- Daily - CERT.at

Tageszusammenfassung - 03.07.2020
by Daily end-of-shift report 03 Jul '20

03 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 02-07-2020 18:00 − Freitag 03-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Unternehmen aufgepasst: Versand gefährlicher Mails im Namen des Bundeskanzleramts ∗∗∗ --------------------------------------------- „Die Entscheidung, Ihr Unternehmen aufgrund von Covid-19 zu schließen“ – unter diesem Betreff werden derzeit betrügerische Mails verschickt, die sich gezielt an Unternehmerinnen und Unternehmer richten. Die Kriminellen, die hinter dieser E-Mail stehen, geben sich dabei als Bundeskanzleramt aus und verschicken Schadsoftware. Öffnen Sie daher auf keinen Fall den Anhang! --------------------------------------------- https://www.watchlist-internet.at/news/unternehmen-aufgepasst-versand-gefae… ∗∗∗ Ransomware EKANS nimmt Industriekontrollsysteme ins Visier ∗∗∗ --------------------------------------------- Die Schadsoftware funktioniert trotz zahlreicher Programmierfehler. Eine neue Variante verschlüsselt nicht nur Dateien, sie verändert auch die Einstellungen von Industriekontrollsystemen. EKANS ist zudem auf bestimmte Ziele ausgerichtet und greift Opfer nicht wahllos an. --------------------------------------------- https://www.zdnet.de/88381196/ransomware-ekans-nimmt-industriekontrollsyste… ∗∗∗ Still Scanning IP Addresses? You’re Doing it Wrong ∗∗∗ --------------------------------------------- The traditional approach to a vulnerability scan or penetration test is to find the IP addresses that you want tested, throw them in and kick things off. But doing a test based purely on IP addresses is a bad idea and can often miss things. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/still-scann… ∗∗∗ GoldenSpy Chapter 3: New and Improved Uninstaller ∗∗∗ --------------------------------------------- This blog shows our analysis of a new binary, now being distributed by Intelligent Tax software, that is identical in operations to the original GoldenSpy Uninstallers, but specifically designed to evade detection by the YARA rule provided in our blog. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-c… ∗∗∗ Dangerous Website Backups ∗∗∗ --------------------------------------------- It’s a well-known fact that website backups are important for mitigating a plethora of site issues. They can help restore a site after a compromise or even facilitate the investigative process by providing a clean code base to compare the current site state to. However, if a backup is not set up correctly, it can have the opposite effect — and may instead impose a security threat to your website. --------------------------------------------- https://blog.sucuri.net/2020/07/dangerous-website-backups.html ∗∗∗ Living Off Windows Land – A New Native File "downldr" ∗∗∗ --------------------------------------------- There are only a couple of default system-signed executables that let you download a file from a Web Server, and every security product and threat hunter specifically looks for them for signs of misuse or abuse by threat actors. --------------------------------------------- https://labs.sentinelone.com/living-off-windows-land-a-new-native-file-down… ∗∗∗ Try2Cry: Ransomware tries to worm ∗∗∗ --------------------------------------------- Try2Cry ransomware adopts USB flash drive spreading using LNK files. The last ransomware that did the same was the infamous Spora. The code of Try2Cry looks oddly familiar, though. --------------------------------------------- https://www.gdatasoftware.com/blog/2020/07/36200-ransomware-tries-to-worm ===================== = Vulnerabilities = ===================== ∗∗∗ Would you like some RCE with your Guacamole? ∗∗∗ --------------------------------------------- [...] Apache Guacamole is a popular infrastructure for remote work, with more than 10 Million docker downloads worldwide. In our research, we discovered that Apache Guacamole is vulnerable to several critical Reverse RDP Vulnerabilities, and is also impacted by a few new vulnerabilities found in FreeRDP. In short, these vulnerabilities allow an attacker, who has already successfully compromised a computer inside the organization, to launch an attack on the Guacamole gateway when an unsuspecting [...] --------------------------------------------- https://research.checkpoint.com/2020/apache-guacamole-rce/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (docker.io and imagemagick), Fedora (alpine, firefox, hostapd, and mutt), openSUSE (opera), Red Hat (rh-nginx116-nginx), SUSE (ntp, python3, and systemd), and Ubuntu (firefox, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-gcp, linux-kvm, linux-oracle, linux-riscv, linux, linux-azure, linux-gcp, linux-gcp-5.3, linux-hwe, [...] --------------------------------------------- https://lwn.net/Articles/825212/ ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.7 ESR ) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.1.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.6.1 ESR) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.1.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.6.1 ESR + CVE-2020-6820) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.1.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Content Navigator is vulnerable to a Prototype Pollution vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-… ∗∗∗ Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-… ∗∗∗ Atlassian Jira Software: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0664 ∗∗∗ Red Hat JBoss Enterprise Application Platform: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0666 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.07.2020
by Daily end-of-shift report 02 Jul '20

02 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 01-07-2020 18:00 − Donnerstag 02-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ TrickBot malware now checks screen resolution to evade analysis ∗∗∗ --------------------------------------------- The infamous TrickBot trojan has started to check the screen resolutions of victims to detect whether the malware is running in a virtual machine. --------------------------------------------- https://www.bleepingcomputer.com/news/security/trickbot-malware-now-checks-… ∗∗∗ GoldenSpy backdoor installed by tax software gets remotely removed ∗∗∗ --------------------------------------------- As soon as security researchers uncovered the activity of GoldenSpy backdoor, the actor behind it fell back and delivered an uninstall tool to remove all traces of the malware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/goldenspy-backdoor-installed… ∗∗∗ FakeSpy Android Malware Spread Via ‘Postal-Service’ Apps ∗∗∗ --------------------------------------------- New ‘smishing’ campaigns from the Roaming Mantis threat group infect Android users with the FakeSpy infostealer. --------------------------------------------- https://threatpost.com/fakespy-android-malware-spread-via-postal-service-ap… ∗∗∗ Setting up the Dshield honeypot and tcp-honeypot.py, (Wed, Jul 1st) ∗∗∗ --------------------------------------------- After Johannes did his Tech Tuesday presentation last week on setting up Dshield honeypots, I thought I'd walk you through how I setup my honeypots. --------------------------------------------- https://isc.sans.edu/diary/rss/26302 ∗∗∗ PhishINvite with Malicious ICS Files ∗∗∗ --------------------------------------------- Employing a popular type of file as an attachment to malicious emails is a common trick by cybercriminals to boost the success rate of their cyber-attacks. As iCalendars files are not included in the list of automatically blocked attachments by email clients like Outlook, the possibility of the maliciously crafted iCalendar falling to the targets’ mailbox is increased. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishinvite… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium and firefox-esr), Fedora (chromium and ntp), SUSE (ntp and unbound), and Ubuntu (libvncserver). --------------------------------------------- https://lwn.net/Articles/825070/ ∗∗∗ Cisco AnyConnect Secure Mobility Client for Mac OS File Corruption Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business Smart and Managed Switches Session Management Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business RV042 and RV042G Routers Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Digital Network Architecture Center Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Customer Voice Portal Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Products Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business Smart and Managed Switches Session Management Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects Rational Asset Analyzer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-aff… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Asset Analyzer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-aff… ∗∗∗ Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-aff… ∗∗∗ Security Bulletin: Asset Analyzer (RAA) is affected by two WebSphere Application Server vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-aff… ∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Netcool Impact (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-r… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect Rational Asset Analyzer. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.07.2020
by Daily end-of-shift report 01 Jul '20

01 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 30-06-2020 18:00 − Mittwoch 01-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC) ∗∗∗ --------------------------------------------- In this blog post we will revisit CVE-2019-19781, a Remote Code Execution vulnerability affecting Citrix NetScaler / ADC. We will explore how this issue has been widely abused by various actors and how a hacker turf war led to some actors "adversary patching" the vulnerability in order to prevent secondary compromise by competing adversaries – hiding the true number of vulnerable and compromised devices in the wild. --------------------------------------------- https://blog.fox-it.com/2020/07/01/a-second-look-at-cve-2019-19781-citrix-n… ∗∗∗ Massive Sicherheitsprobleme durch offene Git-Repositorys ∗∗∗ --------------------------------------------- In Deutschland sind Git-Repositorys auf tausenden Servern ungeschützt per Webbrowser zugänglich und Angreifer haben leichtes Spiel beim Abgreifen der Daten. --------------------------------------------- https://heise.de/-4795181 ∗∗∗ Vorsicht beim E-Bike-Kauf: Fake-Shop ebike-quadrat.com bietet günstige E-Bikes an! ∗∗∗ --------------------------------------------- Sommerzeit ist Fahrradzeit. Das denken sich wohl auch BetrügerInnen. Zum Beispiel die unseriösen BetreiberInnen des Fake-Shops ebike-quadrat.com. Auch wenn der Online-Shop auf den ersten Blick vertrauenswürdig wirkt, sollten Sie hier lieber nichts bestellen. Die angegebenen Kontaktdaten existieren genauso wenig wie die Firma selbst. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-beim-e-bike-kauf-fake-shop-… ∗∗∗ EvilQuest: Neue Ransomware für macOS im Umlauf ∗∗∗ --------------------------------------------- Es ist erst die dritte Erpressersoftware, die exklusiv für Macs entwickelt wurde. Die Lösegeldforderung fällt mit 50 Dollar recht moderat aus. Dafür hinterlässt EvilQuest zusätzlich einen Keylogger und eine Reverse Shell. --------------------------------------------- https://www.zdnet.de/88381156/evilquest-neue-ransomware-fuer-macos-im-umlau… https://blog.malwarebytes.com/mac/2020/06/new-mac-ransomware-spreading-thro… ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft verteilt wichtige Updates für Remote-Lücken in Windows 10 und Server ∗∗∗ --------------------------------------------- Außerplanmäßige, über den Microsoft Store verteilte Updates beseitigen zwei aus der Ferne ausnutzbare Sicherheitslücken in der Windows Codecs Library. --------------------------------------------- https://heise.de/-4800675 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (bind, chromium, freerdp, imagemagick, sqlite, and tomcat8), Debian (coturn, imagemagick, jackson-databind, libmatio, mutt, nss, and wordpress), Fedora (libEMF, lynis, and php-PHPMailer), Red Hat (httpd24-nghttp2), and SUSE (ntp, openconnect, squid, and transfig). --------------------------------------------- https://lwn.net/Articles/824955/ ∗∗∗ PHOENIX CONTACT: Two Vulnerabilities in Automation Worx Suite ∗∗∗ --------------------------------------------- PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-023 ∗∗∗ Cellebrite EPR Decryption Hardcoded AES Key Material ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2020070003 ∗∗∗ Reflected Cross-site scripting (XSS) in EQDKP Plus CMS ∗∗∗ --------------------------------------------- https://sec-consult.com/./en/blog/advisories/reflected-cross-site-scripting… ∗∗∗ F5 BIG-IP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0647 ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-… ∗∗∗ Security Advisory - Race Condition Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-… ∗∗∗ Security Advisory - Type Confusion Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-… ∗∗∗ Security Advisory - Use After Free Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-… ∗∗∗ Security Advisory - Use After Free Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-… ∗∗∗ Security Advisory - CallStranger Vulnerability in UPnP Protocol ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200415-… ∗∗∗ Security Bulletin: Rational Asset Analyzer is affected by a vulnerability in Websphere Application Server. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-i… ∗∗∗ Security Bulletin: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: IBM MQ for HPE NonStop Server is affected by vulnerability CVE-2020-4376 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-se… ∗∗∗ Security Bulletin: Potential vulnerability (SSRF) in Apache Solr affect IBM Operations Analytics – Log Analysis (CVE-2017-3164) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-s… ∗∗∗ Security Bulletin: Host Header Injection vulnerability in IBM Operations Analytics – Log Analysis (pre-login scenario) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-host-header-injection-vul… ∗∗∗ Security Bulletin: A security vulnerabilities has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 . ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerabilitie… ∗∗∗ Security Bulletin: Insecure Path Attribute in IBM Operations Analytics – Log Analysis (CSRFToken , LtpaToken2) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-insecure-path-attribute-i… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure and denial of service (CVE-2020-4414) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.06.2020
by Daily end-of-shift report 30 Jun '20

30 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Montag 29-06-2020 18:00 − Dienstag 30-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sysmon and Alternate Data Streams, (Mon, Jun 29th) ∗∗∗ --------------------------------------------- Sysmon version 11.10, released a couple of days ago, adds support for capturing content of Alternate Data Streams. --------------------------------------------- https://isc.sans.edu/diary/rss/26292 ∗∗∗ Adventures in ATM Hacking ∗∗∗ --------------------------------------------- Previously, I had some experience with PoS (Point of Sale) devices and entertained myself with kiosks at hacking conferences, but never had touched an ATM before. My companion on this saga had already some fun hacking with these devices and had some precious insights to guide us during our engagement. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/adventures-… ∗∗∗ Enigmail warnt Nutzer vor manuellem Update auf Thunderbird 78 ∗∗∗ --------------------------------------------- Enigmail-Nutzer sollen mit dem Erscheinen von Thunderbird 78 nicht manuell auf diese Version aktualisieren – die E-Mail-Verschlüsselung ist noch nicht fertig. --------------------------------------------- https://heise.de/-4799240 ∗∗∗ BSI aktualisiert den Mindeststandard für Web-Browser ∗∗∗ --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat am 30. Juni 2020 den Mindeststandard für Web-Browser aktualisiert. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Webbrowser_300620… ∗∗∗ Vorsicht, wenn Ihr Tinder-Match über lukrative Investitionsmöglichkeiten spricht ∗∗∗ --------------------------------------------- Der Watchlist Internet sind schon sehr viele Fälle bekannt, wo Menschen auf unseriösen Investment-Plattformen sehr viel Geld verloren haben. Aufmerksam wird man auf derartige Plattformen durch gefälschte Zeitungsbeiträge oder E-Mail-Angebote. Kriminelle bewerben ihre Plattformen aber auch vermehrt über Tinder-NutzerInnen, die von sehr gewinnbringenden Investitionsmöglichkeiten schwärmen und zu Zahlungen animieren. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-wenn-ihr-tinder-match-ueber… ∗∗∗ A hacker gang is wiping Lenovo NAS devices and asking for ransoms ∗∗∗ --------------------------------------------- Ransom notes signed by Cl0ud SecuritY hacker group are being found on old LenovoEMC NAS devices. --------------------------------------------- https://www.zdnet.com/article/a-hacker-gang-is-wiping-lenovo-nas-devices-an… ∗∗∗ Detecting adversarial behaviour by applying NLP techniques to command lines ∗∗∗ --------------------------------------------- [...] Methodology designed to automatically detect whether a system has been compromised needs to be able to tell the difference between benign and malicious command line operations. In order to build mechanisms capable of classifying command lines in this way, we first need to understand what they do – in other words, we need to be able to parse them in a similar way to how we parse natural languages. This article describes the process we’ve been using to develop methodology capable of parsing and categorizing command lines at F-Secure. --------------------------------------------- https://blog.f-secure.com/command-lines/ ===================== = Vulnerabilities = ===================== ∗∗∗ CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication ∗∗∗ --------------------------------------------- When Security Assertion Markup Language (SAML) authentication is enabled and the Validate Identity Provider Certificate option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability. --------------------------------------------- https://security.paloaltonetworks.com/CVE-2020-2021 ∗∗∗ Sicherheitsupdates sind da: Jetzt Root-Lücke in Netgear-Routern patchen ∗∗∗ --------------------------------------------- Angreifer könnten Router von Netgear attackieren und Schadcode ausführen. Abgesicherte Firmware-Versionen sind verfügbar. --------------------------------------------- https://heise.de/-4799957 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (coturn, drupal7, libvncserver, mailman, php5, and qemu), openSUSE (curl, graphviz, mutt, squid, tomcat, and unbound), Red Hat (chromium-browser, file, kernel, microcode_ctl, ruby, and virt:rhel), Slackware (firefox), and SUSE (mariadb-100, mutt, unzip, and xmlgraphics-batik). --------------------------------------------- https://lwn.net/Articles/824822/ ∗∗∗ Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4557 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: Security vulnerability in Java SE affects Rational Build Forge (CVE-2019-2949) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in… ∗∗∗ Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4557 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM API Connect is impacted by vulnerabilities in PHP (CVE-2020-7066, CVE-2020-7065, CVE-2020-7064) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impact… ∗∗∗ Security Bulletin: A vulnerability in OpenSSL affects IBM Rational ClearQuest (CVE-2019-1551) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-openss… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Rational Build Forge. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Agile Lifecycle Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11 (CVE-2019-2949) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearQuest (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-the-ib… ∗∗∗ OpenJPEG: Schwachstelle ermöglicht nicht spezifizierten Angriff ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0645 ∗∗∗ Squid: Schwachstelle ermöglicht Darstellen falscher Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0644 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.06.2020
by Daily end-of-shift report 29 Jun '20

29 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 26-06-2020 18:00 − Montag 29-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Laravel/Telescope: Die Sicherheitslücke bei einer Bank, die es nicht gibt ∗∗∗ --------------------------------------------- Ein Leser hat uns auf eine Sicherheitslücke auf der Webseite einer Onlinebank hingewiesen. Die Lücke war echt und betrifft auch andere Seiten - die Bank jedoch scheint es nie gegeben zu haben. --------------------------------------------- https://www.golem.de/news/laravel-telescope-die-sicherheitsluecke-bei-einer… ∗∗∗ Active Directory series: Unconstrained delegation ∗∗∗ --------------------------------------------- In this article series, we will look into the most famous ways that can be used to attack Active Directory and achieve persistence. Note: Attacks discussed in this series have already been publicly disclosed on different forums. This series is for educational purposes only. --------------------------------------------- https://resources.infosecinstitute.com/active-directory-series-unconstraine… ∗∗∗ Beware "secure DNS" scam targeting website owners and bloggers ∗∗∗ --------------------------------------------- If you run a website or a blog, watch out for emails promising "DNSSEC upgrades" - these scammers are after your whole site. --------------------------------------------- https://nakedsecurity.sophos.com/2020/06/29/beware-secure-dns-scam-targetin… ∗∗∗ The face of tomorrow's cybercrime: Deepfake ransomware explained ∗∗∗ --------------------------------------------- Deepfake ransomware is a mighty combination that several security experts fear would happen soon. But what is it exactly? Is it deepfake with a ransomware twist? Or ransomware with a sprinkling of deepfake tech? --------------------------------------------- https://blog.malwarebytes.com/ransomware/2020/06/the-face-of-tomorrows-cybe… ∗∗∗ Passwort‑Manager: nützliches Alltags‑Tool ∗∗∗ --------------------------------------------- In diesem Artikel erklären wir, was einen Passwort-Manager ausmacht und warum dieser als nützliches Tool in den Alltag integriert werden sollte. --------------------------------------------- https://www.welivesecurity.com/deutsch/2020/06/26/passwort-manager-im-allta… ∗∗∗ ebay-HändlerInnen aufgepasst: gezielte Phishing-Attacken ∗∗∗ --------------------------------------------- Wenn Sie Waren auf ebay verkaufen, dann nehmen Sie sich vor betrügerischen Nachrichten in Acht, in denen man Ihnen vorspielt, dass Kundschaft von einem Kauf zurücktreten möchte. Die Nachrichten werden im ebay-Design verschickt und fordern zur Antwort auf die entsprechende Anfrage auf. Der Link führt Sie auf eine gefälschte ebay-Website, auf der Ihre Daten direkt in den Händen Krimineller landen. --------------------------------------------- https://www.watchlist-internet.at/news/ebay-haendlerinnen-aufgepasst-geziel… ∗∗∗ Adobe, Mastercard, Visa warn online store owners of Magento 1.x EOL ∗∗∗ --------------------------------------------- Almost 110,000 online stores are still running the soon-to-be-outdated Magento 1.x CMS. --------------------------------------------- https://www.zdnet.com/article/adobe-mastercard-visa-warn-online-store-owner… ===================== = Vulnerabilities = ===================== ∗∗∗ Keine Überraschung nach Fraunhofer-Test: Viele Home-Router unsicher ∗∗∗ --------------------------------------------- Sicherheitsforscher des FKIE haben 127 verschiedene Home-Router untersucht und vermuten gravierende Sicherheitsmängel. Überraschen kann das niemanden mehr. --------------------------------------------- https://heise.de/-4798342 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libtasn1-6, libtirpc, mcabber, picocom, pngquant, trafficserver, and zziplib), Fedora (curl and xen), openSUSE (bluez, ceph, chromium, curl, grafana, grafana-piechart-panel,, graphviz, mariadb, and mercurial), Oracle (nghttp2), Red Hat (microcode_ctl), SUSE (mutt, python3-requests, and tomcat), and Ubuntu (glib-networking and mailman). --------------------------------------------- https://lwn.net/Articles/824717/ ∗∗∗ Security Advisory - Denial of Service Vulnerability in Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200624-… ∗∗∗ Security Advisory - Information Disclosure Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200624-… ∗∗∗ Security Bulletin: IBM TNPM for Wireline is vulnarable to Cross Site Request Forgery(CSRF) and Cross Site Scripting(CSS) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tnpm-for-wireline-is-… ∗∗∗ Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-speech-to-text-text-to-sp… ∗∗∗ Security Bulletin: IBM API Connect is vulnerable to cross-site scripting (XSS) in Drupal (sa-contrib-2020-025) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulner… ∗∗∗ Security Bulletin: IBM MQ is vulnerable to a denial of service attack due to an error within the Data Conversion logic. (CVE-2020-4310) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a… ∗∗∗ Security Bulletin: IBM API Connect V 2018 (ova) is impacted by weak cryptographic algorithms (CVE-2020-4452) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v-2018-ov… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Integration Bus affected by multiple Apache Tomcat vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-affec… ∗∗∗ Security Bulletin: IBM API Connect is vulnerable to arbitrary code execution and security bypass in Drupal (CVE-2020-13664, CVE-2020-13665) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulner… ∗∗∗ Security Bulletin: A security vulnerability in Node.js affects IBM Integration Bus & IBM App Connect Enterprise V11 (CVE-2019-17592) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM API Connect is vulnerable to cross-site request forgery (CSRF) (CVE-2020-13663) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulner… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.06.2020
by Daily end-of-shift report 26 Jun '20

26 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 25-06-2020 18:00 − Freitag 26-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Golang Worm Widens Scope to Windows, Adds Payload Capacity ∗∗∗ --------------------------------------------- A first-stage malware loader spotted in active campaigns has added additional exploits and a new backdoor capability. --------------------------------------------- https://threatpost.com/worm-golang-malware-windows-payloads/156924/ ∗∗∗ Browser-Hersteller verkürzen Zertifikats-Lebensdauer auf ein Jahr ∗∗∗ --------------------------------------------- Ab September dürfen HTTPS-Zertifikate nur noch auf maximal ein Jahr ausgestellt werden. --------------------------------------------- https://heise.de/-4796599 ∗∗∗ Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files ∗∗∗ --------------------------------------------- This credit card skimmer hides in plain sight, quite literally, as it resides inside the metadata of image files. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-wit… ∗∗∗ Achtung: Auf Instagram kursieren betrügerische Nachrichten ∗∗∗ --------------------------------------------- Seit kurzem melden uns Instagram-NutzerInnen, betrügerische Nachrichten, in denen sie aufgefordert werden, einem Link zu folgen. Achtung: Kriminelle, die diese Privatnachrichten zahlreich und willkürlich versenden, wollen nur an Ihre Zugangsdaten kommen! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-auf-instagram-kursieren-betr… ∗∗∗ Angebliche E-Mail der Bundesregierung enthält Ransomware ∗∗∗ --------------------------------------------- Die Serie von Ransomware-Angriffen auf deutsche Unternehmen setzt sich fort. Eine neue Ransomware-Kampagne in Deutschland nutzt als Köder eine gefälschte E-Mail im Namen der Bundesregierung. --------------------------------------------- https://www.zdnet.de/88381006/angebliche-e-mail-der-bundesregierung-enthael… ===================== = Vulnerabilities = ===================== ∗∗∗ Micropatch is Available for Windows LNK Remote Code Execution Vulnerability (CVE-2020-1299) ∗∗∗ --------------------------------------------- Windows 7 and Server 2008 R2 users without Extended Security Updates have just received a micropatch for CVE-2020-1299, another "Stuxnet-like" critical LNK remote code execution issue that can get code executed on users computer just by viewing a folder with Windows Explorer.This vulnerability was patched by Microsoft with June 2020 Updates, but Windows 7 and Server 2008 users without Extended Security Updates remained vulnerable. --------------------------------------------- https://blog.0patch.com/2020/06/micropatch-is-available-for-windows-lnk.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (alpine), Fedora (fwupd, microcode_ctl, mingw-libjpeg-turbo, mingw-sane-backends, suricata, and thunderbird), openSUSE (uftpd), Red Hat (nghttp2), SUSE (ceph, curl, mutt, squid, tigervnc, and unbound), and Ubuntu (linux kernel and nvidia-graphics-drivers-390, nvidia-graphics-drivers-440). --------------------------------------------- https://lwn.net/Articles/824579/ ∗∗∗ Security Bulletin: Multiple vulnurabilities discovered in IBM® SDK, Java™ can affect Rational Software Architect Design Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnurabilities-… ∗∗∗ Security Bulletin: Information Disclosure in IBM Spectrum Protect Plus (CVE-2020-4565) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in… ∗∗∗ Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearCase (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-the-ib… ∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2019-1551) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-… ∗∗∗ Security Bulletin: NVIDIA Windows GPU Display Driver has resolved several security vulnerabilities as described below. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-nvidia-windows-gpu-displa… ∗∗∗ Security Bulletin: NVIDIA Windows GPU Display driver is vulnerable to several security vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-nvidia-windows-gpu-displa… ∗∗∗ Security Bulletin: A security vulnerability in Node.js affects IBM Integration Bus & IBM App Connect Enterprise V11 (CVE-2019-10744) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.06.2020
by Daily end-of-shift report 25 Jun '20

25 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 24-06-2020 18:00 − Donnerstag 25-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ European bank suffers biggest PPS DDoS attack, new botnet suspected ∗∗∗ --------------------------------------------- A bank in Europe was the target of a huge distributed denial-of-service (DDoS) attack that sent to its networking gear a flood of 809 million packets per second (PPS). --------------------------------------------- https://www.bleepingcomputer.com/news/security/european-bank-suffers-bigges… ∗∗∗ Defending Exchange servers under attack ∗∗∗ --------------------------------------------- Exchange servers are high-value targets. If compromised, Exchange servers provide a unique environment that could allow attackers to perform various tasks using the same built-in tools or scripts that admins use. Keeping these servers safe from these advanced attacks is of utmost importance. --------------------------------------------- https://www.microsoft.com/security/blog/2020/06/24/defending-exchange-serve… ∗∗∗ The Golden Tax Department and the Emergence of GoldenSpy Malware ∗∗∗ --------------------------------------------- Trustwave SpiderLabs has discovered a new malware family, dubbed GoldenSpy, embedded in tax payment software that a Chinese bank requires corporations to install to conduct business operations in China. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-golden-… ∗∗∗ Maersk, me & notPetya ∗∗∗ --------------------------------------------- [...] Establishing the exact content and format of this post has been difficult. It hasn’t been clear where to start. [...] I’ve tried to focus on the main timeline and the lessons. So this isn’t everything. But the experience we had at Maersk, or at least significant elements of it, could happen to any organisation. In fact, it does happen, to all kinds of organisations, all of the time, [...] --------------------------------------------- https://gvnshtn.com/maersk-me-notpetya/ ∗∗∗ Extending Drupal 7s End-of-Life - PSA-2020-06-24 ∗∗∗ --------------------------------------------- Previously, Drupal 7s end-of-life was scheduled for November 2021. Given the impact of COVID-19 on budgets and businesses, we will be extending the end of life until November 28, 2022. The Drupal Security Team will continue to follow the Security Team processes for Drupal 7 core and contributed projects. --------------------------------------------- https://www.drupal.org/psa-2020-06-24 ∗∗∗ Attackers Cryptojacking Docker Images to Mine for Monero ∗∗∗ --------------------------------------------- We identified a malicious Docker Hub account named "azurenql" that contained 8 repositories, hosting 6 malicious Monero mining images. --------------------------------------------- https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-… ===================== = Vulnerabilities = ===================== ∗∗∗ Telnet Vulnerability Affecting Cisco Products: June 2020 ∗∗∗ --------------------------------------------- On February 28, 2020, APPGATE published a blog post regarding CVE-ID CVE-2020-10188, which is a vulnerability in Telnet servers (telnetd). For more information about this vulnerability, see the Details section. Cisco will release software updates that address this vulnerability. There are workarounds that address this vulnerability. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple vulnerabilities in Danish company Mobile Industrial Robot s products ∗∗∗ --------------------------------------------- More than 10 different robot types are affected and operate from industrial spaces to public environments, such as airports and hospitals. --------------------------------------------- https://news.aliasrobotics.com/the-week-of-mobile-industrial-robots-bugs/ ∗∗∗ Mehrere Sicherheitslücken in Grafikkarten-Treiber von Nvidia gestopft ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für Software und Treiber von Nvidia. Neben Windows ist auch Linux bedroht. --------------------------------------------- https://heise.de/-4794975 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (libexif, php-horde-horde, and tcpreplay), openSUSE (rubygem-bundler), Oracle (docker-cli docker-engine, kernel, and ntp), Slackware (curl and libjpeg), and Ubuntu (mutt). --------------------------------------------- https://lwn.net/Articles/824474/ ∗∗∗ Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-speech-to-text-text-to-sp… ∗∗∗ Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-speech-to-text-text-to-sp… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to SQL injection (CVE-2019-4650) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-speech-to-text-text-to-sp… ∗∗∗ Security Bulletin: ICP Speech to Text, Text to Speech Oracle Java Vulnerability Fix ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-icp-speech-to-text-text-t… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2020-4223) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by a vulnerability in cURL (CVE-2019-5482) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bootable-media-creato… ∗∗∗ Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-securi… ∗∗∗ Security Bulletin: ICP Speech to Text, Text to Speech – OpenSSL vulnerability fix. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-icp-speech-to-text-text-t… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.06.2020
by Daily end-of-shift report 24 Jun '20

24 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 23-06-2020 18:00 − Mittwoch 24-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ IT-Sicherheit: Etwa 80.000 Drucker sind im Internet offen ansteuerbar ∗∗∗ --------------------------------------------- Die Security-Organisation Shadowserver hat einen globalen IPP-Scan durchgeführt und viele Drucker gefunden, die offen Informationen teilen. --------------------------------------------- https://www.golem.de/news/it-sicherheit-etwa-80-000-drucker-sind-im-interne… ∗∗∗ What is DNS Poisoning and to Protect Your Enterprise Against it ∗∗∗ --------------------------------------------- Modern enterprise cybersecurity has evolved – that’s a true statement. If we were to travel back in time – say, 10 or 20 years – ago, we would have discovered, much to our stupefaction, that cybersecurity was nothing more than an auxiliary attribution, bestowed upon the (un)fortunate soul who had the (dubious privilege) of fulfilling [...] --------------------------------------------- https://heimdalsecurity.com/blog/what-is-dns-poisoning/ ∗∗∗ Magnitude exploit kit – evolution ∗∗∗ --------------------------------------------- Exploit kits still play a role in today’s threat landscape and continue to evolve. For this blogpost I studied and analyzed the evolution of one of the most sophisticated exploit kits out there – Magnitude EK – for a whole year. --------------------------------------------- https://securelist.com/magnitude-exploit-kit-evolution/97436/ ∗∗∗ Sodinokibi Ransomware Now Scans Networks For PoS Systems ∗∗∗ --------------------------------------------- Attackers are compromising large companies with the Cobalt Strike malware, and then deploying the Sodinokibi ransomware. --------------------------------------------- https://threatpost.com/sodinokibi-ransomware-now-scans-networks-for-pos-sys… ∗∗∗ Hakbit Ransomware Attack Uses GuLoader, Malicious Microsoft Excel Attachments ∗∗∗ --------------------------------------------- Recent spearphishing emails spread the Hakbit ransomware using malicious Microsoft Excel attachments and the GuLoader dropper. --------------------------------------------- https://threatpost.com/hackbit-ransomware-attack-uses-guloader-malicious-mi… ∗∗∗ Using Shell Links as zero-touch downloaders and to initiate network connections, (Wed, Jun 24th) ∗∗∗ --------------------------------------------- Probably anyone who has used any modern version of Windows is aware of their file-based shortcuts, also known as LNKs or Shell Link files. Although they were intended as a simple feature to make Windows a bit more user-friendly, over the years, a significant number[1] of vulnerabilities were identified in handling of LNKs. Many of these vulnerabilities lead to remote code execution and one (CVE-2010-2568) was even used in creation of the Stuxnet worm. --------------------------------------------- https://isc.sans.edu/diary/rss/26276 ∗∗∗ Three words you do not want to hear regarding a secure browser called SafePay... Remote. Code. Execution ∗∗∗ --------------------------------------------- How Bitdefenders security software was caught napping by ad-block bod Folks running Bitdefenders Total Security 2020 package should check they have the latest version installed following the disclosure of a remote code execution bug. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2020/06/24/bitdefender_… ∗∗∗ WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group ∗∗∗ --------------------------------------------- WastedLocker is a new ransomware locker we’ve detected being used since May 2020. We believe it has been in development for a number of months prior to this and was started in conjunction with a number of other changes we have seen originate from the Evil Corp group in 2020. Evil Corp were previously associated to the Dridex malware and BitPaymer ransomware, the latter came to prominence in the first half of 2017. Recently Evil Corp has changed a number of TTPs related to their operations further described in this article. --------------------------------------------- https://blog.fox-it.com/2020/06/23/wastedlocker-a-new-ransomware-variant-de… ∗∗∗ Gefälschte PayLife-Mails im Umlauf ∗∗∗ --------------------------------------------- Unter verschiedenen Vorwänden versuchen BetrügerInnen derzeit an Zugangs- und Kreditkartendaten von PayLife-KundInnen zu kommen. Kommt man den Aufforderungen in diesen Mails nicht nach, wird mit einer Sperre der Karte oder anderen Einschränkungen gedroht. Folgen Sie dem Link in diesen Mails nicht und laden Sie auch keine „Kartensicherheits-App“ herunter! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-paylife-mails-im-umlauf/ ∗∗∗ Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices ∗∗∗ --------------------------------------------- A new hybrid malware capable of cryptojacking and launching DDoS was discovered in the wild, which weve named "Lucifer." --------------------------------------------- https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybr… ∗∗∗ This sneaky malware goes to unusual lengths to cover its tracks ∗∗∗ --------------------------------------------- Glupteba creates a backdoor into infected Windows systems - and researchers think itll be offered to cyber criminals as an easy means of distributing other malware. --------------------------------------------- https://www.zdnet.com/article/this-sneaky-malware-goes-to-unusual-lengths-t… ===================== = Vulnerabilities = ===================== ∗∗∗ Kritische Sicherheitslücke bedroht Magento-Shops ∗∗∗ --------------------------------------------- Angreifer könnten Onlineshops auf Magento-Basis attackieren und im schlimmsten Fall komplett übernehmen. --------------------------------------------- https://heise.de/-4793608 ∗∗∗ Kritische Lücke: Helpdesk-App auf Qnap-NAS lädt Angreifer ein ∗∗∗ --------------------------------------------- Qnap hat eine wichtige Aktualisierung für die Support-App Helpdesk veröffentlicht. --------------------------------------------- https://heise.de/-4794415 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel, ntp, and unbound), Fedora (php-horde-horde and tcpreplay), openSUSE (chromium, java-1_8_0-openj9, mozilla-nspr, mozilla-nss, and opera), Oracle (gnutls, grafana, thunderbird, and unbound), Red Hat (candlepin and satellite, docker, microcode_ctl, openstack-keystone, openstack-manila and openstack-manila, and qemu-kvm-rhev), Scientific Linux (kernel and ntp), Slackware (ntp), SUSE (curl, libreoffice, libssh2_org, and php5), and Ubuntu (curl). --------------------------------------------- https://lwn.net/Articles/824378/ ∗∗∗ VMware Produkte: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0622 ∗∗∗ Security Bulletin: IBM Security Guardium is affected by Use of Hard-Coded Credentials vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Multiple vulnerabilities have been identified in IBM Tivoli Netcool/OMNIbus Probe for Network Node Manager i (CVE-2009-3555) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OS Command Injection vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Speech to Text, Text to Speech ICP WebSphere Application Server Liberty Fix ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-speech-to-text-text-to-sp… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.06.2020
by Daily end-of-shift report 23 Jun '20

23 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Montag 22-06-2020 18:00 − Dienstag 23-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Comparing Office Documents with WinMerge, (Mon, Jun 22nd) ∗∗∗ --------------------------------------------- Sometimes I have to compare the internals of Office documents (OOXML files, e.g. ZIP container with XML files, ...). Since they are ZIP containers, I have to compare the files within. I used to do this with with zipdump.py tool, but recently, I started to use WinMerge because of its graphical user interface. --------------------------------------------- https://isc.sans.edu/diary/rss/26268 ∗∗∗ HTTP Request Smuggling: Abusing Reverse Proxies ∗∗∗ --------------------------------------------- SANS Penetration Testing blog about exploiting differences between web servers and their reverse proxies --------------------------------------------- https://www.sans.org/blog/http-request-smuggling-abusing-reverse-proxies?ms… ∗∗∗ XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers ∗∗∗ --------------------------------------------- We have recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers; these are XORDDoS malware and Kaiji DDoS malware. While the XORDDoS attack infiltrated the Docker server to infect all the containers hosted on it, the Kaiji attack deploys its own container that will contain its DDoS malware. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/xorddos-kaiji-b… ∗∗∗ Vorschussbetrug: Ein Opfer berichtet… ∗∗∗ --------------------------------------------- Vorschussbetrug funktioniert immer ähnlich: Ihnen wird per E-Mail mitgeteilt, dass Sie auserwählt wurden, einen sehr hohen Geldbetrag zu erhalten. Jedoch müssen Sie vorab eine Geldsumme überweisen – angeblich für Zertifikate, Spesen, die Abwicklung der Überweisung oder Ähnliches. Erst dann kann der Betrag an Sie übermittelt werden. Achtung: Den angeblichen Geldbetrag erhalten Sie nie und das vorab überwiesene Geld ist weg! --------------------------------------------- https://www.watchlist-internet.at/news/vorschussbetrug-ein-opfer-berichtet/ ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdate Bitdefender: Websites könnten Schadcode auf PCs schleusen ∗∗∗ --------------------------------------------- In einer aktualisierten Version von Bitdefender Internet Security haben die Entwickler eine Sicherheitslücke geschlossen. Das Angriffsrisiko gilt als hoch. --------------------------------------------- https://heise.de/-4792200 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (thunderbird), Debian (wordpress), Fedora (ca-certificates, kernel, libexif, and tomcat), openSUSE (chromium, containerd, docker, docker-runc, golang-github-docker-libnetwork, fwupd, osc, perl, php7, and xmlgraphics-batik), Oracle (unbound), Red Hat (containernetworking-plugins, dpdk, grafana, kernel, kernel-rt, kpatch-patch, libexif, microcode_ctl, ntp, pcs, and skopeo), Scientific Linux (unbound), SUSE (kernel, mariadb, mercurial, and xawtv), and Ubuntu (mutt, nfs-utils). --------------------------------------------- https://lwn.net/Articles/824264/ ∗∗∗ Atlassian Jira Software: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann eine Schwachstelle in Atlassian Jira Software ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0617 ∗∗∗ Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020 ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM API Connect V2018 (ova) is vulnerable to denial of service (CVE-2020-8551, CVE-2020-8552) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v2018-ova… ∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2020-4323) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: PowerVC is impacted by an Openstack Nova vulnerability which could leak consoleauth tokens into log files (CVE-2015-9543) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-powervc-is-impacted-by-an… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OS Command Injection vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Hard-coded passwords vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2020-4327) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2020-4413) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ KLCERT-20-014: Session token exposed in Honeywell ControlEdge PLC and RTU ∗∗∗ --------------------------------------------- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/06/23/klce… ∗∗∗ KLCERT-20-013: Unencypted password transmission in Honeywell ControlEdge PLC and RTU ∗∗∗ --------------------------------------------- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/06/23/klce… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.06.2020
by Daily end-of-shift report 22 Jun '20

22 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 19-06-2020 18:00 − Montag 22-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Top 8 tips for office security when employees are working from home ∗∗∗ --------------------------------------------- Who’s minding the store? Cybersecurity has become even more high profile during the current COVID-19 pandemic. A recent warning from the UK National Cyber Security Centre and the US Department of Homeland Security talks of state-backed hackers targeting healthcare organizations. Many other examples of pandemic-focused cyberattacks have popped up since the coronavirus appeared. --------------------------------------------- https://resources.infosecinstitute.com/top-8-tips-for-office-security-when-… ∗∗∗ Web skimming with Google Analytics ∗∗∗ --------------------------------------------- Recently, we identified several cases where Google Analytics was misused: attackers injected malicious code into sites, which collected all the data entered by users, and then sent it via Analytics. --------------------------------------------- https://securelist.com/web-skimming-with-google-analytics/97414/ ∗∗∗ Pi Zero HoneyPot , (Sat, Jun 20th) ∗∗∗ --------------------------------------------- The ISC has had a Pi honeypot(1) for the last couple of years, but I haven't had much time to try it on the Pi zero. Recently, I've had a chance to try it out, and it works great. --------------------------------------------- https://isc.sans.edu/diary/rss/26260 ∗∗∗ Hijacking DLLs in Windows ∗∗∗ --------------------------------------------- DLL Hijacking is a popular technique for executing malicious payloads. This post lists nearly 300 executables vulnerable to relative path DLL Hijacking on Windows 10 (1909), and shows how with a few lines of VBScript some of the DLL hijacks can be executed with elevated privileges, bypassing UAC. --------------------------------------------- https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows ∗∗∗ Turn on MFA Before Crooks Do It For You ∗∗∗ --------------------------------------------- Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who dont take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Heres the story of one such incident. --------------------------------------------- https://krebsonsecurity.com/2020/06/turn-on-mfa-before-crooks-do-it-for-you/ ∗∗∗ Achtung vor gefährlicher "BawagPSK" Phishing-SMS ∗∗∗ --------------------------------------------- BetrügerInnen senden derzeit eine SMS-Nachricht im Namen der BAWAG P.S.K. aus. Als Absender wird keine Telefonnummer, sondern „BawagPSK“ angegeben. Laut der Nachricht müssen Sie einem Link folgen, um eine Anfrage zu Ihrem mobilen Banking zu bestätigen. Folgen Sie dem Link nicht! Er führt auf eine gefälschte Website und eingegebene Daten landen direkt in den Händen der Kriminellen. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-gefaehrlicher-bawagpsk-p… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdate: Firmware-Bug gefährdet XG Firewalls von Sophos ∗∗∗ --------------------------------------------- Angreifer könnten über ein Schlupfloch in Sophos XG Firewalls Schadcode in Netzwerken ausführen. --------------------------------------------- https://heise.de/-4790793 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (lynis, mutt, neomutt, ngircd, and rails), Mageia (gnutls), Oracle (thunderbird), Red Hat (chromium-browser, gnutls, grafana, thunderbird, and unbound), Scientific Linux (thunderbird and unbound), and SUSE (bind, java-1_8_0-openjdk, kernel, libgxps, and osc). --------------------------------------------- https://lwn.net/Articles/824113/ ∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Elastic Elasticsearch ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-… ∗∗∗ Security Bulletin: OpenSSL for IBM i is affected by CVE-2020-1967 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affe… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Potential vulnerability with FasterXML jackson-databind ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-w… ∗∗∗ Security Bulletin: Multiple potential vulnerabilities in Node.js ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-potential-vulner… ∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-… ∗∗∗ Security Bulletin: Apache Commons FileUpload (Publicly disclosed vulnerability) in IBM eDiscovery Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-fileupload… ∗∗∗ Security Bulletin: January 2020 Critical Patch Update for Java ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-january-2020-critical-pat… ∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-… ∗∗∗ Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-ser… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.06.2020
by Daily end-of-shift report 19 Jun '20

19 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 18-06-2020 18:00 − Freitag 19-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers use fake Windows error logs to hide malicious payload ∗∗∗ --------------------------------------------- Hackers have been using fake error logs to store ASCII characters disguised as hexadecimal values that decode to a malicious payload designed to prepare the ground for script-based attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-use-fake-windows-err… ∗∗∗ IBM Maximo Asset Management servers patched against attacks ∗∗∗ --------------------------------------------- Details are hazy but the overall story is clear: if you use IBM’s Maximo Asset Management, make sure you’re patched. --------------------------------------------- https://nakedsecurity.sophos.com/2020/06/19/ibm-maximo-asset-management-ser… ∗∗∗ Sicherheitsupdate für CMS: Drupal anfällig für Remote Code Execution ∗∗∗ --------------------------------------------- Die Drupal-Entwickler haben zwei Sicherheitslücken in mehreren Versionen des Content Management Systems geschlossen. --------------------------------------------- https://heise.de/-4789539 ∗∗∗ Security: Four zero-days spotted in attacks on honeypot systems ∗∗∗ --------------------------------------------- Previously unknown attacks used against fake systems show big problems remain with industrial systems security. --------------------------------------------- https://www.zdnet.com/article/security-four-zero-day-attacks-spotted-in-att… ===================== = Vulnerabilities = ===================== ∗∗∗ BlackBerry Powered by Android Security Bulletin - June 2020 ∗∗∗ --------------------------------------------- BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build. --------------------------------------------- https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumbe… ∗∗∗ Kritische 0day-Lücke in 79 Netgear-Router-Modellen ∗∗∗ --------------------------------------------- Über einen Fehler im eingebauten Webserver lassen sich die Geräte kapern – unter Umständen schon beim Besuch einer Webseite mit dem Exploit. --------------------------------------------- https://heise.de/-4789814 ∗∗∗ VMSA-2020-0014 ∗∗∗ --------------------------------------------- VMware Tools for macOS update addresses a denial-of-service vulnerability (CVE-2020-3972) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0014.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7), Fedora (dbus, kernel, microcode_ctl, mingw-glib-networking, moby-engine, and roundcubemail), Mageia (libjpeg), openSUSE (chromium and rmt-server), Oracle (kernel and microcode_ctl), Red Hat (rh-nodejs8-nodejs and thunderbird), Slackware (bind), and SUSE (adns, containerd, docker, docker-runc, golang-github-docker-libnetwork, dbus-1, fwupd, gegl, gnuplot, guile, java-1_7_1-ibm, java-1_8_0-ibm, kernel, mozilla-nspr, mozilla-nss, perl, and [...] --------------------------------------------- https://lwn.net/Articles/823736/ ∗∗∗ Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Contract Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-ser… ∗∗∗ Security Bulletin: Multiple vulnerabilities affects IBM Engineering Requirements Management DOORS Next ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability identified in Apache ActiveMQ used in Cloud Pak System (CVE-2020-1941) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-identified-… ∗∗∗ Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-ser… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.06.2020
by Daily end-of-shift report 18 Jun '20

18 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 17-06-2020 18:00 − Donnerstag 18-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ FF Sandbox Escape (CVE-2020-12388) ∗∗∗ --------------------------------------------- In my previous blog post I discussed an issue with the Windows Kernel’s handling of Restricted Tokens which allowed me to escape the Chrome GPU sandbox. Originally I’d planned to use Firefox for the proof-of-concept as Firefox uses the same effective sandbox level as the Chrome GPU process for its content renderers. That means a FF content RCE would give code execution in a sandbox where you could abuse the Windows Kernel Restricted Tokens issue, [...] --------------------------------------------- https://googleprojectzero.blogspot.com/2020/06/ff-sandbox-escape-cve-2020-1… ∗∗∗ BofA Phish Gets Around DMARC, Other Email Protections ∗∗∗ --------------------------------------------- The June campaign was targeted and aimed at stealing online banking credentials. --------------------------------------------- https://threatpost.com/bofa-phish-gets-around-dmarc-other-email-protections… ∗∗∗ Broken phishing accidentally exploiting Outlook zero-day, (Thu, Jun 18th) ∗∗∗ --------------------------------------------- When we think of zero-days, what comes to mind are usually RCEs or other high-impact vulnerabilities. Zero-days, however, come in all shapes and sizes and many of them are low impact, as is the vulnerability were going to discuss today. What is interesting about it, apart from it allowing a sender of an e-mail to include/change a link in an e-mail when it is forwarded by Outlook, is that I noticed it being exploited in a low-quality phishing e-mail by what appears to be a complete accident. --------------------------------------------- https://isc.sans.edu/diary/rss/26254 ∗∗∗ Gefährliche SMS von Notify stiehlt Apple-ID ∗∗∗ --------------------------------------------- Zahlreiche Leserinnen und Leser melden der Watchlist Internet eine SMS-Nachricht im Namen von Apple. Als Absender ist keine Nummer sondern „Notify“ angegeben. Angeblich wurde das Apple-Konto gesperrt. Dem Link zur Freischaltung darf nicht gefolgt werden! Hier werden Apple-ID und Kreditkartendaten gestohlen und missbraucht. --------------------------------------------- https://www.watchlist-internet.at/news/gefaehrliche-sms-von-notify-stiehlt-… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco IP Phones Call Log Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Web Access feature of Cisco IP Phones could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Sicherheitsupdates: Cisco Webex Meetings kann sich an Fake-Updates verschlucken ∗∗∗ --------------------------------------------- Der Netzwerkausrüster Cisco hat wichtige Sicherheitsupdates für etwa Data Center Network Manager, verschiedene Router und Webex Meetings veröffentlicht. --------------------------------------------- https://heise.de/-4787456 ∗∗∗ CPU-Sicherheitslücken bei AMD-Kombiprozessoren: BIOS-Updates kommen ∗∗∗ --------------------------------------------- AMDs Kombiprozessoren der Jahre 2016 bis 2019, also auch Ryzen-Modellen, fehlen Sicherheitschecks, um SMM-Code im RAM zu verstecken. --------------------------------------------- https://heise.de/-4788807 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7 and python-django), Fedora (glib-networking, kernel, kernel-headers, and nghttp2), openSUSE (adns, chromium, file-roller, and libEMF), SUSE (java-1_7_1-ibm), and Ubuntu (bind9 and nss). --------------------------------------------- https://lwn.net/Articles/823461/ ∗∗∗ Synology-SA-20:14 SRM ∗∗∗ --------------------------------------------- Multiple vulnerabilities allow remote attackers to execute arbitrary code via a susceptible version of Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_14 ∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0598 ∗∗∗ Internet Systems Consortium BIND: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0599 ∗∗∗ Microsoft Windows 10: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0601 ∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0609 ∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0604 ∗∗∗ Security Advisory - Improper Privilege Management Vulnerability in FusionShpere Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200617-… ∗∗∗ Security Bulletin: IBM API Connect V2018 is vulnerable to denial of service (CVE-2020-8551, CVE-2020-8552) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v2018-is-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4469, CVE-2020-4471, CVE-2020-4470) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager (October 2019, January 2020 and April 2020 CPUs) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – CVE-2020-2654 (deferred from Oracle Jan 2020 CPU) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-o… ∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – IBM SDK, Java Technology Edition Quarterly CPU – Apr 2020 – Includes Oracle Apr 2020 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-o… ∗∗∗ Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-i… ∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – CVE-2019-2949 (deferred from Oracle Oct 2019 CPU) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-o… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU for IBM MQ – Jan 2020 – Includes Oracle Jan 2020 CPU minus CVE-2020-2585, CVE-2020-2654, and CVE-2020-2590 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.06.2020
by Daily end-of-shift report 17 Jun '20

17 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 16-06-2020 18:00 − Mittwoch 17-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Do cybercriminals play cyber games during quarantine? ∗∗∗ --------------------------------------------- Thanks to the coronavirus pandemic, the role of the Internet in our lives has undergone changes, including irreversible ones. We decided to take a closer look at the changes around us through the prism of information security, starting with the video game industry. --------------------------------------------- https://securelist.com/do-cybercriminals-play-cyber-games-during-quarantine… ∗∗∗ When NTP Kills Your Sandbox ∗∗∗ --------------------------------------------- If it’s common to say that “Everything is a Freaking DNS problem“, other protocols can also be the source of problems… NTP (“Network Time Protocol”) is also a good candidate! A best practice is to synchronize all your devices via NTP but also to set up the same timezone! We [...] --------------------------------------------- https://blog.rootshell.be/2020/06/17/when-ntp-kills-your-sandbox/ ∗∗∗ A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software ∗∗∗ --------------------------------------------- [...] The vulnerability represents a new attack vector that allows attackers to create fake USB devices, fully trusted by the Windows operating system (kernel), to attack a machine in unconventional and unexpected ways. --------------------------------------------- https://labs.sentinelone.com/click-from-the-backyard-cve-2020-9332/ ∗∗∗ Ripple20 erschüttert das Internet der Dinge ∗∗∗ --------------------------------------------- Eine Reihe von teils kritischen Sicherheitslücken in einer TCP/IP-Implementierung gefährdet Geräte in Haushalten, Krankenhäusern und Industrieanlagen. --------------------------------------------- https://heise.de/-4786249 ∗∗∗ Embedded security fails in ICS ∗∗∗ --------------------------------------------- Over the last 5 years, we’ve seen an increasing use of open-source software in ICS (Industrial Control Systems) devices, with a move away from traditional RTOS (Real Time Operating System) [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/embedded-security-fails-in-ic… ∗∗∗ Vorsicht bei der Wohnungssuche: Günstige Traumwohnung könnte Betrug sein! ∗∗∗ --------------------------------------------- Es ist kaum zu glauben: Zentrale Lage in der Wiener Innenstadt. Eingerichtet mit neuesten Möbeln und Geräten. 87m2 und dazu noch eine Terrasse oder einen Balkon. Das Beste daran: Die Miete beträgt nur 450 Euro monatlich, weit unter dem Durchschnitt also. Kennen Sie ähnlich verlockende Wohnungsinserate? Wenn ja, sollten Sie vorsichtig sein und sich den Anbieter oder die Anbieterin genauer ansehen, bevor Sie bei dem verlockenden Schnäppchen zusagen! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-der-wohnungssuche-guens… ===================== = Vulnerabilities = ===================== ∗∗∗ SaltStack FrameWork Vulnerabilities Affecting Cisco Products ∗∗∗ --------------------------------------------- On April 29, 2020, the Salt Open Core team notified their community regarding the following two CVE-IDs: CVE-2020-11651: Authentication Bypass Vulnerability CVE-2020-11652: Directory Traversal Vulnerability Cisco Modeling Labs Corporate Edition (CML), Cisco TelePresence IX5000 Series, and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ ICS Advisory (ICSA-20-168-01) - Treck TCP/IP Stack ∗∗∗ --------------------------------------------- CISA is aware of a public report, known as "Ripple20" that details vulnerabilities found in the Treck TCP/IP stack. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-168-01 ∗∗∗ Linux-Kernel: ACPI-Bug hebelt Schutzmechanismen von UEFI Secure Boot aus ∗∗∗ --------------------------------------------- Ein Bug im Linux-Mainline-Kernel könnte Angreifern das Laden unsignierter Kernel-Module trotz UEFI Secure Boot ermöglichen. PoC-Code und ein Patch liegen vor. --------------------------------------------- https://heise.de/-4786877 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (dbus and intel-ucode), CentOS (libexif), Debian (vlc), SUSE (xen), and Ubuntu (dbus, libexif, and nss). --------------------------------------------- https://lwn.net/Articles/823283/ ∗∗∗ Security Bulletin: WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Security Vulnerabilities in IBM® Java SDK April 2020 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: Information disclosure vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4532 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server and IBM WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.06.2020
by Daily end-of-shift report 16 Jun '20

16 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Montag 15-06-2020 18:00 − Dienstag 16-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ New Java STRRAT ships with .crimson ransomware module ∗∗∗ --------------------------------------------- This Java based malware installs RDPWrap, steals credentials, logs keystrokes and remote controls Windows systems. It may soon be capable to infect without Java installed. --------------------------------------------- https://www.gdatasoftware.com/blog/strrat-crimson ∗∗∗ SOHO Device Exploitation ∗∗∗ --------------------------------------------- This blog describes one such session of auditing the Netgear R7000 router, analyzing the resulting vulnerability, and the exploit development process that followed. The write-up and code for the vulnerability described in this blog post can be found in our NotQuite0DayFriday repository. --------------------------------------------- https://blog.grimm-co.com/2020/06/soho-device-exploitation.html ∗∗∗ The Curious Case of Copy & Paste – on risks of pasting arbitrary content in browsers ∗∗∗ --------------------------------------------- This writeup is a summary of my research on issues in handling copying and pasting in: browsers, popular WYSIWYG editors, and websites. --------------------------------------------- https://research.securitum.com/the-curious-case-of-copy-paste/ ∗∗∗ 19 Zero-Day Vulnerabilities Amplified by the Supply Chain ∗∗∗ --------------------------------------------- The JSOF research lab has discovered a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. The 19 vulnerabilities, given the name Ripple20, affect hundreds of millions of devices (or more), and include multiple remote code execution vulnerabilities. The risks inherent in this situation are high. Just a few examples: data could be stolen off of a printer, an infusion pump behavior changed, or industrial control devices could be made to [...] --------------------------------------------- https://www.jsof-tech.com/ripple20/ ∗∗∗ Fake-Trachtenshops werben auf Facebook & Instagram ∗∗∗ --------------------------------------------- Auf Facebook und Instagram sind wir umgeben von Werbung, jedoch ist nicht jede Werbeschaltung seriös. Aktuell werben die Fake-Shops marjo-trachten.com, statuskelidmode.de und linennew.com intensiv mit Facebook-Anzeigen. Wer dort bestellt hat, wird trotz Bezahlung keine oder nur minderwertige Ware bekommen! --------------------------------------------- https://www.watchlist-internet.at/news/fake-trachtenshops-werben-auf-facebo… ∗∗∗ Warning issued over hackable security cameras ∗∗∗ --------------------------------------------- The owners of the vulnerable indoor cameras are advised to unplug the devices immediately --------------------------------------------- https://www.welivesecurity.com/2020/06/15/warning-issued-hackable-security-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Campaign Classic (APSB20-34), Adobe After Effects (APSB20-35), Adobe Illustrator (APSB20-37), Adobe Premiere Pro (APSB20-38), Adobe Premiere Rush (APSB20-39) and Adobe Audition (APSB20-40). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1884 ∗∗∗ Beckhoff Security Advisory 2020-002: EtherLeak in TwinCAT RT network driver ∗∗∗ --------------------------------------------- In case an network interface sends Ethernet frames with payloads smaller than the minimum frame length, memory content is disclosed within the padding. --------------------------------------------- https://download.beckhoff.com/download/document/product-security/Advisories… ∗∗∗ Root-Lücke bedroht IBM Spectrum Protect Server ∗∗∗ --------------------------------------------- Unter anderem gefährliche Sicherheitslücken in IBMs Datenbankmanagementsystem Db2 gefährden Spectrum Protect Server. --------------------------------------------- https://heise.de/-4785158 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (galera, grafana, libjcat, libvirt, mariadb-connector-c, and perl), Gentoo (asterisk, bubblewrap, cyrus-imapd, faad2, json-c, openconnect, openjdk-bin, pcre2, PEAR-Archive_Tar, thunderbird, and tomcat), Mageia (mbedtls and scapy), openSUSE (libntlm, libupnp, prboom-plus, varnish, and xen), Oracle (libexif), Red Hat (kpatch-patch), Scientific Linux (libexif), SUSE (mariadb, nodejs6, and poppler), and Ubuntu (apport). --------------------------------------------- https://lwn.net/Articles/823199/ ∗∗∗ Synology-SA-20:13 CallStranger ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to obtain sensitive information or conduct denial-of-service attack via a susceptible version of Synology Router Manager (SRM) or Media Server. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_13 ∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0588 ∗∗∗ Security Bulletin: Vulnerabilities addressed in IBM Cloud Pak System (CVE-2019-4521, CVE-2019-4095) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-addressed… ∗∗∗ Security Bulletin: IBM MQ is vulnerable to a denial of service attack due to an error within the Data Conversion logic. (CVE-2020-4310) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU for WebSphere MQ Internet Pass-Thru – April 2020 – Includes Oracle April 2020 CPU (CVE-2020-2781) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by OpenSSL vulnerabilities (CVE-2019-1547 and CVE-2019-1563) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: IBM MQ and MQ Appliance could allow an authenticated user cause a denial of service due to a memory leak. (CVE-2020-4267) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-mq-appliance-c… ∗∗∗ Security Bulletin: Security Vulnerabilities in IBM® Java SDK April 2020 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by Network Security Services (NSS) vulnerabilities (CVE-2019-11729 and CVE-2019-11745) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: Cross-site scripting vulnerability in IBM Cloud Pak System (CVE-2019-4098) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: IBM MQ AMQP channels fail to block connections restricted by SSLPEER setting (CVE-2020-4320) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-amqp-channels-fail… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.06.2020
by Daily end-of-shift report 15 Jun '20

15 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 12-06-2020 18:00 − Montag 15-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Mirai Botnet Activity, (Sat, Jun 13th) ∗∗∗ --------------------------------------------- This past week, I noticed new activity from the Mirai botnet in my honeypot. The sample log with the IP and file associated with the first log appears to have been taken down (96.30.193.26) which appeared multiple times this week including today. However, the last two logs from today are still active which is using a Bash script to download multiple exploits targeting various device types (MIPS, ARM4-7, MPSL, x86, PPC, M68k). Something else of interest is the User-Agent: XTC and the name viktor [...] --------------------------------------------- https://isc.sans.edu/diary/rss/26234 ∗∗∗ What is the Gibberish Hack? ∗∗∗ --------------------------------------------- Discovering some random folder with numbers and letters you don’t remember on your website would make any website owner put on their detective cap. At first, you may think, “Did I leave my FTP client open and my cat ran across the keyboard?” But when you open the folder, you find a series of HTML files, each named with some kind of nonsensical phrases like “cheap-cool-hairstyles-photos.html.” If you open one of these files on the browser, you’ll likely be [...] --------------------------------------------- https://blog.sucuri.net/2020/06/gibberish-hack.html ===================== = Vulnerabilities = ===================== ∗∗∗ D-Link patcht älteren WLAN-Router DIR-865L – aber nur ein bisschen ∗∗∗ --------------------------------------------- Ein wichtiges Sicherheitsupdate für den WLAN-Router DIR865L schließt mehrere Sicherheitslücken. Eine kritische Schwachstelle bleibt aber offen. --------------------------------------------- https://heise.de/-4783566 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (intel-microcode, libexif, mysql-connector-java, and thunderbird), Fedora (gnutls, grafana, kernel, kernel-headers, mingw-gnutls, mod_auth_openidc, NetworkManager, and pdns-recursor), Gentoo (adobe-flash, ansible, chromium, firefox, glibc, mailutils, nokogiri, readline, ssvnc, and webkit-gtk), Mageia (axel, bind, dbus, flash-player-plugin, libreoffice, networkmanager, and roundcubemail), openSUSE (java-1_8_0-openjdk, kernel, nodejs8, rubygem-bundler, [...] --------------------------------------------- https://lwn.net/Articles/823107/ ∗∗∗ Security Bulletin: Vulnerability in Apache Tomcat affects IBM Spectrum Protect Plus (CVE-2020-1938) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-t… ∗∗∗ Security Bulletin: IBM Spectrum Protect Plus vulnerable to Logjam (CVE-2015-4000) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-plus… ∗∗∗ Security Bulletin: Multiple Java vulnerabilities affect IBM Spectrum Protect Plus ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-java-vulnerabili… ∗∗∗ Security Bulletin: Vulnerability in MongoDB affects IBM Spectrum Protect Plus (CVE-2019-2389) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-mongodb-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4469, CVE-2020-4471, CVE-2020-4470) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in Go programming language affects IBM Spectrum Protect Server (CVE-2019-16276) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-go-progr… ∗∗∗ Security Bulletin: Db2 vulnerabilities affect IBM Spectrum Protect Server (CVE-2020-4230, CVE-2020-4135, CVE-2020-4204, CVE-2020-4200) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-db2-vulnerabilities-affec… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects the IBM Spectrum Protect Server (CVE-2019-2989) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2019-4732, CVE-2019-2989, CVE-2019-2964) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Denial of Service vulnerability in Linux Kernel affects IBM Spectrum Protect Plus (CVE-2020-12114) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnera… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.06.2020
by Daily end-of-shift report 12 Jun '20

12 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 10-06-2020 18:00 − Freitag 12-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers are quick to notice exposed Elasticsearch servers ∗∗∗ --------------------------------------------- Bad guys find unprotected Elasticsearch servers exposed on the web faster than search engines can index them. A study found that threat actors are mainly going for cryptocurrency mining and credential theft. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-are-quick-to-notice-… ∗∗∗ Intel patches chip flaw that could leak your cryptographic secrets ∗∗∗ --------------------------------------------- Intel chip features that were intended to help you do cryptography better could have leaked your inner secrets. --------------------------------------------- https://nakedsecurity.sophos.com/2020/06/12/intel-patches-chip-flaw-that-co… ∗∗∗ ConnectWise issues a slightly scary but unusually significant security advisory ∗∗∗ --------------------------------------------- Because IT service providers use ConnectWise to run your IT and this is its first-ever bug report ConnectWise isn't a vendor most Reg readers deal with directly, but the fact the company has just issued its first-ever security advisory deserves attention. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2020/06/12/connectwise_… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (tomcat), Debian (intel-microcode, libphp-phpmailer, mysql-connector-java, python-django, thunderbird, and xawtv), Fedora (kernel and thunderbird), Gentoo (perl), openSUSE (libexif and vim), Oracle (dotnet, kernel, microcode_ctl, and tomcat), Red Hat (net-snmp), Scientific Linux (libexif and tomcat), Slackware (kernel), and SUSE (adns, audiofile, ed, kvm, nodejs12, and xen). --------------------------------------------- https://lwn.net/Articles/822964/ ∗∗∗ Critical Vulnerabilities Expose Siemens LOGO! Controllers to Attacks ∗∗∗ --------------------------------------------- Siemens’ LOGO! programmable logic controllers (PLCs) are affected by critical vulnerabilities that can be exploited remotely to launch denial-of-service (DoS) attacks and modify the device’s configuration. --------------------------------------------- https://www.securityweek.com/critical-vulnerabilities-expose-siemens-logo-c… ∗∗∗ 6 New Vulnerabilities Found on D-Link Home Routers ∗∗∗ --------------------------------------------- Six new D-Link vulnerabilities found in D-Links DIR-865L home cloud router. Consumers should patch ASAP. --------------------------------------------- https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-h… ∗∗∗ Vulnerabilities in Citrix Workspace app and Receiver for Windows ∗∗∗ --------------------------------------------- Vulnerabilities have been identified in Citrix Workspace app and Receiver for Windows that could result in a local user escalating their privilege level to administrator during the uninstallation process. --------------------------------------------- https://support.citrix.com/article/CTX275460 ∗∗∗ Red Hat JBoss Application Server (JBoss): Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0580 ∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0579 ∗∗∗ WordPress: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0583 ∗∗∗ Security Advisory - Denial of Service Vulnerability in Huawei FusionAccess Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200610-… ∗∗∗ Security Advisory - FasterXML Jackson-databind Injection Vulnerability in Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200610-… ∗∗∗ Security Bulletin: Vulnerabilities CVE-2020-1927 and CVE-2020-1934 in Apache HTTP Server affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-cve-2020-… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Program Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: IBM Workload Scheduler potentially vulnerable to cross site scripting ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-workload-scheduler-po… ∗∗∗ Security Bulletin: IBM Event Streams is affected by Apache CXF vulnerability CVE-2019-12406 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Contract Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: IBM Event Streams is affected by Go vulnerability CVE-2019-16276 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: IBM Event Streams is affected by WebSphere Liberty Profile vulnerability CVE-2019-4441 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: IBM Event Streams is affected by jackson-databind vulnerability CVE-2019-20330 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: IBM API Connect V5 is vulnerable to cross site scripting (XSS) (CVE-2020-4251) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v5-is-vul… ∗∗∗ Security Bulletin: IBM Event Streams is affected by kafka vulnerability CVE-2019-12399 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.06.2020
by Daily end-of-shift report 10 Jun '20

10 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 09-06-2020 18:00 − Mittwoch 10-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Zahlreiche Beschwerden zu Kammerjaeger.pro, elektro-24.info und anderen Handwerkern ∗∗∗ --------------------------------------------- Ungeziefer zuhause? Die BetreiberInnen von der Seite Kammerjaeger.pro sollten Sie bei Problemen mit Schädlingen lieber nicht beauftragen. Denn: KonsumentInnen berichten von überhöhten Zahlungsforderungen. Nachträgliche Beschwerden sind nicht möglich, da nach der Bezahlung niemand mehr erreichbar ist. --------------------------------------------- https://www.watchlist-internet.at/news/zahlreiche-beschwerden-zu-kammerjaeg… ∗∗∗ Neue Quiz-App: Testen Sie Ihr Wissen zum Thema Internetsicherheit! ∗∗∗ --------------------------------------------- Wissen Sie was Phishing bedeutet? Erkennen Sie einen Fake-Shop? Durchschauen Sie Abo-Fallen? Testen und stärken Sie Ihr Wissen mit der neuen Quiz-App zum Thema Internetsicherheit. --------------------------------------------- https://www.watchlist-internet.at/news/neue-quiz-app-testen-sie-ihr-wissen-… ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: Microsoft lässt über 120 Sicherheitsupdates auf Windows & Co. los ∗∗∗ --------------------------------------------- Wer Betriebssysteme und Software von Microsoft nutzt, sollte sicherstellen, dass die aktuellen Updates installiert sind. --------------------------------------------- https://heise.de/-4779414 ∗∗∗ Blackberry BSRT-2020-002 Input Validation Vulnerability in Server Configuration Management Impacts BlackBerry Workspaces Server (deployed with Appliance-X) ∗∗∗ --------------------------------------------- This advisory addresses an input validation vulnerability in the server configuration management of affected versions of BlackBerry Workspaces Server (deployed with Appliance-X) that could potentially allow a successful attacker to conduct an information disclosure, tampering or denial of service attack. BlackBerry is not aware of any exploitation of this vulnerability. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Intel IPAS: Security Advisories for June 2020 ∗∗∗ --------------------------------------------- * INTEL-SA-00266 2020.1 IPU – Intel SSD Advisory * INTEL-SA-00295 2020.1 IPU – Intel CSME, SPS, TXE, AMT and DAL Advisory * INTEL-SA-00320 2020.1 IPU – Special Register Buffer Data Sampling * INTEL-SA-00322 2020.1 IPU – BIOS Advisory * INTEL-SA-00366 Intel Innovation Engine Advisory --------------------------------------------- https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-jun… ∗∗∗ SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol ∗∗∗ --------------------------------------------- Cybersecurity researchers today uncovered a new critical vulnerability affecting the Server Message Block (SMB) protocol that could allow attackers to leak kernel memory remotely, and when combined with a previously disclosed "wormable" bug, the flaw can be exploited to achieve remote code execution attacks. --------------------------------------------- https://thehackernews.com/2020/06/SMBleed-smb-vulnerability.html ∗∗∗ VMSA-2020-0013 ∗∗∗ --------------------------------------------- VMware Horizon Client for Windows update addresses privilege escalation vulnerability (CVE-2020-3961) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0013.html ∗∗∗ XSA-320 ∗∗∗ --------------------------------------------- Special Register Buffer speculative side channel --------------------------------------------- https://xenbits.xen.org/xsa/advisory-320.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, firefox, gnutls, python-django, thunderbird, tomcat7, tomcat8, and tomcat9), CentOS (unbound), Debian (bluez, firefox-esr, kernel, and linux-4.9), Oracle (kernel), Red Hat (.NET Core, .NET Core 3.1, kernel, kernel-rt, libexif, microcode_ctl, pcs, and virt:rhel), SUSE (gnutls, java-1_7_0-ibm, kernel, microcode_ctl, nodejs10, nodejs8, rubygem-bundler, texlive, texlive-filesystem, thunderbird, and ucode-intel), and Ubuntu (intel-microcode, [...] --------------------------------------------- https://lwn.net/Articles/822719/ ∗∗∗ WAGO: PPPD in PFC100 and PFC200 Series is vulnerable to CVE-2020-8597 ∗∗∗ --------------------------------------------- WAGO PLCs pppd is vulnerable to CVE-2020-8597 in case the daemon has been activated. --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-020 ∗∗∗ Citrix Hypervisor Security Updates ∗∗∗ --------------------------------------------- CTX275165 NewCitrix Hypervisor Security Updates Applicable Products: Citrix_Hypervisor_8_0, Citrix_Hypervisor_8_1, XenServer_7_0, XenServer_7_1_Cumulative_Update_2 [...] A security issue has been identified in certain CPU hardware that may allow unprivileged code running on a host to observe the entropy provided by the CPU to other processes, virtual machines or the hypervisor that are, or have recently been, running, irrespective of whether they are running on the same processor core or thread. For example, if a process in one guest VM were to use the RDSEED instruction to get a random value to use as a secret encryption key, another process in a different VM might be able to observe the result of that RDSEED instruction and so determine the secret encryption key. --------------------------------------------- https://support.citrix.com/article/CTX275165 ∗∗∗ Security Advisory - Insufficient Input Verification of Some Huawei products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200610-… ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200610-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200610-… ∗∗∗ Security Bulletin: IBM QRadar Network Packet Capture does not require that users should have strong passwords by default (CVE-2019-4576) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-packet… ∗∗∗ Security Bulletin: OpenSSL vulnerabilites impacting IBM Aspera Streaming for Video 3.8.0 and earlier (CVE-2019-1552) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-im… ∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Private – Go (CVE-2019-16276) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Public disclosed vulnerability from OpenSSL affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-public-disclosed-vulnerab… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple security vulnerabilities have been identified In Jackson Databind library shipped with IBM Global Mailbox (CVE-2019-14892, CVE-2019-14893) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux – January 2020 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.6.0 ESR) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.1.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Various vulnerabilities affecting certain Aspera applications (CVE-2020-4432, CVE-2020-4433, CVE-2020-4434, CVE-2020-4435, CVE-2020-4436) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-various-vulnerabilities-a… ∗∗∗ Dell BIOS & Computer: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0562 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.06.2020
by Daily end-of-shift report 09 Jun '20

09 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Montag 08-06-2020 18:00 − Dienstag 09-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ CallStranger: Große Sicherheitslücke betrifft Millionen UPnP-Geräte ∗∗∗ --------------------------------------------- Eine Schwachstelle im UPnP-Standard ermöglicht Netzwerk-Scans und DDoS-Angriffe. Bis alle Hersteller Updates bereitstellen, dürfte es lange dauern. --------------------------------------------- https://www.golem.de/news/callstranger-grosse-sicherheitsluecke-betrifft-mi… ∗∗∗ Sicherheitslücke: GnuTLS setzt Session-Keys auf null ∗∗∗ --------------------------------------------- Eine gravierende Sicherheitslücke in GnuTLS führt dazu, dass TLS-1.2-Verbindungen nachträglich entschlüsselt werden können. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-gnutls-setzt-session-keys-auf-n… ∗∗∗ Verwundbare NAS mit Photo Station: QNAP meldet neue Angriffe auf alte Lücken ∗∗∗ --------------------------------------------- Die Ransomware "eCh0raix " nutzt derzeit alte Einfallstore, um QNAP-NAS mit Photo Station anzugreifen. Updates für QTS stehen seit letztem Jahr bereit. --------------------------------------------- https://heise.de/-4778457 ∗∗∗ So erkennen Sie betrügerische KäuferInnen auf willhaben, shpock und Co ∗∗∗ --------------------------------------------- Der Verkauf gebrauchter Gegenstände über shpock, willhaben, ebay und Co verläuft in der Regel unkompliziert und problemlos, es sei denn, Sie geraten an unseriöse KäuferInnen. Behaupten KäuferInnen, dass sie den Betrag inklusive einer Versicherungsgebühr bei DHL oder einem anderen Versandunternehmen hinterlegt haben, dann handelt es sich um Betrug. Brechen Sie den Kontakt ab und ignorieren weitere E-Mails. --------------------------------------------- https://www.watchlist-internet.at/news/so-erkennen-sie-betruegerische-kaeuf… ===================== = Vulnerabilities = ===================== ∗∗∗ Adobe: Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB20-30), Adobe Experience Manager (APSB20-31) and Adobe Framemaker (APSB20-32). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1882 ∗∗∗ [Security-announce] VMSA-2020-0012 - VMware ESXi, Workstation and Fusion updates address out-of-bounds read vulnerability (CVE-2020-3960) ∗∗∗ --------------------------------------------- Impacted Products: * VMware vSphere ESXi (ESXi) * VMware Workstation Pro / Player (Workstation) * VMware Fusion Pro / Fusion (Fusion) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0012.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libpam-tacplus), Gentoo (gnutls), Oracle (unbound), Scientific Linux (freerdp and unbound), