privately reported to VMware. Patches and workarounds are available to remediate or workaround this vulnerability in affected VMware products. VMware-hosted SD-WAN Orchestrators have been patched for these issues. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0025.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium and firefox), CentOS (bind, curl, fence-agents, kernel, librepo, libvirt, microcode_ctl, python, python3, qt and qt5-qtbase, resource-agents, and tomcat), Debian (drupal7, firefox-esr, jupyter-notebook, packer, python3.5, and rclone), Fedora (firefox), Mageia (firefox, nss), openSUSE (gdm, kernel-firmware, and moinmoin-wiki), Oracle (net-snmp), SUSE (libzypp, zypper), and Ubuntu (c-ares). --------------------------------------------- https://lwn.net/Articles/837767/ ∗∗∗ ICS Advisory (ICSA-20-324-03) Real Time Automation EtherNet/IP ∗∗∗ --------------------------------------------- The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-20-324-03 ∗∗∗ Trend Micro Apex One: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1136 ∗∗∗ F5 BIG-IP: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1140 ∗∗∗ [webapps] Nagios Log Server 2.1.7 - Persistent Cross-Site Scripting ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/49082 ∗∗∗ Security Advisory - Improper Buffer Operation Restrictions Vulnerability on Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201118-… ∗∗∗ Security Advisory - Command Injection Vulnerability in Huawei FusionCompute Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201118-… ∗∗∗ Security Bulletin: TLS Protocol DHE_EXPORT Ciphers Downgrade MitM (Logjam) vulnerability in IBM Cloud Pak for Data Streams ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-tls-protocol-dhe_export-c… ∗∗∗ Security Bulletin: The web server or application server are configured in an insecure way in IBM Cloud Pak for Data Streams ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-the-web-server-or-applica… ∗∗∗ Security Bulletin: CVE-2020-14782 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-14782-may-affect… ∗∗∗ Security Bulletin: App Connect for Manufacturing 2.0 is affected by vulnerabilities of ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.6 (CVE-2019-17359) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-for-manufactu… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow (CVE-2020-4701) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2020-4718) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-af… ∗∗∗ Security Bulletin: Lucky 13 Attack Vulnerability in IBM Cloud Pak for Data Streams ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-lucky-13-attack-vulnerabi… ∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssh-… ∗∗∗ Security Bulletin: CVE-2019-17638 jetty double-release of a byte buffer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-17638-jetty-doub… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.11.2020
by Daily end-of-shift report 18 Nov '20

18 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 17-11-2020 18:00 − Mittwoch 18-11-2020 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ When Security Controls Lead to Security Issues, (Wed, Nov 18th) ∗∗∗ --------------------------------------------- The job of security professionals is to protect customers assets and, even more, today, customers data. The security landscape is full of solutions that help to improve security by detecting (and blocking) threats knocking on the organizations doors. Sometimes, such solutions have side effects that go to the opposite direction and make customers more vulnerable to attacks. --------------------------------------------- https://isc.sans.edu/diary/rss/26804 ∗∗∗ Evasive Maneuvers in Data Stealing Gateways ∗∗∗ --------------------------------------------- We have already shared examples of many kinds of malware that rely on an external gateway to receive or return data, such as different malware payloads. During a recent investigation, we came across this example of a PHP script that attackers use for many different purposes. What makes the sample interesting is that alongside this PHP, we also found a few data-stealing scripts indicating that the code might have been used to send sensitive data to the attackers. Continue reading Evasive --------------------------------------------- https://blog.sucuri.net/2020/11/evasive-maneuvers-in-data-stealing-gateways… ∗∗∗ WebNavigator Chromium browser published by search hijackers ∗∗∗ --------------------------------------------- A mystery Chromium browser recently made a sudden appearance, and is certainly proving popular. But what is it, and where did it come from? --------------------------------------------- https://blog.malwarebytes.com/pups/2020/11/webnavigator-chromium-browser-pu… ∗∗∗ Nibiru ransomware variant decryptor ∗∗∗ --------------------------------------------- The Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Nibiru uses a hard-coded string "Nibiru" to compute the 32-byte key and 16-byte IV values. The decryptor program leverages this weakness to decrypt files encrypted by this variant. --------------------------------------------- https://blog.talosintelligence.com/2020/11/Nibiru-ransomware.html ∗∗∗ Large-Scale Attacks Target Epsilon Framework Themes ∗∗∗ --------------------------------------------- On November 17, 2020, our Threat Intelligence team noticed a large-scale wave of attacks against recently reported Function Injection vulnerabilities in themes using the Epsilon Framework, which we estimate are installed on over 150,000 sites. So far today, we have seen a surge of more than 7.5 million attacks against more than 1.5 million sites ... For the time being, the vast majority of these attacks appear to be probing attacks, designed to determine whether a site has a vulnerable theme installed rather than to perform an exploit chain, though full Remote Code Execution(RCE) leading to site takeover is possible with these vulnerabilities. --------------------------------------------- https://www.wordfence.com/blog/2020/11/large-scale-attacks-target-epsilon-f… ∗∗∗ Vorsicht vor COVID-19-Hilfsfonds: Unterstützungszahlungen in Millionenhöhe sind Betrug! ∗∗∗ --------------------------------------------- Die Corona-Krise ist für viele Menschen auch eine finanzielle Krise. Verschiedene Unterstützungsangebote sollen daher helfen, durch diese Zeit zu kommen. Aber Achtung! Werfen Sie einen genauen Blick darauf, wer Ihnen Geld anbietet. Denn: Derzeit werden betrügerische E-Mails von angeblichen COVID-19 Hilfsfonds versendet, in denen hohe Geldbeträge versprochen werden. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-covid-19-hilfsfonds-unt… ===================== = Vulnerabilities = ===================== ∗∗∗ iTunes 12.11 for Windows ∗∗∗ --------------------------------------------- Foundation Impact: A local user may be able to read arbitrary files ImageIO Impact: Processing a maliciously crafted image may lead to arbitrary code execution libxml2 Impact: Processing maliciously crafted web content may lead to code execution libxml2 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Windows Security Impact: A malicious application may be able to access local users Apple IDs --------------------------------------------- https://support.apple.com/kb/HT211933 ∗∗∗ Tails 4.13: Anonymisierendes Betriebssystem bekommt wichtige Sicherheitsupdates ∗∗∗ --------------------------------------------- Die neue Version des Debian-basierten Live-Systems umfasst ein wenig Feinschliff an der Oberfläche, vor allem aber wichtige Security-Fixes. --------------------------------------------- https://heise.de/-4963955 ∗∗∗ Tor Browser: Desktop-Version 10.0.5 mit Firefox-Sicherheitsupdates verfügbar ∗∗∗ --------------------------------------------- Für Windows, Linux und macOS steht eine neue Version des anonymisierenden Webbrowsers bereit. Die Android-Ausgabe soll bald folgen. --------------------------------------------- https://heise.de/-4964177 ∗∗∗ Cisco Expressway Software Unauthorized Access Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Secure Web Appliance Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings API Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings and Cisco Webex Meetings Server Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings and Cisco Webex Meetings Server Unauthorized Audio Information Exposure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings and Cisco Webex Meetings Server Ghost Join Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Telepresence CE Software and RoomOS Software Unauthorized Token Generation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco DNA Spaces Connector Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Improper Domain Access Control Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network REST API Insufficient Input Validation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Unprotected Storage of Credentials Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director File Overwrite Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Improper Access Control Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Unauthenticated REST API Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Missing API Authentication Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Privilege Escalation Vulnerability in FusionCompute Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201118-… ∗∗∗ Security Bulletin: An unspecified vulnerability in Java SE or Oracle Java SE could allow an unauthenticated attacker ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerabil… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14621) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: App Connect Enterprise Certified Container Dashboard is vulnerable to (CVE-2020-15168) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-ce… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a data corruption vulnerability (CVE-2020-4592) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: IBM MQ is affected by a vulnerability in IBM Runtime Environment Java (deferred from Oracle Jan 2020 CPU) CVE-2020-2654 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-v… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.11.2020
by Daily end-of-shift report 17 Nov '20

17 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Montag 16-11-2020 18:00 − Dienstag 17-11-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücke: Mit Hardware für 30 Dollar Intels sichere Enklave geknackt ∗∗∗ --------------------------------------------- Intels Enklave SGX soll Daten selbst vor Rechenzentrumsbetreibern mit physischem Zugang verbergen. Doch Forscher konnten auf diese Weise RSA-Schlüssel auslesen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-mit-hardware-fuer-30-dollar-int… ∗∗∗ Firewall-Umgehung in macOS 11: Malware kann Apples Ausschlussliste missbrauchen ∗∗∗ --------------------------------------------- Apple-Dienste bleiben für lokale Firewalls in macOS 11 unsichtbar. Auch Malware könne so nach Hause telefonieren, warnt ein Sicherheitsforscher. --------------------------------------------- https://heise.de/-4963227 ∗∗∗ Be Very Sparing in Allowing Site Notifications ∗∗∗ --------------------------------------------- An increasing number of websites are asking visitors to approve "notifications," browser modifications that periodically display messages on the users mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters. --------------------------------------------- https://krebsonsecurity.com/2020/11/be-very-sparing-in-allowing-site-notifi… ∗∗∗ YouTube: Betrügerische Werbung verlockt zu hohen Investitionen ∗∗∗ --------------------------------------------- Aktuell wird auf YouTube der Bitcoin-Handel auf unseriösen Trading-Plattformen beworben. Wer sich für die Werbung interessiert, landet bei einem gefälschten Zeitungsartikel auf einer gefälschten Kronen Zeitung Website. Dort ist ein frei erfundenes Interview mit dem Geschäftsmann Richard Lugner zu lesen, in dem er erklärt, wie man mit Bitcoin-Investitionen in nur wenigen Tagen zum Millionär wird. --------------------------------------------- https://www.watchlist-internet.at/news/youtube-betruegerische-werbung-verlo… ∗∗∗ Jupyter trojan: Newly discovered malware stealthily steals usernames and passwords ∗∗∗ --------------------------------------------- Morphisec researchers detail campaign that steals Chromium, Firefox, and Chrome browser data. --------------------------------------------- https://www.zdnet.com/article/jupyter-trojan-newly-discovered-trojan-malwar… ∗∗∗ vjw0rm Leveraging New Obfuscation Technique ∗∗∗ --------------------------------------------- Summaryvjw0rm is a malicious JavaScript program capable of propagating across removable storage devices and receiving instructions from a C2 server. A SANS Internet Storm Center (ISC) researcher has identified a sample of this worm leveraging new obfuscation techniques. --------------------------------------------- https://exchange.xforce.ibmcloud.com/collection/bfbf7b77d8cbc57d1a94e7bc291… ===================== = Vulnerabilities = ===================== ∗∗∗ Jetzt updaten: Cisco bessert bei der Sicherheit seines "Security Managers" nach ∗∗∗ --------------------------------------------- Dank Lücken mit "High" und "Critical"-Einstufung war Ciscos Security Manager der Sicherheit eher abträglich. Software-Updates sind jetzt teilweise verfügbar. --------------------------------------------- https://heise.de/-4962719 ∗∗∗ Blind Out-Of-Band XML External Entity Injection in Avaya Web License Manager ∗∗∗ --------------------------------------------- By using an XXE injection it is possible to read confidential data like /etc/shadow or private keys. In addition, a special payload can affect the availability of the web application. --------------------------------------------- https://sec-consult.com/en/blog/advisories/blind-out-of-band-xml-external-e… ∗∗∗ TYPO3 Extensions: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in TYPO3 Extensions ausnutzen, um Informationen offenzulegen oder einen Denial of Service zu verursachen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1127 ∗∗∗ TYPO3 Core: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in TYPO3 Core ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1124 ∗∗∗ Trend Micro InterScan Web Security Virtual Appliance < 6.5 SP2 Hotfix 1919 ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Trend Micro InterScan Web Security Virtual Appliance ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1128 ∗∗∗ Apple iTunes: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple iTunes ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen oder einen Denial of Service zu verursachen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1125 ∗∗∗ Node.js: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1126 ∗∗∗ Trend Micro Worry-Free Business Security: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1129 ∗∗∗ Western Digital My Cloud NAS Devices Security Vulnerabilities ∗∗∗ --------------------------------------------- Comparitech researches have published a paper on five vulnerabilities found in Western Digital network-attached storage (NAS) devices. If successfully exploited, the exploitation of these vulnerabilities could lead to remote code execution. Also possible is the [...] --------------------------------------------- https://exchange.xforce.ibmcloud.com/collection/2ee337a7fbea5d145289bcab311… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libdatetime-timezone-perl, openldap, pacemaker, and restic), Fedora (libmediainfo, mediainfo, mingw-python3, and seamonkey), Gentoo (libexif), openSUSE (raptor), Oracle (kernel and microcode_ctl), Scientific Linux (firefox), SUSE (kernel-firmware, postgresql, postgresql96, postgresql10 and postgresql12, and raptor), and Ubuntu (openldap and postgresql-10, postgresql-12, postgresql-9.5). --------------------------------------------- https://lwn.net/Articles/837538/ ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to Multiple Jackson-Databind CVEs – February 2020 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: Cross-site scripting vulnerability affects IBM Business Automation Workflow – CVE-2020-4672 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: IBM API Connect is vulnerable to arbitrary code execution and security bypass in Drupal (CVE-2020-13664, CVE-2020-13665) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulner… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.11.2020
by Daily end-of-shift report 16 Nov '20

16 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 13-11-2020 18:00 − Montag 16-11-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Stories from the SOC – Multi-layered defense detects Windows Trojan ∗∗∗ --------------------------------------------- Malware infections are common and are often missed by antivirus software. Their impact to critical infrastructure and applications can be devastating to an organizations network, brand and customers if not remediated. With the everchanging nature of [...] --------------------------------------------- https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-so… ∗∗∗ New TroubleGrabber Discord malware steals passwords, system info ∗∗∗ --------------------------------------------- TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-troublegrabber-discord-m… ∗∗∗ Windows Kerberos authentication breaks due to security updates ∗∗∗ --------------------------------------------- Microsoft is investigating a new known issue causing enterprise domain controllers to experience Kerberos authentication problems after installing security updates released during this months Patch Tuesday, on November 10. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentica… ∗∗∗ Schneider Electric Warns Customers of Drovorub Linux Malware ∗∗∗ --------------------------------------------- One of the security bulletins released this week by Schneider Electric warns customers about Drovorub, a piece of Linux malware that was recently detailed by the NSA and the FBI. --------------------------------------------- https://www.securityweek.com/schneider-electric-warns-customers-drovorub-li… ∗∗∗ Ok Google: please publish your DKIM secret keys ∗∗∗ --------------------------------------------- The Internet is a dangerous place in the best of times. Sometimes Internet engineers find ways to mitigate the worst of these threats, and sometimes they fail. Every now and then, however, a major Internet company finds a solution that actually makes the situation worse for just about everyone. Today I want to talk about [...] --------------------------------------------- https://blog.cryptographyengineering.com/2020/11/16/ok-google-please-publis… ∗∗∗ The ransomware landscape is more crowded than you think ∗∗∗ --------------------------------------------- More than 25 Ransomware-as-a-Service (RaaS) portals are currently renting ransomware to other criminal groups. --------------------------------------------- https://www.zdnet.com/article/the-ransomware-landscape-is-more-crowded-than… ∗∗∗ Ngioweb Botnet Targeting IoT Devices ∗∗∗ --------------------------------------------- A new version of the Ngioweb botnet malware was discovered and analyzed by Netlab 360 researchers. Their blog post details the changes observed in these newer samples. --------------------------------------------- https://exchange.xforce.ibmcloud.com/collection/e4becb0bc47fb9b7ad74c9fb579… ===================== = Vulnerabilities = ===================== ∗∗∗ Heartbleed, BlueKeep and other vulnerabilities that didnt disappear just because we dont talk about them anymore, (Mon, Nov 16th) ∗∗∗ --------------------------------------------- Since new critical vulnerabilities are discovered and published nearly every day, it is no wonder that we (i.e. security professionals and security-oriented media) tend to focus on these and dont return to the ones that came before too often. Unless there is a massive exploitation campaign, that is. This doesnt present any problems for organizations, which manage to patch vulnerabilities on time, but for many others [...] --------------------------------------------- https://isc.sans.edu/diary/rss/26798 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libdatetime-timezone-perl and libvncserver), Fedora (chromium, kernel, kernel-headers, kernel-tools, krb5, libexif, libxml2, and thunderbird), Gentoo (chromium, libmaxminddb, and mit-krb5), Mageia (arpwatch, bluez, chromium-browser-stable, firefox and thunderbird, golang, java-1.8.0-op, kdeconnect-kde, kleopatra, libexif, lilypond, microcode, packagekit, ruby, and tpm2-tss), openSUSE (chromium, firefox, ImageMagick, kernel, openldap2, python-waitress, SDL, u-boot, ucode-intel, and zeromq), Oracle (fence-agents, firefox, freetype, kernel, python, python3, and thunderbird), Red Hat (rh-postgresql10-postgresql, rh-postgresql12-postgresql, and virt:8.2 and virt-devel:8.2), Slackware (seamonkey), and SUSE (firefox, gdm, kernel, and kernel-firmware). --------------------------------------------- https://lwn.net/Articles/837431/ ∗∗∗ SIGE (Joomla) 3.4.1 & 3.5.3 Pro - Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2020110113 ∗∗∗ Opera Touch for iOS: Schwachstelle ermöglicht Darstellen falscher Informationen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1123 ∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1122 ∗∗∗ Security Bulletin: Information Disclosure Vulnerability Affects EBICS Client of IBM Sterling B2B Integrator (CVE-2020-4475) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: Information Disclosure Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4476) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: CKEditor XSS Vulnerability Affects IBM Sterling B2B Integrator (CVE-2018-17960) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ckeditor-xss-vulnerabilit… ∗∗∗ Security Bulletin: XSS Vulnerability Affects IBM Sterling B2B Integrator (CVE-2020-4705) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-xss-vulnerability-affects… ∗∗∗ Security Bulletin: SQL Injection Vulnerability Affects EBICS in IBM Sterling B2B Integrator (CVE-2020-4655) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerabili… ∗∗∗ Security Bulletin: B2B API Information Disclosure Vulnerability Affects IBM Sterling B2B Integrator (CVE-2020-4566) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-b2b-api-information-discl… ∗∗∗ Security Bulletin: Cross-site scripting vulnerability affects IBM Business Automation Workflow – CVE-2020-4672 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Apache Struts Affect IBM Sterling File Gateway (CVE-2019-0233, CVE-2019-0230) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Cookie Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4763) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cookie-vulnerability-affe… ∗∗∗ Security Bulletin: Cookie Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4665) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cookie-vulnerability-affe… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.11.2020
by Daily end-of-shift report 13 Nov '20

13 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 12-11-2020 18:00 − Freitag 13-11-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Ubuntu Linux schließt Lücken: Im Handumdrehen zum Systemverwalter ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher stolperte über eine Lücken-Kombo, mit der einfache Nutzer einen Account mit Sudo-Rechten anlegen konnten. Ubuntu hat diese nun gefixt. --------------------------------------------- https://heise.de/-4960051 ∗∗∗ Unbreak My Heart: What I Learned About Building Better Medical Devices While Troubleshooting My Pacemaker ∗∗∗ --------------------------------------------- This blog outlines the story of Veronica Schmitts journey to fixing her ICD/Pacemaker using Medical Device Forensics. --------------------------------------------- https://www.sans.org/blog/unbreak-my-heart-what-i-learned-about-building-be… ∗∗∗ A new skimmer uses WebSockets and a fake credit card form to steal sensitive data ∗∗∗ --------------------------------------------- A new skimmer attack was discovered this week, targeting various online e-commerce sites built with different frameworks. As of the writing of this blog post, the attack is still active and exfiltrating data. --------------------------------------------- https://blogs.akamai.com/2020/11/a-new-skimmer-uses-websockets-and-a-fake-c… ∗∗∗ DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels ∗∗∗ --------------------------------------------- SAD DNS is a revival of the classic DNS cache poisoning attack (which no longer works since 2008) leveraging novel network side channels that exist in all modern operating systems, including Linux, Windows, macOS, and FreeBSD. This represents an important milestone -- the first weaponizable network side channel attack that has serious security impacts. The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache (e.g., in BIND, Unbound, dnsmasq). --------------------------------------------- https://www.saddns.net/ ∗∗∗ Surviving college distance learning during the pandemic: a cybersecurity guide ∗∗∗ --------------------------------------------- Students in higher education are exposed to online risks more than ever. Keep yourself secure while distance learning from home with this practical guide. --------------------------------------------- https://blog.malwarebytes.com/how-tos-2/2020/11/surviving-college-distance-… ===================== = Vulnerabilities = ===================== ∗∗∗ Schneider Electric sichert diverse ICS-Komponenten gegen Schwachstellen ab ∗∗∗ --------------------------------------------- Für Hard- und Software zur Konfiguration und Verwaltung industrieller Steuerungssysteme von Schneider Electric sind wichtige Sicherheitsupdates verfügbar. --------------------------------------------- https://heise.de/-4959299 ∗∗∗ ICS Advisory (ICSA-20-317-01) Mitsubishi Electric MELSEC iQ-R Series ∗∗∗ --------------------------------------------- A denial-of-service vulnerability due to uncontrolled resource consumption exists in MELSEC iQ-R series CPU modules. This vulnerability does not affect products when the "To Use or Not to Use Web Server" parameter of CPU modules is set to "Not Use." The default setting is "Not Use." --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-20-317-01 ∗∗∗ PostgreSQL 13.1, 12.5, 11.10, 10.15, 9.6.20, and 9.5.24 Released! ∗∗∗ --------------------------------------------- The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 13.1, 12.5, 11.10, 10.15, 9.6.20, and 9.5.24. This release closes three security vulnerabilities and fixes over 65 bugs reported over the last three months. Due to the nature of CVE-2020-25695, we advise you to update as soon as possible. Additionally, this is the second-to-last release of PostgreSQL 9.5. If you are running PostgreSQL 9.5 in a production environment, we [...] --------------------------------------------- https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libproxy, pacemaker, and thunderbird), Fedora (nss), openSUSE (kernel), Oracle (curl, librepo, qt and qt5-qtbase, and tomcat), Red Hat (firefox), SUSE (firefox, java-1_7_0-openjdk, and openldap2), and Ubuntu (apport, libmaxminddb, openjdk-8, openjdk-lts, and slirp). --------------------------------------------- https://lwn.net/Articles/837105/ ∗∗∗ Citrix Hypervisor Security Update ∗∗∗ --------------------------------------------- A security issue has been identified in Citrix Hypervisor that may allow privileged code running in a guest VM to infer details of some computations occurring in other VMs on the host. This may, for example, be used to infer a secret encryption key used [...] --------------------------------------------- https://support.citrix.com/article/CTX285937 ∗∗∗ Citrix SDWAN Center Security Update ∗∗∗ --------------------------------------------- Multiple vulnerabilities have been discovered in Citrix SD-WAN Center that, if exploited, could allow an unauthenticated attacker with network access to SD-WAN Center to perform arbitrary code execution as root. --------------------------------------------- https://support.citrix.com/article/CTX285061 ∗∗∗ Security Bulletin: App Connect Enterprise Certified Container Designer instances may be vulnerable to CVE-2020-7760 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-ce… ∗∗∗ Security Bulletin: Novalink is impacted by Vulnerability in Hibernate Validator affects WebSphere Application Server Liberty (CVE-2020-10693) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-v… ∗∗∗ Security Bulletin: Novalink is impacted running oauth-2.0 or openidConnectServer-1.0 server features vulnerability in WebSphere Application Server Liberty (CVE-2020-4590) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-runn… ∗∗∗ Security Bulletin: Vulnerability in icu CVE-2020-10531. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-icu-cve-… ∗∗∗ Security Bulletin: Vulnerability in Open Source Python affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-8492) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-open-sou… ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java SDK affecting IBM Application Discovery and Delivery Intelligence V5.1.0.7 and V5.1.0.8 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ Security Bulletin: Vulnerabilities in Tivoli Netcool/OMNIbus ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-tivoli… ∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-… ∗∗∗ Security Bulletin: Samba for IBM i is affected by CVE-2020-14323 and CVE-2020-14318 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-samba-for-ibm-i-is-affect… ∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM Spectrum Control (CVE-2020-8201, CVE-2020-8252) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-j… ∗∗∗ Security Bulletin: CVE-2020-4482 ADD SNAPSHOT STATUS REST CALL DOESN'T CHECK THE USER ROLE ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-4482-add-snapsho… ∗∗∗ Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-struts-publicly-di… ∗∗∗ Security Bulletin: CVE-2018-10886 ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2018-10886-ant-before… ∗∗∗ Security Bulletin: IBM Security Directory Suite is affected by a security vulnerability (CVE-2018-4441) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-directory-su… ∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by IBM SDK, Java Technology Edition Quarterly CPU – Apr 2020 vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins… ∗∗∗ Security Bulletin:Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache HttpClient ( CVE-2020-13956) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletinsecurity-bulletin-ibm-cont… ∗∗∗ Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2019-16779). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ruby-o… ∗∗∗ macOS Big Sur 11.0.1 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211931 ∗∗∗ Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211946 ∗∗∗ Safari 14.0.1 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211934 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.11.2020
by Daily end-of-shift report 12 Nov '20

12 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 11-11-2020 18:00 − Donnerstag 12-11-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Angeblich Quellcode des Exploit-Toolkits Cobalt Strike durchgesickert ∗∗∗ --------------------------------------------- Auf GitHub findet sich seit fast zwei Wochen ein Repository mit dem Namen CobaltStrike. Es enthält angeblich den Code von Cobalt Strike 4.0. Der Autor entfernt zudem die Lizenzprüfung, was auf eine geknackte Version schließen lässt. --------------------------------------------- https://www.zdnet.de/88389725/angeblich-quellcode-des-exploit-toolkits-coba… ∗∗∗ Hungrig nach Daten – ModPipe Backdoor bedroht POS‑Software im Gastgewerbe ∗∗∗ --------------------------------------------- Die Backdoor-Autoren verfügen offenbar über umfassende Kenntnisse der Software und entschlüsseln Datenbankkennwörter aus Windows-Registry-Werten. --------------------------------------------- https://www.welivesecurity.com/deutsch/2020/11/12/hungrig-nach-daten-modpip… ∗∗∗ Extrapolating Adversary Intent Through Infrastructure ∗∗∗ --------------------------------------------- Hear from Senior Security Researcher Joe Slowik to discover the significance behind domain name patterns and learn how defenders can use these thematic insights to further their security operations. --------------------------------------------- https://www.domaintools.com/resources/blog/extrapolating-adversary-intent-t… ∗∗∗ 2 More Google Chrome Zero-Days Under Active Exploitation ∗∗∗ --------------------------------------------- Browser users are once again being asked to patch severe vulnerabilities that can lead to remote code execution. --------------------------------------------- https://threatpost.com/2-zero-day-bugs-google-chrome/161160/ ∗∗∗ Preventing Exposed Azure Blob Storage, (Thu, Nov 12th) ∗∗∗ --------------------------------------------- In the previous diary, I explained the three public access levels of Azure Blob Storage, and how to investigate the setup for any issues. Until a couple of months ago, there was no reliable way to prevent the problem from occurring in the first place, but thankfully, Microsoft has finally seen the light. --------------------------------------------- https://isc.sans.edu/diary/rss/26786 ∗∗∗ Attacking SCADA Part II: Vulnerabilities in Schneider Electric EcoStruxure Machine Expert and M221 PLC ∗∗∗ --------------------------------------------- We present two vulnerabilities in EcoStruxure Machine Expert v1.0 and Schneider Electric M221 (Firmware 1.10.2.2) Programmable Logic Controller (PLC). All three vulnerabilities were disclosed to Schneider Electric and the details were released on 10 November 2020. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/attacking-s… ∗∗∗ Exploring the Exploitability of "Bad Neighbor": The Recent ICMPv6 Vulnerability (CVE-2020-16898) ∗∗∗ --------------------------------------------- We wanted to find out whether something else could be done with this vulnerability, aside from triggering the buffer overflow and causing a blue screen (BSOD) --------------------------------------------- https://blog.zecops.com/vulnerabilities/exploring-the-exploitability-of-bad… ∗∗∗ CRAT wants to plunder your endpoints ∗∗∗ --------------------------------------------- Cisco Talos has observed a new version of a remote access trojan (RAT) family known as CRAT. Apart from the prebuilt RAT capabilities, the malware can download and deploy additional malicious plugins on the infected endpoint. One of the plugins is a ransomware known as "Hansom." --------------------------------------------- https://blog.talosintelligence.com/2020/11/crat-and-plugins.html ∗∗∗ Avionics Safety and Secured Connectivity: A Look at DO-326A/ED-202A, DO-355 and DO-356 ∗∗∗ --------------------------------------------- One of the major improvements that the avionics industry is undergoing is an Internet of Things (IoT) upgrade. And this is inevitably affecting how airlines approach aircraft safety. From the beginning, safety has been paramount to the aviation industry. But while it is a welcome innovation, the incorporation of IoT devices in aircraft comes with [...] --------------------------------------------- https://www.tripwire.com/state-of-security/regulatory-compliance/avionics-s… ∗∗∗ Comodo open-sources its EDR solution ∗∗∗ --------------------------------------------- OpenEDR, announced in September, is available on GitHub starting this week. --------------------------------------------- https://www.zdnet.com/article/comodo-open-sources-its-edr-solution/ ∗∗∗ Why you should keep your Netflix password to yourself ∗∗∗ --------------------------------------------- Sharing is caring - except when it isn't. Here’s why you shouldn't share your password for online media services with other people. --------------------------------------------- https://www.welivesecurity.com/2020/11/11/why-you-should-keep-netflix-passw… ∗∗∗ Cryptominers Exploiting Weblogic RCE CVE-2020-14882 ∗∗∗ --------------------------------------------- Intro Towards the end of October, we started seeing attackers take advantage of a Weblogic RCE vulnerability (CVE-2020-14882). Recently, SANS ISC talked about this vulnerability being exploited in the wild, [...] --------------------------------------------- https://thedfirreport.com/2020/11/12/cryptominers-exploiting-weblogic-rce-c… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (codemirror-js, firefox-esr, and pacemaker), Fedora (firefox, java-latest-openjdk, and xen), openSUSE (sddm), Oracle (bind, curl, fence-agents, kernel, librepo, libvirt, python3, qt and qt5-qtbase, and tomcat), SUSE (firefox), and Ubuntu (intel-microcode, openldap, and raptor2). --------------------------------------------- https://lwn.net/Articles/836994/ ∗∗∗ Encryption Vulnerabilities Allow Hackers to Take Control of Schneider Electric PLCs ∗∗∗ --------------------------------------------- Schneider Electric this week released advisories for vulnerabilities impacting various products, including flaws that can be exploited to take control of Modicon M221 programmable logic controllers (PLCs). --------------------------------------------- https://www.securityweek.com/encryption-vulnerabilities-allow-hackers-take-… ∗∗∗ Security Advisory - Denial of Service Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201111… ∗∗∗ Security Bulletin: IBM API Connect V5 is vulnerable to denial of service (CVE-2019-11479) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v5-is-vul… ∗∗∗ Security Bulletin: Vulnerability in HTTPD affects IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-httpd-af… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.11.2020
by Daily end-of-shift report 11 Nov '20

11 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 10-11-2020 18:00 − Mittwoch 11-11-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Targeted ransomware: it’s not just about encrypting your data! ∗∗∗ --------------------------------------------- When we talk about ransomware, we need to draw a line between what it used to be and what it currently is. Why? Because nowadays ransomware is not just about encrypting data – it’s primarily about data exfiltration. --------------------------------------------- https://securelist.com/targeted-ransomware-encrypting-data/99255/ ∗∗∗ Decrypting OpenSSH sessions for fun and profit ∗∗∗ --------------------------------------------- A while ago we had a forensics case in which a Linux server was compromised and a modified OpenSSH binary was loaded into the memory of a webserver. The modified OpenSSH binary was used as a backdoor to the system for the attackers. --------------------------------------------- https://blog.fox-it.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-… ∗∗∗ So kaufen Sie Weihnachtsgeschenke sicher im Internet ein! ∗∗∗ --------------------------------------------- Damit die Weihnachtsvorfreude nicht durch eine Bestellung bei einem Fake-Shop getrübt wird, zeigen wir Ihnen die wichtigsten Punkte, an denen Sie unseriöse Online-Shops erkennen. --------------------------------------------- https://www.watchlist-internet.at/news/so-kaufen-sie-weihnachtsgeschenke-si… ∗∗∗ Play Store identified as main distribution vector for most Android malware ∗∗∗ --------------------------------------------- Mammoth research project using Symantec (now NortonLifeLock) telemetry confirms what everyone suspected. --------------------------------------------- https://www.zdnet.com/article/play-store-identified-as-main-distribution-ve… ∗∗∗ Neuer Android-Trojaner spioniert 153 mobile Anwendungen aus ∗∗∗ --------------------------------------------- Darunter sind auch vier Apps deutscher Banken. Die Verbreitung erfolgt über Links in Spam-E-Mails. Mithilfe der Android-Bedienungshilfen nistet sich der Trojaner dauerhaft auf einem Gerät ein und erlaubt dessen Fernsteuerung. --------------------------------------------- https://www.zdnet.de/88389654/neuer-android-trojaner-spioniert-153-mobile-a… ===================== = Vulnerabilities = ===================== ∗∗∗ NVIDIA fixes severe flaw in GeForce NOW cloud gaming service ∗∗∗ --------------------------------------------- NVIDIA released a security update for the GeForce Now cloud gaming Windows app to address a vulnerability that could allow attackers to execute arbitrary code or escalate privileges on systems running unpatched software. --------------------------------------------- https://www.bleepingcomputer.com/news/security/nvidia-fixes-severe-flaw-in-… ∗∗∗ VU#231329: Replay Protected Memory Block (RPMB) protocol does not adequately defend against replay attacks ∗∗∗ --------------------------------------------- The Replay Protected Memory Block (RPMB) protocol found in several storage specifications does not securely protect against replay attacks. An attacker with physical access can deceive a trusted component about the status of an RPBM write command or the content of an RPMB area. --------------------------------------------- https://kb.cert.org/vuls/id/231329 ∗∗∗ VU#760767: Macrium Reflect is vulnerable to privilege escalation due to OPENSSLDIR location ∗∗∗ --------------------------------------------- Macrium Reflect contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user can create files. --------------------------------------------- https://kb.cert.org/vuls/id/760767 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, firefox, gdm, linux-hardened, matrix-synapse, salt, sddm, and wordpress), Debian (firefox-esr, libmaxminddb, and moin), Fedora (cifs-utils, firefox, galera, java-latest-openjdk, mariadb, mariadb-connector-c, and wordpress), Gentoo (blueman, chromium, firefox, mariadb, qemu, salt, tmux, and wireshark), openSUSE (sddm), Oracle (kernel), Red Hat (kernel-alt, microcode_ctl, and rh-nodejs12-nodejs), SUSE (kernel, microcode_ctl, openldap2, --------------------------------------------- https://lwn.net/Articles/836897/ ∗∗∗ Patchday: Microsoft schließt Kernel-Lücke in Windows ∗∗∗ --------------------------------------------- Es sind über 100 Sicherheitsupdates für Microsoft Office, Windows & Co. erschienen. Eine Lücke nutzen Angreifer derzeit aktiv aus. --------------------------------------------- https://heise.de/-4954195 ∗∗∗ Security Advisory - Command Injection Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201111-… ∗∗∗ XSA-351 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-351.html ∗∗∗ Citrix Systems Virtual Apps and Desktops: Mehrere Schwachstellen ermöglichen Erlangen von Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-1107 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.11.2020
by Daily end-of-shift report 10 Nov '20

10 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Montag 09-11-2020 18:00 − Dienstag 10-11-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ PLATYPUS - With Great Power comes Great Leakage ∗∗∗ --------------------------------------------- With PLATYPUS, we present novel software-based power side-channel attacks on Intel server, desktop and laptop CPUs. We exploit the unprivileged access to the Intel RAPL interface exposing the processors power consumption to infer data and extract cryptographic keys. --------------------------------------------- https://platypusattack.com/ ∗∗∗ wetransfer.com: So nutzen Sie den kostenlosen Dienst sicher ∗∗∗ --------------------------------------------- wetransfer.com - ein beliebter Dienst, um kostenlos und unkompliziert viele Dateien oder Ordner zu teilen. Beim Empfang eines E-Mails von wetransfer.com raten wir jedoch zur Vorsicht, denn Kriminelle versenden im Design des Datenversanddienstes Phishing-E-Mails oder gefährliche E-Mails mit Schadsoftware. Also: Zuerst kontrollieren, dann klicken! --------------------------------------------- https://www.watchlist-internet.at/news/wetransfercom-so-nutzen-sie-den-kost… ∗∗∗ Plötzliche Abkündigung: Avira stellt Business-Sicherheitsprodukte Ende 2021 ein ∗∗∗ --------------------------------------------- Avira weist Geschäftskunden derzeit auf die Einstellung des B2B-Bereichs hin: Bestehende Lizenzen verlieren demnach zum 01.01.22 ihre Gültigkeit. --------------------------------------------- https://heise.de/-4952577 ∗∗∗ Microsoft Teams Users Under Attack in 'FakeUpdates' Malware Campaign ∗∗∗ --------------------------------------------- Microsoft warns that cybercriminals are using Cobalt Strike to infect entire networks beyond the infection point, according to a report. --------------------------------------------- https://threatpost.com/microsoft-teams-fakeupdates-malware/161071/ ∗∗∗ Code Comments Reveal SCP-173 Malware ∗∗∗ --------------------------------------------- We sometimes find malware code injections that contain strange code comments, which are normally used by programmers to annotate a section of code - for example, a short description of a feature or functionality for other developers to reference. Oftentimes, hackers aren’t interested in leaving comments describing how their injected malware works. Instead, they use code comments to add unique identifiers to reference aliases, quotes, threat groups, or sometimes even memes. --------------------------------------------- https://blog.sucuri.net/2020/11/code-comments-reveal-scp-173-malware.html ∗∗∗ WOW64!Hooks: WOW64 Subsystem Internals and Hooking Techniques ∗∗∗ --------------------------------------------- Microsoft is known for their backwards compatibility. When they rolled out the 64-bit variant of Windows years ago they needed to provide compatibility with existing 32-bit applications. In order to provide seamless execution regardless of application bitness, the WoW (Windows on Windows) system was coined. This layer, which will be referred to as 'WOW64' from here on out, is responsible for translating all Windows API calls from 32-bit userspace to the 64-bit operating system --------------------------------------------- https://www.fireeye.com/blog/threat-research/2020/11/wow64-subsystem-intern… ∗∗∗ Snakes and Ladder Logic ∗∗∗ --------------------------------------------- A click to a reverse shell in OpenPLC and ladder logic OR Why you shouldn’t run everything as root in PLC and RTUs. --------------------------------------------- https://www.pentestpartners.com/security-blog/snakes-and-ladder-logic/ ∗∗∗ Npm package caught stealing sensitive Discord and browser files ∗∗∗ --------------------------------------------- Malicious code was found hidden inside a JavaScript library named Discord.dll. --------------------------------------------- https://www.zdnet.com/article/npm-package-caught-stealing-sensitive-discord… ∗∗∗ IoT security is a mess. These guidelines could help fix that ∗∗∗ --------------------------------------------- New guidelines from ENISA recommend that all stages of the IoT device lifecycle need to be considered to help ensure devices are secure. --------------------------------------------- https://www.zdnet.com/article/iot-security-is-a-mess-these-guidelines-could… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdate: Ultimate Member Plug-in gefährdet Wordpress-Seiten ∗∗∗ --------------------------------------------- Admin-Lücken im Plug-in Ultimate Member bedrohen über 100.000 Wordpress-Websites. Eine abgesicherte Version ist verfügbar. --------------------------------------------- https://heise.de/-4952685 ∗∗∗ Remote-Code-Execution-Lücke in Firefox, Firefox ESR und Thunderbird ∗∗∗ --------------------------------------------- Mozilla hat eine kritische Schwachstelle in seinen Webbrowsern und seinem Mail-Client geschlossen. --------------------------------------------- https://heise.de/-4953356 ∗∗∗ SAP Patchday November 2020 ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in SAP Produkten und Anwendungskomponenten ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität der Anwendungen zu gefährden. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1090 ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Connect (APSB20-69) and Adobe Reader Mobile (APSB20-71). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. This posting is provided "AS IS" with no warranties and confers no rights. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1942 ∗∗∗ Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers Slow Path Forwarding Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when an affected device processes network traffic in software switching mode (punted). --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ SSA-492828: Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK Controller ∗∗∗ --------------------------------------------- A vulnerability in S7-300 might allow an attacker to cause a Denial-of-Service condition on port 102 of the affected devices by sending specially crafted packets. Siemens is preparing updates and recommends specific countermeasures until fixes are available. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-492828.txt ∗∗∗ SSA-431802: Multiple Vulnerabilities in SCALANCE W1750D ∗∗∗ --------------------------------------------- Siemens SCALANCE W1750D is a brandlabled device. Aruba has released a related security advisory (ARUBA-PSA-2016-004) [0] disclosing vulnerabilities in its Aruba Instant product line. The advisory contains multiple related vulnerabilities that are summarized in CVE-2016-2031. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-431802.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (moin, obfs4proxy, tcpdump, and zeromq3), Fedora (samba), Mageia (lout, openldap, pacemaker, samba, sddm, and spice, spice-gtk), openSUSE (bluez, ImageMagick, java-1_8_0-openj9, otrs, and wireshark), Red Hat (bind, buildah, curl, fence-agents, kernel, kernel-rt, kpatch-patch, librepo, libvirt, podman, python, python3, qt and qt5-qtbase, resource-agents, skopeo, tomcat, and unixODBC), SUSE (gcc10, python3, SDL, and zeromq), and Ubuntu (libexif). --------------------------------------------- https://lwn.net/Articles/836770/ ∗∗∗ IPAS: Security Advisories for November 2020 ∗∗∗ --------------------------------------------- Hello, It’s the second Tuesday in November and today we are releasing 40 security advisories. If this seems like a large number of advisories for Intel to be releasing, you’re right. However, there are two primary reasons for this. First, as I mentioned in August, we are aligning public disclosures, as much as possible, to [...] --------------------------------------------- https://blogs.intel.com/technology/2020/11/ipas-security-advisories-for-nov… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.11.2020
by Daily end-of-shift report 09 Nov '20

09 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 06-11-2020 18:00 − Montag 09-11-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hacker haben mehrfach Sourcecode aus SonarQube-Instanzen abgegriffen ∗∗∗ --------------------------------------------- Das FBI warnte bereits im Oktober vor einem Angriff auf Installationen unter anderem von US-Regierungsbehörden, aber auch privater Firmen. --------------------------------------------- https://heise.de/-4951630 ∗∗∗ Lets Encrypt: Alte Android-Geräte bekommen Probleme mit Millionen Seiten ∗∗∗ --------------------------------------------- Der Zertifikatswechsel bei Lets Encrypt sorgt für Probleme bei einem Drittel aller Android-Geräte. Die Lösung dafür ist der Firefox. --------------------------------------------- https://www.golem.de/news/let-s-encrypt-alte-android-geraete-bekommen-probl… ∗∗∗ New Pay2Key ransomware encrypts networks within one hour ∗∗∗ --------------------------------------------- A new ransomware called Pay2Key has been targeting organizations from Israel and Brazil, encrypting their networks within an hour in targeted attacks still under investigation. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-pay2key-ransomware-encry… ∗∗∗ How Ryuk Ransomware operators made $34 million from one victim ∗∗∗ --------------------------------------------- One hacker group that is targeting high-revenue companies with Ryuk ransomware received $34 million from one victim in exchange for the decryption key that unlocked their computers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/how-ryuk-ransomware-operator… ∗∗∗ Gitpaste-12 Worm Targets Linux Servers, IoT Devices ∗∗∗ --------------------------------------------- The newly discovered malware uses GitHub and Pastebin to house component code, and harbors 12 different initial attack vectors. --------------------------------------------- https://threatpost.com/gitpaste-12-worm-linux-servers-iot-devices/161016/ ∗∗∗ Adventures in Anti-Gravity ∗∗∗ --------------------------------------------- Here we deconstruct a Mac variant of GravityRAT (the cross-platform spyware, known to target the Indian armed forces). --------------------------------------------- https://objective-see.com/blog/blog_0x5B.html ∗∗∗ Cryptojacking Targeting WebLogic TCP/7001, (Sat, Nov 7th) ∗∗∗ --------------------------------------------- This past week got some interesting logs targeting TCP/7001 (WebLogic CVE-2020-14882 - see previous diary[1][2]) looking to download and launch a shell script to install various cryptominer on the target. The shell script target SELINUX compatible hosts likely CentOS/RedHat, Ubuntu, etc to install various cryptominer applications. --------------------------------------------- https://isc.sans.edu/diary/rss/26768 ∗∗∗ How Attackers Brush Up Their Malicious Scripts, (Mon, Nov 9th) ∗∗∗ --------------------------------------------- On Friday, I received a bunch of alerts from one of my YARA hunting rules. Several samples were submitted from the same account (through the VT API), from the same country (US), and in a very short period of time. All the submitted files were OLE2 files containing a malicious macro. All of them had a low VT score so it deserved some investigations. I downloaded the samples and had a look at them. --------------------------------------------- https://isc.sans.edu/diary/rss/26770 ∗∗∗ When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777 ∗∗∗ --------------------------------------------- Vatet, PyXie and Defray777 are all associated with a financially motivated threat group. We aim to get these malware families on the radar. --------------------------------------------- https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/ ∗∗∗ xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control ∗∗∗ --------------------------------------------- We observed evidence that the xHunt campaign used two backdoors on a compromised Microsoft Exchange Server at an organization in Kuwait. --------------------------------------------- https://unit42.paloaltonetworks.com/xhunt-campaign-backdoors/ ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco stopft schwerwiegende Lücke in Webex Meetings für Windows ∗∗∗ --------------------------------------------- Die Schwachstelle kommt bei internen Tests ans Licht. Ein lokaler Angreifer kann Schadcode ausführen. Weitere Schwachstellen stecken im Web Network Recording Player und Webex Player. --------------------------------------------- https://www.zdnet.de/88389577/cisco-stopft-schwerwiegende-luecke-in-webex-m… ∗∗∗ WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug ∗∗∗ --------------------------------------------- The shopping cart application contains a PHP object-injection bug. --------------------------------------------- https://threatpost.com/wordpress_open_to_attacks_welcart_bug/161037/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (bind, firefox, java-1.8.0-openjdk, kernel, libX11, qemu-kvm, thunderbird, and xorg-x11-server), Debian (guacamole-server, krb5, libexif, poppler, raptor2, and sympa), Fedora (blueman, chromium, freetype, galera, krb5, libtpms, mariadb, mariadb-connector-c, pngcheck, and salt), Mageia (blueman, docker, fontforge, junit, libproxy, libuv, mariadb, suricata, and webmin), openSUSE (apache-commons-httpclient, bluez, gnome-settings-daemon, gnome-shell, [...] --------------------------------------------- https://lwn.net/Articles/836676/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.11.2020
by Daily end-of-shift report 06 Nov '20

06 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 05-11-2020 18:00 − Freitag 06-11-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Reverse shell botnet Gitpaste-12 spreads via GitHub and Pastebin ∗∗∗ --------------------------------------------- A newly discovered worm and botnet named Gitpaste-12 lives on GitHub and also uses Pastebin to host malicious code. The advanced malware comes equipped with reverse shell and crypto mining capabilities. --------------------------------------------- https://www.bleepingcomputer.com/news/security/reverse-shell-botnet-gitpast… ∗∗∗ Sicherheitslücke: Admin-Passwort für Rettungsdienst-System ungeschützt im Netz ∗∗∗ --------------------------------------------- Über die Software Ivena werden Notfallpatienten in Krankenhäusern angemeldet. Ein Admin-Passwort ist nun öffentlich auf der Herstellerwebseite einsehbar gewesen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-admin-passwort-fuer-rettungsdie… ∗∗∗ RansomEXX Trojan attacks Linux systems ∗∗∗ --------------------------------------------- We recently discovered a new file-encrypting Trojan built as an ELF executable and intended to encrypt data on machines controlled by Linux-based operating systems. --------------------------------------------- https://securelist.com/ransomexx-trojan-attacks-linux-systems/99279/ ∗∗∗ ALFA TEaM Shell ~ v4.1-Tesla: A Feature Update Analysis ∗∗∗ --------------------------------------------- We’ve seen a wider variety of PHP web shells being used by attackers this year — including a number of shells that have been significantly updated in an attempt to “improve” them. Depending on the scope of changes and feature enhancements that are added to an existing web shell’s source code, these updates can be tedious and time consuming for bad actors. For this reason, it’s common to see code for web shells reused among different, unaffiliated attackers. --------------------------------------------- https://blog.sucuri.net/2020/11/alfa-team-shell-v4-1-tesla-a-feature-update… ∗∗∗ Rediscovering Limitations of Stateful Firewalls: "NAT Slipstreaming" ? Implications, Detections and Mitigations ∗∗∗ --------------------------------------------- A recent {rediscovered} technique (NAT Slipstreaming) to allow an attacker remotely access any TCP/UDP service bound to a victim’s machine, thus bypassing the victim’s Network Address Translation (NAT)/firewall implementation was detailed by Samy Kamkar [1]. Samy had also shared a similar technique termed “NAT Pinning” back in 2010 [2]. The similarities in both techniques were convincing victims to access a specially crafted site implementing said techniques, resulting in [...] --------------------------------------------- https://isc.sans.edu/forums/diary/Rediscovering+Limitations+of+Stateful+Fir… ∗∗∗ Business VOIP phone systems are being hacked for profit worldwide. Is yours secure? ∗∗∗ --------------------------------------------- Security researchers have uncovered an organised gang of cybercriminals who are compromising the VOIP phone systems of over 1000 organisations worldwide. Check Point has identified a malicious campaign that has targeted a critical vulnerability in the Sangoma PBX open-source GUI, used to manage installations of Asterisk - the worlds most popular VOIP phone system for businesses. --------------------------------------------- https://businessinsights.bitdefender.com/business-voip-phone-systems-are-be… ∗∗∗ IntelMQ offers tutorial lessons and a new documentation page ∗∗∗ --------------------------------------------- The IntelMQ tutorial guiding through various features and tools of IntelMQ is available in the IntelMQ Tutorial GitHub repository. Lesson one introduces the architecture, concepts and terminology of the project. Lessons two and three delve hands-on into working with IntelMQ. Starting with installation and basic usage & configuration they go on to tackle progressively more advanced topics like using advanced features or changing the message queue software to be used. --------------------------------------------- https://cert.at/en/blog/2020/11/intelmq-tutorial-and-new-documentation-page ∗∗∗ Ryuk Speed Run, 2 Hours to Ransom ∗∗∗ --------------------------------------------- Since the end of September Ryuk has been screaming back into the news. We’ve already covered 2 cases in that timeframe. We’ve seen major healthcare providers, managed service providers, [...] --------------------------------------------- https://thedfirreport.com/2020/11/05/ryuk-speed-run-2-hours-to-ransom/ ===================== = Vulnerabilities = ===================== ∗∗∗ Schwachstellen in iOS werden aktiv ausgenutzt – kein Update für iOS 13 ∗∗∗ --------------------------------------------- Apple-Nutzer sollten ihr Betriebssystem zügig aktualisieren, kritische Lücken werden wohl für Angriffe verwendet. Nicht alle Systemversionen erhalten Updates. --------------------------------------------- https://heise.de/-4950496 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (sddm and wordpress), Fedora (blueman, chromium, pngcheck, and salt), openSUSE (chromium, salt, tiff, tigervnc, tmux, tomcat, transfig, and xen), Oracle (freetype, kernel, libX11, thunderbird, and xorg-x11-server), SUSE (bluez, ImageMagick, java-1_8_0-openjdk, rmt-server, salt, and u-boot), and Ubuntu (dom4j, firefox, netqmail, phpldapadmin, and tmux). --------------------------------------------- https://lwn.net/Articles/836467/ ∗∗∗ Security Advisory - Netlogon Elevation of Privilege Vulnerability ∗∗∗ --------------------------------------------- https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201105… ∗∗∗ Digium Certified Asterisk: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1084 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.11.2020
by Daily end-of-shift report 05 Nov '20

05 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 04-11-2020 18:00 − Donnerstag 05-11-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Exploit für Cisco-VPN AnyConnect in Umlauf - Sicherheitsupdate steht noch aus ∗∗∗ --------------------------------------------- Attacken auf Ciscos VPN-Lösung AnyConnect könnten kurz bevor stehen. Bislang gibt es aber nur Patches für andere Lücken in IOS XR, Webwex & Co. --------------------------------------------- https://heise.de/-4948798 ∗∗∗ Attacks on industrial enterprises using RMS and TeamViewer: new data ∗∗∗ --------------------------------------------- In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the economy that are associated with industrial production in one way or another. --------------------------------------------- https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-team… ∗∗∗ Did You Spot "Invoke-Expression"?, (Thu, Nov 5th) ∗∗∗ --------------------------------------------- When a PowerShell script is obfuscated, the deobfuscation process is, most of the time, performed through the Invoke-Expression cmdlet[1]. Invoke-Expression evaluates the string passed as an argument and returns the results of the commands inside the string. --------------------------------------------- https://isc.sans.edu/diary/rss/26762 ∗∗∗ Legacy Mauthtoken Malware Continues to Redirect Mobile Users ∗∗∗ --------------------------------------------- During malware analysis, we regularly find variations of this injected script on various compromised websites: . The variable “_0x446d” assigns hex encoded strings in different positions in the array. If we get the ASCII representation of the variable, we’ll end up with the following code: [...] --------------------------------------------- https://blog.sucuri.net/2020/11/legacy-mauthtoken-malware-continues-to-redi… ∗∗∗ BEC Scammers Exploit Flaw to Spoof Domains of Rackspace Customers ∗∗∗ --------------------------------------------- A threat actor specializing in business email compromise (BEC) attacks has been observed exploiting a vulnerability to spoof the domains of Rackspace customers as part of its operations. --------------------------------------------- https://www.securityweek.com/bec-scammers-exploit-flaw-spoof-domains-racksp… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates: BIG-IP Appliances und die Admin-Falle ∗∗∗ --------------------------------------------- Der Netzwerkausrüster F5 hat wichtige Patches zum Absichern verschiedener Appliances veröffentlicht. --------------------------------------------- https://heise.de/-4949448 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bouncycastle, gdm3, and libonig), Fedora (arpwatch, thunderbird, and trousers), openSUSE (chromium, gn), Red Hat (freetype, libX11, thunderbird, and xorg-x11-server), and SUSE (ImageMagick, java-11-openjdk, salt, and wireshark). --------------------------------------------- https://lwn.net/Articles/836238/ ∗∗∗ In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover - CVE-2020-14871 ∗∗∗ --------------------------------------------- FireEye Mandiant has been investigating compromised Oracle Solaris machines in customer environments. During our investigations, we discovered an exploit tool on a customer’s system and analyzed it to see how it was attacking their Solaris environment. The FLARE team’s Offensive Task Force analyzed the exploit to determine how it worked, reproduced the vulnerability on different versions of Solaris, and then reported it to Oracle. In this blog post we present a description of the [...] --------------------------------------------- https://www.fireeye.com/blog/threat-research/2020/11/critical-buffer-overfl… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.11.2020
by Daily end-of-shift report 04 Nov '20

04 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 03-11-2020 18:00 − Mittwoch 04-11-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ 49.500 Euro gewonnen? Vorsicht, BetrügerInnen geben sich am Telefon als EuroMillionen aus! ∗∗∗ --------------------------------------------- „Herzlichen Glückwünsch. Sie haben 49.500 Euro gewonnen“. BetrügerInnen rufen im Namen von EuroMillionen an und übermitteln ihren Opfern diese gute Nachricht. Doch tatsächlich handelt es sich um Vorschussbetrug: Bevor der Betrag überwiesen werden kann, müssen die vermeintlichen GewinnerInnen 1.500 Euro für eine Versicherung bezahlen. Der Gewinn wird trotzdem nicht überwiesen, die 1.500 Euro sind also verloren. --------------------------------------------- https://www.watchlist-internet.at/news/49500-euro-gewonnen-vorsicht-betrueg… ∗∗∗ Exchange-Lücke: Immer noch viele Server offen ∗∗∗ --------------------------------------------- Einen Monat nachdem heise Security über die dramatische Zahl an verwundbaren Systemen berichtete, hat sich die Situation zwar verbessert, aber nicht entspannt. --------------------------------------------- https://heise.de/-4947221 ∗∗∗ Google: Android-Lücke kann Geräte "dauerhaft" lahmlegen ∗∗∗ --------------------------------------------- Google schließt mit dem November-Update für Android mehrere kritische Sicherheitslücken. Geräte können lahmgelegt oder auch übernommen werden. --------------------------------------------- https://www.golem.de/news/google-android-luecke-kann-geraete-dauerhaft-lahm… ∗∗∗ New RegretLocker ransomware targets Windows virtual machines ∗∗∗ --------------------------------------------- A new ransomware called RegretLocker uses a variety of advanced features that allows it to encrypt virtual hard drives and close open files for encryption. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-regretlocker-ransomware-… ∗∗∗ Sneaky Office 365 phishing inverts images to evade detection ∗∗∗ --------------------------------------------- A creative Office 365 phishing campaign has been inverting images used as backgrounds for landing pages to avoid getting flagged as malicious by crawlers designed to spot phishing sites. --------------------------------------------- https://www.bleepingcomputer.com/news/security/sneaky-office-365-phishing-i… ∗∗∗ Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike, (Tue, Nov 3rd) ∗∗∗ --------------------------------------------- Starting late last week, we observed a large number of scans against our WebLogic honeypots to detect if they are vulnerable to CVE-2020-14882. CVE-2020-14882 was patched about two weeks ago as part of Oracle's quarterly critical patch update. In addition to scans simply enumerating vulnerable servers, we saw a small number of scans starting on Friday (Oct. 30th) attempting to install crypto-mining tools [1]. --------------------------------------------- https://isc.sans.edu/diary/rss/26752 ===================== = Vulnerabilities = ===================== ∗∗∗ SaltStack: Security-Packages beseitigen drei teils kritische Sicherheitslücken ∗∗∗ --------------------------------------------- Für viele SaltStack-Versionen stehen Aktualisierungen bereit; die Entwickler raten angesichts der von drei Lücken ausgehenden Gefahren zum zeitnahen Update. --------------------------------------------- https://heise.de/-4947393 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium and firefox), Fedora (nss), openSUSE (pacemaker), Red Hat (bind, binutils, bluez, cloud-init, container-tools:rhel8, cryptsetup, cups, curl, cyrus-imapd, cyrus-sasl, dovecot, dpdk, edk2, evolution, expat, file-roller, fontforge, freeradius:3.0, freerdp and vinagre, freetype, frr, gd, glibc, GNOME, gnome-software and fwupd, gnupg2, grafana, httpd:2.4, idm:DL1 and idm:client, kernel, kernel-rt, libarchive, libexif, libgcrypt, libldb, [...] --------------------------------------------- https://lwn.net/Articles/836137/ ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- Cisco hat für mehrere Produkte insgesamt 35 Security Advisories mit folgenden Security Impact Ratings veröffentlicht: High: 12 Medium: 23 --------------------------------------------- https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&first… ∗∗∗ Patch for Critical VMware ESXi Vulnerability Incomplete ∗∗∗ --------------------------------------------- VMware on Wednesday informed customers that it has released new patches for ESXi after learning that a fix made available last month for a critical vulnerability was incomplete. --------------------------------------------- https://www.securityweek.com/patch-critical-vmware-esxi-vulnerability-incom… ∗∗∗ Joomla Publisher V 3.0.19 Stored XSS ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2020110017 ∗∗∗ Joomla JomSocial 4.7.6 Stored XSS ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2020110016 ∗∗∗ Security Advisory - Insecure Encryption Algorithm Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- https://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20201104… ∗∗∗ Vulnerabilities in Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) ∗∗∗ --------------------------------------------- https://sec-consult.com/./en/blog/advisories/vulnerabilities-in-trend-micro… ∗∗∗ Red Hat Enterprise Linux: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1076 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.11.2020
by Daily end-of-shift report 03 Nov '20

03 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Montag 02-11-2020 18:00 − Dienstag 03-11-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Emotet -> Qakbot -> more Emotet, (Tue, Nov 3rd) ∗∗∗ --------------------------------------------- On Friday 2020-10-30, I generated an Emotet infection in my lab and saw Qakbot as the follow-up malware. I let the activity run for a while, then another Emotet infection appeared on the same host after Qakbot started. --------------------------------------------- https://isc.sans.edu/diary/rss/26750 ∗∗∗ Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945 ∗∗∗ --------------------------------------------- Through Mandiant investigation of intrusions between February 2018 and September 2020, the FLARE Advanced Practices team observed a group we track as UNC1945 compromise telecommunications companies and operate against a tailored set of targets within the financial and professional consulting industries by leveraging access to third-party networks (see this blog post for an in-depth description of “UNC” groups). UNC1945 targeted Oracle Solaris operating systems, utilized several [...] --------------------------------------------- https://www.fireeye.com/blog/threat-research/2020/11/live-off-the-land-an-o… ∗∗∗ JavaScript-Paketmanager: Twilio-Brandjacking-Paket öffnet Hintertür ∗∗∗ --------------------------------------------- Vergangenes Wochenende haben Angreifer ein Paket namens twilio-npm veröffentlicht, das eine Reverse Shell auf dem Entwicklersystem startet. --------------------------------------------- https://heise.de/-4945861 ∗∗∗ Schubladen für Schwachstellen: Das CVE-System im Überblick ∗∗∗ --------------------------------------------- MITREs Common Vulnerabilities and Exposures System (CVE) ist der gängige Standard zur Verwaltung von Schwachstellen. Wir erklären, was es damit auf sich hat. --------------------------------------------- https://heise.de/-4940478 ∗∗∗ Hundewelpen im Internet kaufen? - Lieber nicht! ∗∗∗ --------------------------------------------- Bei der Recherche nach Züchtern im Internet, stoßen Sie möglicherweise auf Websites, die wunderschöne Rasse-Hundewelpen verkaufen - meist zu einem sehr günstigen Preis. TierliebhaberInnen werden vor allem mit liebevollen Fotos und Beschreibung verlockt, sich mit dem vermeintlichen Züchter in Verbindung zu setzen. Doch Vorsicht: Der Handel von Hunden und Katzen über das Internet ist in Österreich verboten. --------------------------------------------- https://www.watchlist-internet.at/news/hundewelpen-im-internet-kaufen-liebe… ∗∗∗ These software bugs are years old. But businesses still arent patching them ∗∗∗ --------------------------------------------- Many organisations still havent applied security patches issued years ago, putting them at risk from common cyber attacks. --------------------------------------------- https://www.zdnet.com/article/these-software-bugs-are-years-old-but-busines… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Alert CVE-2020-14750 Released ∗∗∗ --------------------------------------------- Oracle has just released Security Alert CVE-2020-14750. This vulnerability affects a number of versions of Oracle WebLogic Server and has a CVSS Base Score of 9.8. WebLogic Server customers should refer to the Security Alert Advisory for information on affected versions and how to obtain the required patches. This vulnerability is related to CVE-2020-14882, which was addressed in the October 2020 Critical Patch Update. Vulnerability CVE-2020-14750 is remotely exploitable without authentication, [...] --------------------------------------------- https://blogs.oracle.com/security/security-alert-cve-2020-14750-released ∗∗∗ Security Updates Available for Adobe Acrobat and Reader (APSB20-67) ∗∗∗ --------------------------------------------- Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB20-67). The updates referenced in the bulletin address critical, important and moderate vulnerabilities and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1939 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (blueman and wordpress), Fedora (fastd, kernel, and samba), Gentoo (bluez, fossil, kpmcore, libssh, and opendmarc), openSUSE (claws-mail and icinga2), and Ubuntu (blueman). --------------------------------------------- https://lwn.net/Articles/835952/ ∗∗∗ Googles Project Zero deckt Sicherheitslücke bei GitHub auf ∗∗∗ --------------------------------------------- Das Sicherheitsteam hat das Risiko der gefundenen Schwachstelle für Entwickler als hoch eingestuft. Eine schnelle Lösung des Problems gibt es bisher nicht. --------------------------------------------- https://heise.de/-4946535 ∗∗∗ Android Security Bulletin - November 2020 ∗∗∗ --------------------------------------------- [...] The most severe of these issues is a critical security vulnerability in the System component that could enable a proximal attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2020-11-01 ∗∗∗ Google Patches Actively Exploited Chrome Vulnerabilities ∗∗∗ --------------------------------------------- Google has released updates to address multiple vulnerabilities in the Chrome browser, including two that are actively exploited in attacks. Chrome 86.0.4240.183 for Windows, macOS, and Linux was pushed to the stable channel with patches for a total of seven vulnerabilities, all of which feature a severity rating of high. --------------------------------------------- https://www.securityweek.com/google-patches-actively-exploited-chrome-vulne… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.11.2020
by Daily end-of-shift report 02 Nov '20

02 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 30-10-2020 18:00 − Montag 02-11-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitslücke: Zero Day im Windows-Kernel veröffentlicht ∗∗∗ --------------------------------------------- Google hat die Sicherheitslücke nach nur 7 Tagen veröffentlicht, weil sie bereits aktiv ausgenutzt wurde. Patches gibt es nicht. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-zero-day-im-windows-kernel-vero… ∗∗∗ More File Selection Gaffes, (Sat, Oct 31st) ∗∗∗ --------------------------------------------- A reader submitted a file, that turned out to be a mass mailer project file used by malicious actors. --------------------------------------------- https://isc.sans.edu/diary/rss/26722 ∗∗∗ CSS-JS Steganography in Fake Flash Player Update Malware ∗∗∗ --------------------------------------------- This summer, MalwareBytes researcher Jérôme Segura wrote an article about how criminals use image files (.ico) to hide JavaScript credit card stealers on compromised e-commerce sites. In a tweet, Affable Kraut also reported another similar obfuscation technique using .ico files to conceal JavaScript skimmers. Just something I’ve noticed more recently with digital skimmers/#magecart. --------------------------------------------- https://blog.sucuri.net/2020/11/css-js-steganography-in-fake-flash-player-u… ∗∗∗ How to Protect Yourself From Pwned and Password Reuse Attacks ∗∗∗ --------------------------------------------- Many businesses are currently looking at how to bolster security across their organization as the pandemic and remote work situation continues to progress towards the end of the year. As organizations continue to implement security measures to protect business-critical data, there is an extremely important area of security that often gets overlooked - passwords. --------------------------------------------- https://thehackernews.com/2020/11/how-to-protect-yourself-from-pwned-and.ht… ∗∗∗ NAT Slipstreaming ∗∗∗ --------------------------------------------- NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victims NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website. --------------------------------------------- https://samy.pl/slipstream/ ∗∗∗ Ransomware Protection and Containment Strategies: Practical Guidance forEndpoint Protection, Hardening, and Containment ∗∗∗ --------------------------------------------- UPDATE (Oct. 30, 2020): We have updated the report to include additional protection and containment strategies based on front-line visibility and response efforts in combating ransomware. While the full scope of recommendations included within the initial report remain unchanged, the following strategies have been added into the report: [...] --------------------------------------------- https://www.fireeye.com/blog/threat-research/2019/09/ransomware-protection-… ∗∗∗ Cisco Talos Advisory on Adversaries Targeting the Healthcare and Public Health Sector ∗∗∗ --------------------------------------------- Cisco Talos has become aware that an adversary is leveraging Trickbot banking trojan and Ryuk ransomware to target U.S. hospitals and healthcare providers at an increasing rate. Security journalists reported on October 28, 2020 that the adversary was preparing to encrypt systems at “potentially hundreds” of medical centers and hospitals, based on a tip from a researcher who had been monitoring communications for the threat actor. --------------------------------------------- https://blog.talosintelligence.com/2020/10/healthcare-advisory.html ∗∗∗ RiskIQ Has Released Its Corpus of Infrastructure and IOCs Related to Ryuk Ransomware ∗∗∗ --------------------------------------------- Ryuk Ransomware has flooded US hospitals, threatening to shut down their operations when theyre needed most. Ryuk now accounts for a third of all ransomware attacks in 2020, with its operators finding success while many healthcare organizations are most vulnerable. However, the cybersecurity community is coming together to combat this rash of attacks, combining resources to provide network defenders with alerts and intelligence to protect our healthcare institutions. --------------------------------------------- https://www.riskiq.com/blog/external-threat-management/ryuk-ransoware-indic… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (cimg, junit4, kernel, openldap, qtsvg-opensource-src, spice, spice-gtk, tzdata, and wireshark), Fedora (firefox, java-1.8.0-openjdk, java-11-openjdk, and thunderbird), openSUSE (apache2, binutils, libvirt, lout, pacemaker, pagure, phpMyAdmin, samba, sane-backends, singularity, spice, spice-gtk, thunderbird, nspr, tomcat, virt-bootstrap, and xen), SUSE (graphviz, liblouis, and samba), and Ubuntu (samba). --------------------------------------------- https://lwn.net/Articles/835838/ ∗∗∗ Oracle Security Alert for CVE-2020-14750 - 01 November 2020 ∗∗∗ --------------------------------------------- https://www.oracle.com/security-alerts/alert-cve-2020-14750.html ∗∗∗ Hormann BiSecur Gateway and Home Server multiple vulnerabilities ∗∗∗ --------------------------------------------- https://sec-consult.com/./en/blog/advisories/hormann-bisecur-gateway-and-ho… ∗∗∗ WordPress: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-1058 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.10.2020
by Daily end-of-shift report 30 Oct '20

30 Oct '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 29-10-2020 18:00 − Freitag 30-10-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ „2. Lockdown! Krise! Was jetzt?“ – SMS bewirbt betrügerische Investment-Plattform ∗∗∗ --------------------------------------------- Eine Verschärfung der Corona-Maßnahmen bedeutet für viele Menschen weniger Einkommen. Das wissen auch BetrügerInnen. Sie nutzen diese Notsituation bewusst aus. So kursiert derzeit eine betrügerische SMS, in der eine scheinbar einfache Lösung angeboten wird: Das Investieren in Bitcoins – allerdings auf einer unseriösen Plattform. Die Schadenssummen, die dabei entstehen, reichen von 200 Euro bis weit über 100.000 Euro. Löschen Sie daher die SMS! --------------------------------------------- https://www.watchlist-internet.at/news/2-lockdown-krise-was-jetzt-sms-bewir… ∗∗∗ [SANS ISC] Quick Status of the CAA DNS Record Adoption ∗∗∗ --------------------------------------------- I published the following diary on isc.sans.edu: “Quick Status of the CAA DNS Record Adoption“: In 2017, we already published a guest diary about “CAA” or “Certification Authority Authorization”. I was curious about the status of this technique and the adoption level in 2020. Has it been adopted massively sinceThe post [SANS ISC] Quick Status of the CAA DNS Record Adoption appeared first on /dev/random. --------------------------------------------- https://blog.rootshell.be/2020/10/30/sans-isc-quick-status-of-the-caa-dns-r… ∗∗∗ BEC Attacks Targeting Energy and Infrastructure Rise by 93% ∗∗∗ --------------------------------------------- Business email compromise attacks (BEC) have continued to grow in Q3 of 2020, rising by 15% overall compared to Q2, according to Abnormal Security’s Quarterly BEC Report. The average weekly volume of BEC attacks increased quarter-by-quarter in six out of eight industries, with the biggest rise observed in the energy/infrastructure sector, at 93%. --------------------------------------------- https://www.infosecurity-magazine.com/news/bec-attacks-energy-infrastructur… ∗∗∗ Pktvisor: Open source tool for network visibility ∗∗∗ --------------------------------------------- NS1 announced that pktvisor, a lightweight, open source tool for real-time network visibility, is available on GitHub. The importance of applications and digital services has skyrocketed in 2020. Connectivity and resilience are imperative to keeping people connected and business moving forward. Visibility into network traffic, especially in distributed edge environments and with malicious attacks on the rise, is a critical part of ensuring uptime and performance. --------------------------------------------- https://www.helpnetsecurity.com/2020/10/30/pktvisor-open-source-tool/ ∗∗∗ Oh ... Ransomware hat auch meine Backups verschlüsselt ... Was nun? ∗∗∗ --------------------------------------------- Das Thema Ransomware verfolgt Unternehmen weltweit nun schon ein bis zwei Jahrzehnte [1]. Es ist auch kein Trend zu erkennen, dass sich das bald ändern sollte. Es muss leider vom Gegenteil ausgegangen werden. Die Anzahl an Vorfällen ist besonders in den letzten Jahren gestiegen [2]. Angreifer setzten inzwischen nicht nur auf Verschlüsselung, sondern drohen mit der Veröffentlichung von Unternehmensdaten, welche vor dem Unbrauchbarmachen exfiltriert wurden, um die [...] --------------------------------------------- https://cert.at/de/blog/2020/10/oh-ransomware-hat-auch-meine-backups-versch… ===================== = Vulnerabilities = ===================== ∗∗∗ Attacks exploiting Netlogon vulnerability (CVE-2020-1472) ∗∗∗ --------------------------------------------- Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol (CVE-2020-1472) which was previously addressed in security updates starting on August 11, 2020. If the original guidance is not applied, the vulnerability could allow an attacker to spoof a domain controller account that could be [...] --------------------------------------------- https://msrc-blog.microsoft.com:443/2020/10/29/attacks-exploiting-netlogon-… ∗∗∗ Sicherheitslücken: Nvidia veröffentlicht BMC-Firmware-Updates für DGX-Server ∗∗∗ --------------------------------------------- Aus der AMI BMC-Firmware für Nvidias Deep-Learning-Server DGX-1, DGX-2 und DGX A100 wurden neun Sicherheitslücken entfernt, von denen eine als kritisch gilt. --------------------------------------------- https://heise.de/-4943948 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Synology SRM (Synology Router Manager) ∗∗∗ --------------------------------------------- Cisco Talos recently discovered multiple remote vulnerabilities in software that helps power Synology routers. The bugs exist in Synology Router Manager (SRM) - a Linux-based operating system for Synology routers - and QuickConnect, a feature inside SRM that allows users to remotely connect to their routers. An adversary could use these vulnerabilities to carry out a range of [...] --------------------------------------------- https://blog.talosintelligence.com/2020/10/vulnerability-spotlight-multiple… ∗∗∗ October 29, 2020 TNS-2020-07 [R1] Nessus Agent 8.2.0 Fixes One Vulnerability ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2020-07 ∗∗∗ October 29, 2020 TNS-2020-08 [R1] Nessus 8.12.1 Fixes One Vulnerability ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2020-08 ∗∗∗ Wireshark: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-1054 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.10.2020
by Daily end-of-shift report 29 Oct '20

29 Oct '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 28-10-2020 18:00 − Donnerstag 29-10-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB20-67) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB20-67) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, November 03, 2020. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well as the Adobe PSIRT Blog. This posting is provided “AS IS” with no warranties and [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1936 ∗∗∗ CPU: ME-Hacker knacken Intel-Microcode-Updates ∗∗∗ --------------------------------------------- Sicherheitsforscher können die Microcode-Updates für Intel-CPUs entschlüsseln und untersuchen. Eine Übernahme ist damit noch nicht möglich. --------------------------------------------- https://www.golem.de/news/cpu-me-hacker-knacken-intel-microcode-updates-201… ∗∗∗ 5 Places Where You’d Never Expect to Get Hacked ∗∗∗ --------------------------------------------- For every gleaming new IoT device that hits the market, a hacker somewhere is figuring out how to compromise it. Today, even routine activities can land you in the sights of a bad actor. --------------------------------------------- https://blog.sucuri.net/2020/10/5-places-where-youd-never-expect-to-get-hac… ∗∗∗ Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser ∗∗∗ --------------------------------------------- Throughout 2020, ransomware activity has become increasingly prolific, relying on an ecosystem of distinct but co-enabling operations to gain access to targets of interest before conducting extortion. Mandiant Threat Intelligence has tracked several loader and backdoor campaigns that lead to the post-compromise deployment of ransomware, sometimes within 24 hours of initial compromise. Effective and fast detection of these campaigns is key to mitigating this threat. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-w… ∗∗∗ Jetzt patchen! Angreifer scannen nach verwundbaren Oracle-WebLogic-Servern ∗∗∗ --------------------------------------------- Admins sollten ihre WebLogic-Server aus Sicherheitsgründen auf den aktuellen Stand bringen. --------------------------------------------- https://heise.de/-4942360 ∗∗∗ Erpressungstrojaner: Maze hört wohl auf, REvil macht 100 Millionen US-Dollar ∗∗∗ --------------------------------------------- Ransomware ist nach wie vor der Star der Malware-Szene. Die Drahtzieher bauen ihr "Geschäftsmodell" stetig aus und ernten damit Umsätze in Millionenhöhe. --------------------------------------------- https://heise.de/-4942549 ∗∗∗ ESET Threat Report für das 3. Quartal 2020 ∗∗∗ --------------------------------------------- Die Bedrohungslage im zweiten Quartal 2020 aus Sicht der ESET-Telemetrie und der ESET-Sicherheitsforscher. --------------------------------------------- https://www.welivesecurity.com/deutsch/2020/10/28/eset-threat-report-fuer-d… ∗∗∗ Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee ∗∗∗ --------------------------------------------- Domain parking might appear harmless at first glance, but parked domains can redirect visitors to unwanted landing pages or turn entirely malicious. --------------------------------------------- https://unit42.paloaltonetworks.com/domain-parking/ ===================== = Vulnerabilities = ===================== ∗∗∗ Code vulnerabilities put health records at risk ∗∗∗ --------------------------------------------- OpenEMR is the most popular open source software for electronic health record and medical practice management. It is used world-wide to manage sensitive patient data, including information about medications, laboratory values, and diseases. [...] During our security research of popular web applications, we discovered several code vulnerabilities in OpenEMR 5.0.2.1. A combination of these vulnerabilities allowed remote attackers to execute arbitrary system commands on any OpenEMR server that [...] --------------------------------------------- https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability ∗∗∗ Samba: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Samba ausnutzen, um Informationen offenzulegen oder einen Denial of Service zu verursachen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1051 ∗∗∗ F5 BIG-IP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in F5 BIG-IP ausnutzen, um einen Denial of Service Angriff durchzuführen, Informationen offenzulegen oder einen Cross Site Scripting Angriff durchzuführen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1052 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (linux-4.19), Fedora (tcpreplay, xen, and yubihsm-shell), SUSE (pacemaker), and Ubuntu (gosa and pam-python). --------------------------------------------- https://lwn.net/Articles/835552/ ∗∗∗ Security Bulletin: IBM Security Directory Suite is affected by security vulnerability(CVE-2018-4441) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-directory-su… ∗∗∗ Security Bulletin: Multiple security vulnerabilities have been identified in IBM® Java SDK that affect IBM Security Directory Suite – October 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: IBM i2 Analyst's Notebook Memory Corruption Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analysts-notebook-… ∗∗∗ Security Bulletin: IBM Resilient OnPrem could allow an attacker on a restricted internal network to provide the server with a spoofed source IP address. (CVE-2020-4864) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-onprem-coul… ∗∗∗ Security Bulletin: Embedded WebSphere Application Server is vulnerable to an information disclosure vulnerability affects Content Collector for Email ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-applic… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data – Golang (CVE-2020-16845) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: Embedded WebSphere Application Server is vulnerable to an information disclosure vulnerability affects Content Collector for Email ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-applic… ∗∗∗ Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-struts-publicly-di… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.10.2020
by Daily end-of-shift report 28 Oct '20

28 Oct '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 27-10-2020 18:00 − Mittwoch 28-10-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ So schützen Sie sich im Webbrowser vor Phishing-Attacken ∗∗∗ --------------------------------------------- Derzeit werden der Watchlist Internet sehr viele Phishing-Versuche gemeldet. Die BetrügerInnen werden dabei immer raffinierter. Damit Sie sich besser vor den betrügerischen Phishing-Seiten schützen können, zeigen wir Ihnen Schritt für Schritt wie Sie Phishing-Warnungen in Google Chrome und Firefox einschalten können. --------------------------------------------- https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-im-webbrowser-… ∗∗∗ LokiBot Malware: What it is and how to respond to it ∗∗∗ --------------------------------------------- The Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security recently announced that activity in LokiBot, a form of aggressive malware, has increased dramatically over the last two months. The activity increase was discovered by an automated intrusion detection system referred to as EINSTEIN, which the Department of Homeland Security uses for collecting and analyzing security information across numerous [...] --------------------------------------------- https://cybersecurity.att.com/blogs/security-essentials/lokibot-malware-wha… ∗∗∗ Microsoft Defender ATP scars admins with false Cobalt Strike alerts ∗∗∗ --------------------------------------------- Administrators woke up to a scary surprise today after false positives in Microsoft Defender ATP showed network devices infected with Cobalt Strike. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-atp-scar… ∗∗∗ Facebook "copyright violation" tries to get past 2FA - don’t fall for it! ∗∗∗ --------------------------------------------- Watch out for "Facebook copyright violation" emails - even if they link straight back to Facebook.com --------------------------------------------- https://nakedsecurity.sophos.com/2020/10/27/facebook-copyright-violation-tr… ∗∗∗ SMBGhost - the critical vulnerability many seem to have forgotten to patch, (Wed, Oct 28th) ∗∗∗ --------------------------------------------- You probably remember that back in March, Microsoft released a patch for a vulnerability in SMBv3 dubbed SMBGhost (CVE-2020-0796), since at that time, it received as much media attention as was reasonable for a critical (CVSS 10.0) vulnerability in Windows, which might lead to remote code execution[1]. --------------------------------------------- https://isc.sans.edu/diary/rss/26732 ∗∗∗ Hörmann - Tag der offenen Tür für alle... ∗∗∗ --------------------------------------------- Die Erkennung potenzieller Schwachstellen durch SEC Consult erwies sich als hilfreich, um das gesamte BiSecur-System zu verbessern. --------------------------------------------- https://www.sec-consult.com/./blog/2020/10/hoermann-tag-der-offenen-tuer-fu… ∗∗∗ TrickBot Linux Variants Active in the Wild Despite Recent Takedown ∗∗∗ --------------------------------------------- Efforts to disrupt TrickBot may have shut down most of its critical infrastructure, but the operators behind the notorious malware arent sitting idle. According to new findings shared by cybersecurity firm Netscout, TrickBots authors have moved portions of their code to Linux in an attempt to widen the scope of victims that could be targeted. --------------------------------------------- https://thehackernews.com/2020/10/trickbot-linux-variants-active-in-wild.ht… ∗∗∗ Welcome to ThreatPursuit VM: A Threat Intelligence and Hunting Virtual Machine ∗∗∗ --------------------------------------------- Skilled adversaries can deceive detection and often employ new measures in their tradecraft. Keeping a stringent focus on the lifecycle and evolution of adversaries allows analysts to devise new detection mechanisms and response processes. Access to the appropriate tooling and resources is critical to discover these threats within a timely and accurate manner. Therefore, we are actively compiling the most essential software packages into a Windows-based distribution: ThreatPursuit VM. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/10/threatpursuit-vm-threat… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (blueman), Fedora (nodejs), Gentoo (firefox), openSUSE (kleopatra), Oracle (java-1.8.0-openjdk), SUSE (apache2, binutils, firefox, pacemaker, sane-backends, spice, spice-gtk, tomcat, virt-bootstrap, xen, and zeromq), and Ubuntu (ca-certificates, mariadb-10.1, mariadb-10.3, netty, openjdk-8, openjdk-lts, perl, and tomcat6). --------------------------------------------- https://lwn.net/Articles/835497/ ∗∗∗ Sicherheitsupdate: Angreifer könnten eigene Befehle auf Qnap NAS ausführen ∗∗∗ --------------------------------------------- Netzwerkspeicher von Qnap sind über zwei Lücken attackierbar. Ein Patch schafft Abhilfe. --------------------------------------------- https://heise.de/-4941315 ∗∗∗ MediaWiki: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1048 ∗∗∗ Red Hat OpenShift: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1049 ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Jul 2020 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affect IBM Tivoli System Automation Application Manager Jul 2020 (CVE-2020-2590) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA (July 2020) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A security vulnerability in Node.js serialize-javascript affects IBM Cloud Pak for Multicloud Management Managed Service. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Security vulnerability in Java SE affects Rational Build Forge (CVE-2020-2601) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in… ∗∗∗ Security Bulletin: Vulnerability in Network Time Protocol (NTP) affects IBM Virtualization Engine TS7700 (CVE-2020-11868) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-network-… ∗∗∗ Security Bulletin: Security vulnerabilities in Java SE affects Rational Build Forge ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: A security vulnerability in Node.js jison affects IBM Cloud Pak for Multicloud Management Managed Service. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-cast-iron-s… ∗∗∗ Security Bulletin: A Remote Vulnerability Affects IBM Sterling Connect:Direct for Microsoft Windows (CVE-2020-4767) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-remote-vulnerability-af… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.10.2020
by Daily end-of-shift report 27 Oct '20

27 Oct '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 23-10-2020 18:00 − Dienstag 27-10-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Vorsicht: Betrügerisches FinanzOnline-E-Mail im Umlauf ∗∗∗ --------------------------------------------- Aktuell sind gefälschte E-Mails im Namen des Finanzamtes unterwegs. In der E-Mail werden Sie über Ihre Steuerrückerstattung informiert und aufgefordert, die Transaktion zu genehmigen. Klicken Sie aber keinesfalls auf den Link, Sie landen auf einer gefälschten FinanzOnline-Website, die es Kriminellen ermöglicht, persönliche Daten sowie Kreditkartendaten abzugreifen! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-betruegerisches-finanzonlin… ∗∗∗ Industrieanlagen mit OPC UA systematisch schlecht konfiguriert ∗∗∗ --------------------------------------------- Forscher des Fraunhofer FKIE und der RWTH Aachen haben das Internet nach Steuerungen auf Basis des Standards OPC UA durchsucht. 92% waren unsicher eingerichtet. --------------------------------------------- https://heise.de/-4939199 ∗∗∗ Sicherheitsupdate: Angreifer attackieren Microsofts Webbrowser Edge ∗∗∗ --------------------------------------------- Die Entwickler von Microsoft haben im Webbrowser Edge mehrere Sicherheitslücken geschlossen. --------------------------------------------- https://heise.de/-4940091 ∗∗∗ Malware Emotet versteckt sich hinter gefälschtem Upgrade für Microsoft Word ∗∗∗ --------------------------------------------- Eine neue Kampagne gaukelt Opfern vor, sie benötigen ein Upgrade mit neuen Funktionen für Microsoft Word. Tatsächlich sollen sie die Sicherheitsvorkehrungen zum Schutz vor gefährlichen Makros deaktivieren. Die schädlichen Dokumente verteilen die Hintermänner weiterhin per E-Mail. --------------------------------------------- https://www.zdnet.de/88389137/malware-emotet-versteckt-sich-hinter-gefaelsc… ∗∗∗ KashmirBlack: Botnet attackiert WordPress, Joomla und Drupal ∗∗∗ --------------------------------------------- Die Hintermänner nutzen bekannte Schwachstellen in CMS-Plattformen und Plug-ins. Darüber schleusen sie einen Cryptominer ein. Laut Imperva verfügt das Botnet inzwischen über eine "massive Infrastruktur". --------------------------------------------- https://www.zdnet.de/88389169/kashmirblack-botnet-attackiert-wordpress-joom… ∗∗∗ New RAT malware gets commands via Discord, has ransomware feature ∗∗∗ --------------------------------------------- The new Abaddon remote access trojan may be the first to use Discord as a full-fledged command and control server that instructs the malware on what tasks to perform on an infected PC. Even worse, a ransomware feature is being developed for the malware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-rat-malware-gets-command… ∗∗∗ Massive Nitro data breach impacts Microsoft, Google, Apple, more ∗∗∗ --------------------------------------------- A massive data breach suffered by the Nitro PDF service impacts many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank. --------------------------------------------- https://www.bleepingcomputer.com/news/security/massive-nitro-data-breach-im… ∗∗∗ Study of the ShadowPad APT backdoor and its relation to PlugX ∗∗∗ --------------------------------------------- In July 2020, we released a study of targeted attacks on state institutions in Kazakhstan and Kyrgyzstan with a detailed analysis of malware found in compromised networks. During the investigation, Doctor Web specialists analyzed and described several groups of trojan programs, including new samples of trojan families already encountered by our virus analysts, as well as previously unknown trojans. --------------------------------------------- https://news.drweb.com/show/?i=14048&lng=en&c=9 ∗∗∗ Majority of Microsoft 365 Admins Don’t Enable MFA ∗∗∗ --------------------------------------------- Beyond admins, researchers say that 97 percent of all total Microsoft 365 users do not use multi-factor authentication. --------------------------------------------- https://threatpost.com/microsoft-365-admins-mfa/160592/ ∗∗∗ LinkedIn, Instagram Vulnerable to Preview-Link RCE Security Woes ∗∗∗ --------------------------------------------- Popular chat apps, including LINE, Slack, Twitter DMs and others, can also leak location data and share private info with third-party servers. --------------------------------------------- https://threatpost.com/linkedin-instagram-preview-link-rce-security/160600/ ∗∗∗ Excel 4 Macros: "Abnormal Sheet Visibility", (Mon, Oct 26th) ∗∗∗ --------------------------------------------- Excel 4 macros are composed of formulas (commands) and values stored inside a sheet. --------------------------------------------- https://isc.sans.edu/diary/rss/26726 ∗∗∗ Password Security & Password Managers ∗∗∗ --------------------------------------------- In the spirit of National Cyber Security Awareness Month (NCSAM), let’s talk about a security basic that many people overlook: passwords. These are one of the most fundamental aspects of website security, yet we too often see webmasters taking a lax approach to secure passwords. In fact, the online security provider TeamPassword found that last year the most commonly leaked password was 123456. That edges out some real gems including qwerty and the always-popular password. --------------------------------------------- https://blog.sucuri.net/2020/10/password-security-password-managers.html ∗∗∗ P.A.S. Fork v. 1.0 — A Web Shell Revival ∗∗∗ --------------------------------------------- A PHP shell containing multiple functions can easily consist of thousands of lines of code, so it’s no surprise that attackers often reuse the code from some of the most popular PHP web shells, like WSO or b374k. After all, if these popular (and readily available) PHP web shells do the job, there’s no need to code an entirely new tool. --------------------------------------------- https://blog.sucuri.net/2020/10/p-a-s-fork-v-1-0-a-web-shell-revival.html ===================== = Vulnerabilities = ===================== ∗∗∗ VU#760767: Macrium Reflect is vulnerable to privilege escalation due to OPENSSLDIR location ∗∗∗ --------------------------------------------- Overview Macrium Reflect contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user can create files. Description CVE-2020-10143 Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create [...] --------------------------------------------- https://kb.cert.org/vuls/id/760767 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (thunderbird), Fedora (createrepo_c, dnf-plugins-core, dnf-plugins-extras, librepo, livecd-tools, and pdns-recursor), openSUSE (firefox and mailman), Oracle (firefox), Red Hat (chromium-browser, java-1.8.0-openjdk, and Satellite 6.8), Scientific Linux (java-1.8.0-openjdk), SUSE (libvirt), and Ubuntu (blueman, firefox, mysql-5.7, mysql-8.0, php7.4, and ruby-kramdown). --------------------------------------------- https://lwn.net/Articles/835401 ∗∗∗ HPE/Aruba: Kritische Lücken in SSMC, AirWave Glass und weiteren Produkten ∗∗∗ --------------------------------------------- Jetzt updaten: Unter anderem kann eine Lücke mit Höchstwertung in der StoreServ Management Console Angreifern unbefugte Remote-Zugriffe leicht machen. --------------------------------------------- https://heise.de/-4938532 ∗∗∗ NVIDIA Patches Code Execution Flaws in GeForce Experience ∗∗∗ --------------------------------------------- Patches released by NVIDIA last week for the GeForce Experience software address two arbitrary code execution bugs assessed with a severity rating of high. --------------------------------------------- https://www.securityweek.com/nvidia-patches-code-execution-flaws-geforce-ex… ∗∗∗ Trend Micro AntiVirus for Mac: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1047 ∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1045 ∗∗∗ Security Bulletin: IBM API Connect's Developer Portal is vulnerable to social engineering attacks (CVE-2020-4337) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-develope… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerabilities in Curl affect PowerSC (CVE-2020-8169, CVE-2020-8177) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-a… ∗∗∗ Security Bulletin: Vulnerabilities in NTPv4 affect AIX (CVE-2020-11868, CVE-2020-13817, and CVE-2020-15025) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ntpv4-… ∗∗∗ Security Bulletin: CVE-2020-15190 for Tensorflow in Watson Machine Learning Community Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-15190-for-tensor… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.10.2020
by Daily end-of-shift report 23 Oct '20

23 Oct '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 22-10-2020 18:00 − Freitag 23-10-2020 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ R_Evil WordPress Hacktool & Malicious JavaScript Injections ∗∗∗ --------------------------------------------- We often see hackers reusing the same malware, with only a few new adjustments to obfuscate the code so that it is more difficult for scanning tools to detect. However, sometimes entirely new attack tools are created and deployed by threat actors who don’t want to rely on obfuscating existing malware. --------------------------------------------- https://blog.sucuri.net/2020/10/r_evil-wordpress-hacktool-malicious-javascr… ∗∗∗ Zahlreiche neue Fake-Shops locken mit günstigen Angeboten und gutem Kundendienst ∗∗∗ --------------------------------------------- Derzeit melden uns LeserInnen der Watchlist Internet zahlreiche neu registrierte Fake-Shops, die alle ähnlich aufgebaut sind und die gleichen Texte verwenden. Versprochen werden hochwertige Produkte, ein starkes Kundendienstteam und einfache Rückgabemöglichkeiten. Doch tatsächlich stecken hinter diesen vermeintlichen Online-Shops, Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/news/zahlreiche-neue-fake-shops-locken-mi… ∗∗∗ Securing medical devices: Can a hacker break your heart? ∗∗∗ --------------------------------------------- Why are connected medical devices vulnerable to attack and how likely are they to get hacked? Here are five digital chinks in the armor. --------------------------------------------- https://www.welivesecurity.com/2020/10/23/securing-medical-devices-hack-hea… ∗∗∗ Practical example of fuzzing OPC UA applications ∗∗∗ --------------------------------------------- We continue to describe our approaches to searching for vulnerabilities in industrial systems based on the OPC UA protocol. In this article, we examine new techniques that can be used to search for memory corruption vulnerabilities if the source code is available. We also discuss an example of fuzzing using libfuzzer. --------------------------------------------- https://ics-cert.kaspersky.com/reports/2020/10/19/practical-example-of-fuzz… ===================== = Vulnerabilities = ===================== ∗∗∗ VMware Horizon Server and VMware Horizon Client updates address multiple security vulnerabilities (CVE-2020-3997, CVE-2020-3998) ∗∗∗ --------------------------------------------- VMware Horizon Server does not correctly validate user input. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.1. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0024.html ∗∗∗ Sicherheitsupdate: Nvidia Geforce Experience macht PCs vielfältig angreifbar ∗∗∗ --------------------------------------------- Nvidias Entwickler haben drei Sicherheitslücken im Grafikkarten-Tool Geforce Experience geschlossen. --------------------------------------------- https://heise.de/-4937481 ∗∗∗ Cisco Adaptive Security Appliance Software SSL/TLS Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Jul 2020 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application and IHS server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Jul 2020 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-enterprise-content-manage… ∗∗∗ Multiple Vulnerabilities in PubliXone ∗∗∗ --------------------------------------------- https://sec-consult.com/./en/blog/advisories/multiple-vulnerabilities-in-pu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.10.2020
by Daily end-of-shift report 22 Oct '20

22 Oct '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 21-10-2020 18:00 − Donnerstag 22-10-2020 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Das sind die Gewinner von Österreichs größtem Hacker-Wettbewerb ∗∗∗ --------------------------------------------- Das Finale der Austria Cyber Security Challenge 2020 wurde virtuell ausgetragen. Die Sieger stehen fest. --------------------------------------------- https://futurezone.at/digital-life/das-sind-die-gewinner-von-oesterreichs-g… ∗∗∗ BazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon, (Thu, Oct 22nd) ∗∗∗ --------------------------------------------- Phishing messages distributing BazarLoader have come to be commonplace in the past six months, but in the last couple of weeks Ive been seeing more and more e-mails spreading this malware caught in my quarantine. Although contents of these messages differ, their appearance is usually similar [...] --------------------------------------------- https://isc.sans.edu/diary/rss/26710 ∗∗∗ XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability ∗∗∗ --------------------------------------------- This tech support scam is being spread via Facebook links and uses several redirection mechanisms to avoid detection. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2020/10/xss-to-tss-tech-support-sc… ∗∗∗ Abusing RDP’s Remote Credential Guard with Rubeus PTT ∗∗∗ --------------------------------------------- TL;DR Microsoft’s Remote Credential Guard (RCG) for RDP protects creds if an RDP server is compromised. It leaves little scope for password or NTLM credential dumping when a user connects [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/abusing-rdps-remote-credentia… ===================== = Vulnerabilities = ===================== ∗∗∗ VU#208577: Chocolatey Boxstarter vulnerable to privilege escalation due to weak ACLs ∗∗∗ --------------------------------------------- Chocolatey Boxstarter fails to properly set ACLs, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges. --------------------------------------------- https://kb.cert.org/vuls/id/208577 ∗∗∗ Gefährliche Lücken in Cisco-Software für Netzwerkschutz und -Management ∗∗∗ --------------------------------------------- Der Netzwerkausrüster Cisco hat wichtige Sicherheitsupdates für verschiedene Netzwerk-Software veröffentlicht. Keine Lücke gilt als kritisch. --------------------------------------------- https://heise.de/-4936512 ∗∗∗ Vulnerability Spotlight: A deep dive into WAGO’s cloud connectivity and the vulnerabilities that arise ∗∗∗ --------------------------------------------- WAGO makes several programmable automation controllers that are used in many industries including automotive, rail, power engineering, manufacturing and building management. Cisco Talos discovered 41 vulnerabilities in their PFC200 and PFC100 controllers. --------------------------------------------- https://blog.talosintelligence.com/2020/10/vulnerability-spotlight-deep-div… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: A security vulnerability in Node.js node-fetch module affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A security vulnerability in Node.js lodash module affects IBM Cloud Pak for Multicloud Management Infrastructure Management. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.10.2020
by Daily end-of-shift report 22 Oct '20

22 Oct '20

-- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.10.2020
by Daily end-of-shift report 21 Oct '20

21 Oct '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 20-10-2020 18:00 − Mittwoch 21-10-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ TrickBot malware under siege from all sides, and its working ∗∗∗ --------------------------------------------- The Trickbot malware operation is on the brink of going down completely following efforts from an alliance of cybersecurity and hosting providers targeting the botnets command and control servers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/trickbot-malware-under-siege… ∗∗∗ LockBit ransomware moves quietly on the network, strikes fast ∗∗∗ --------------------------------------------- LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim network. --------------------------------------------- https://www.bleepingcomputer.com/news/security/lockbit-ransomware-moves-qui… ∗∗∗ Shipping dangerous goods, (Wed, Oct 21st) ∗∗∗ --------------------------------------------- For the past several months, I've been tracking a campaign that sends rather odd-looking emails like this. --------------------------------------------- https://isc.sans.edu/diary/rss/26702 ∗∗∗ Securing Your Online Store for the Holidays ∗∗∗ --------------------------------------------- Shopping season is here, and so is the opportunity for ecommerce site owners to grow their business and generate revenue. In lieu of the changing global ecommerce climate that this pandemic has produced, comes the importance of securing your website to protect your users — and your revenue streams. --------------------------------------------- https://blog.sucuri.net/2020/10/securing-your-online-store-for-the-holidays… ∗∗∗ Studie: Mehr als die Häfte aller Windows-Server ist Security-Schrott ∗∗∗ --------------------------------------------- Rund 58 Prozent aller Windows Server im Internet werden nicht mehr regelmäßig mit Sicherheits-Updates versorgt und sind damit tickende Zeitbomben. --------------------------------------------- https://heise.de/-4933295 ∗∗∗ How safe is your USB drive? ∗∗∗ --------------------------------------------- What are some of the key security risks to be aware of when using USB flash drives and how can you mitigate the threats? --------------------------------------------- https://www.welivesecurity.com/2020/10/20/how-safe-is-your-usb-drive/ ∗∗∗ Video: So entlarven Sie betrügerische Werbung im Internet ∗∗∗ --------------------------------------------- Ob auf Google, in Sozialen Medien oder in Apps – überall lauert Werbung, die uns dazu bringen will, ein bestimmtes Produkt zu kaufen oder eine Dienstleistung in Anspruch zu nehmen. Doch nicht jede Werbung ist seriös. --------------------------------------------- https://www.watchlist-internet.at/news/video-so-entlarven-sie-betruegerisch… ∗∗∗ IP Spoofing inbound verhindern ∗∗∗ --------------------------------------------- Die Brigham Young University schickt gerade Empfehlungsschreiben an Internet Provider aus, in denen darauf hingewiesen wird, dass es beidiesen möglich ist, eingehende IP Pakete mit Source-Adressen aus dem Netz des Internet Providers zu empfangen. --------------------------------------------- https://cert.at/de/blog/2020/10/ip-spoofing-inbound-verhindern ===================== = Vulnerabilities = ===================== ∗∗∗ Big Blue Button: Das große blaue Sicherheitsrisiko ∗∗∗ --------------------------------------------- Kritische Sicherheitslücken, die Golem.de dem Entwickler der Videochat-Software Big Blue Button meldete, sind erst nach Monaten geschlossen worden. --------------------------------------------- https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisik… ∗∗∗ Chrome zero-day in the wild – patch now! ∗∗∗ --------------------------------------------- https://nakedsecurity.sophos.com/2020/10/21/chrome-zero-day-in-the-wild-pat… ∗∗∗ Oracle Critical Patch Update Advisory - October 2020 ∗∗∗ --------------------------------------------- https://www.oracle.com/security-alerts/cpuoct2020.html ∗∗∗ Security Bulletin: A security vulnerability in angular.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management Managed Service. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged local user may cause a denial of service ( CVE-2020-4411) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: A security vulnerability in Node.js acorn and bootstrap-select affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management Managed Service. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: BIND for IBM i is affected by CVE-2020-8622 and CVE-2020-8624 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-bind-for-ibm-i-is-affecte… ∗∗∗ Security Bulletin: A vulnerability in IBM Spectrum Scale packaged in IBM Elastic Storage System could cause a denial of service (CVE-2020-4756) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-sp… ∗∗∗ Security Bulletin: IBM MQ could allow leak sensitive information due to an error within the pre-v7 pubsub logic (CVE-2020-4319) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-leak-s… ∗∗∗ Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.10.2020
by Daily end-of-shift report 20 Oct '20

20 Oct '20

===================== = End-of-Day report = ===================== Timeframe: Montag 19-10-2020 18:00 − Dienstag 20-10-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack ∗∗∗ --------------------------------------------- Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours. --------------------------------------------- https://threatpost.com/ryuk-ransomware-gang-zerologon-lightning-attack/1602… ∗∗∗ Mirai-alike Python Scanner, (Tue, Oct 20th) ∗∗∗ --------------------------------------------- Last week, I found an interesting Python script that behaves like a Mirai bot. It scans for vulnerable devices exposing their telnet (TCP/23) interface in the wild, then tries to connect using a dictionary of credentials. --------------------------------------------- https://isc.sans.edu/diary/rss/26698 ∗∗∗ Advanced Ransomware Attacks ∗∗∗ --------------------------------------------- SI-CERT, the national CSIRT of Slovenia has been handling reports of ransomware attacks on a regular basis since April 2012. Until 2019, attack victims were selected randomly as part of a mass-volume campaign aiming to spread the virus. However, since 2019 the attacks have been more targeted. --------------------------------------------- https://connect.geant.org/2020/10/19/advanced-ransomware-attacks ∗∗∗ Beim Kauf auf Kleinanzeigen-Plattformen: Zahlung nicht via PayPal-Funktion „Geld an Freunde oder Familie senden“ durchführen ∗∗∗ --------------------------------------------- Auf den beliebten Kleinanzeigen-Plattformen wie willhaben, shpock oder ebay Kleinanzeigen treiben auch Kriminelle ihr Unwesen. Neben Vorkasse- und Treuhand-Betrug ist auch der PayPal-Trick eine beliebte Masche, um KäuferInnen abzuzocken. --------------------------------------------- https://www.watchlist-internet.at/news/beim-kauf-auf-kleinanzeigen-plattfor… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Illustrator (APSB20-53), Adobe Dreamweaver (APSB20-55), Marketo(APSB20-60), Adobe Animate (APSB20-61), Adobe After Effects (APSB20-62), Adobe Photoshop (APSB20-63), Adobe Premiere Pro (APSB20-64), Adobe Media Encoder (APSB20-65), Adobe InDesign (APSB20-66) and Adobe Creative Cloud Desktop Application (APSB20-68). --------------------------------------------- https://blogs.adobe.com/psirt/?p=1930 ∗∗∗ QNAP: Sicherheitsupdates für QTS wehren "Zerologon"-Angriffe auf NAS ab ∗∗∗ --------------------------------------------- Je nach Konfiguration können Netzwerkspeicher von QNAP über die Sicherheitslücke "Zerologon" aus der Ferne angreifbar sein. Updates für QTS stehen bereit. --------------------------------------------- https://heise.de/-4932748 ∗∗∗ Seven mobile browsers vulnerable to address bar spoofing attacks ∗∗∗ --------------------------------------------- Vulnerabilities allow attackers to trick users into accessing malicious sites while showing the incorrect URL in the address bar. --------------------------------------------- https://www.zdnet.com/article/seven-mobile-browsers-vulnerable-to-address-b… ∗∗∗ Security Bulletin: Cross-Site Scripting Security Vulnerability Affects IBM Sterling B2B Integrator Standard Edition ( CVE-2020-4564) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-secu… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged local user may cause a denial of service ( CVE-2020-4411) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: IBM Elastic Storage System 3000 is affected by weak cryptographic algorithm (CVE-2020-4350) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-syste… ∗∗∗ Security Bulletin: SQL Injection Vulnerability Affects the Graphic Process Modeler in IBM Sterling B2B Integrator (CVE-2019-4680) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerabili… ∗∗∗ Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulner… ∗∗∗ Security Bulletin: A vulnerability in IBM Spectrum Scale packaged in IBM Elastic Storage System could cause a denial of service (CVE-2020-4756) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-sp… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageGateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Cross-Site Scripting Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4564) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: Multiple vulnerabilities affect the IBM Spectrum Scale GUI. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ XSA-347 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-347.html ∗∗∗ XSA-346 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-346.html ∗∗∗ XSA-345 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-345.html ∗∗∗ XSA-332 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-332.html ∗∗∗ XSA-331 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-331.html ∗∗∗ XSA-286 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-286.html ∗∗∗ Security Vulnerabilities fixed in Firefox 82 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/ ∗∗∗ Synology-SA-20:24 Media Server ∗∗∗ --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_24 ∗∗∗ Synology-SA-20:23 Download Station ∗∗∗ --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_23 ∗∗∗ VMware ESXi: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-1003 ∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-1005 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.10.2020
by Daily end-of-shift report 19 Oct '20

19 Oct '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 16-10-2020 18:00 − Montag 19-10-2020 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Hackers now abuse BaseCamp for free malware hosting ∗∗∗ --------------------------------------------- Phishing campaigns have started to use Basecamp as part of malicious phishing campaigns that distribute malware or steal your login credentials. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-now-abuse-basecamp-f… ∗∗∗ Enumerate AWS API Permissions Without Logging to CloudTrail ∗∗∗ --------------------------------------------- The following is a technical writeup for a bug I found in the AWS API that allows you to enumerate certain permissions for a role without logging to CloudTrail. It affects 645 different API actions across 40 different AWS services. This would be beneficial for a Penetration Tester or a Red Teamer to enumerate what permissions the role or user they’ve compromised has access to without alerting the blue team as no logs are generated in CloudTrail. --------------------------------------------- https://frichetten.com/blog/aws-api-enum-vuln/ ∗∗∗ Secret fragments: Remote code execution on Symfony based websites ∗∗∗ --------------------------------------------- This configuration value, secret, is also used, for instance, to build CSRF tokens and remember-me tokens. Given its importance, this value must obviously be very random. Unfortunately, we discovered that oftentimes, the secret either has a default value, or there exist ways to obtain the value, bruteforce it offline, or to purely and simply bypass the security check that it is involved with. It most notably affects Bolt, eZPlatform, and eZPublish. --------------------------------------------- https://www.ambionics.io/blog/symfony-secret-fragment ===================== = Vulnerabilities = ===================== ∗∗∗ Magento, Visual Studio Code users: You need to patch! ∗∗∗ --------------------------------------------- * Microsoft has fixed CVE-2020-17023, a remote code execution vulnerability in Visual Studio Code, its free and extremely popular source-code editor that’s available for Windows, macOS and Linux. * Microsoft has also fixed a RCE (CVE-2020-17022) in the way that Microsoft Windows Codecs Library handles objects in memory, which could be triggered by a program processing a specially crafted image file. It only affects Windows 10 users, and only if they installed the optional HEVC or “HEVC from Device Manufacturer” media codecs from Microsoft Store. * After fixing just one Adobe Flash Player flaw on October 2020 Patch Tuesday, Adobe has followed up with security updates for several Magento Commerce and Magento Open Source versions. --------------------------------------------- https://www.helpnetsecurity.com/2020/10/19/magento-visual-studio-code-users… ∗∗∗ Atlassian Jira Software: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen (CVE-2020-14185) ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in der Atlassian Jira Software ausnutzen, um Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-1002 ∗∗∗ Discord desktop app vulnerability chain triggered remote code execution attacks ∗∗∗ --------------------------------------------- Discord has patched a critical issue in the desktop version of the messaging app which left users vulnerable to remote code execution (RCE) attacks. --------------------------------------------- https://www.zdnet.com/article/discord-desktop-app-vulnerable-to-remote-code… ∗∗∗ FRITZ!Box DNS Rebinding Protection Bypass ∗∗∗ --------------------------------------------- RedTeam Pentesting discovered a vulnerability in FRITZ!Box router devices which allows to resolve DNS answers that point to IP addresses in the private local network, despite the DNS rebinding protection mechanism. --------------------------------------------- https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-003/ ∗∗∗ ReQuest Serious Play F3 Media Server 7.0.3 Unauthenticated Remote Code Execution ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5602.php ∗∗∗ ReQuest Serious Play F3 Media Server 7.0.3 Remote Denial of Service ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5601.php ∗∗∗ ReQuest Serious Play F3 Media Server 7.0.3 Debug Log Disclosure ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5600.php ∗∗∗ ReQuest Serious Play Media Player 3.0 Directory Traversal File Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5599.php ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products Q3 2020 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Program Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Contract Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a DB2 jar vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily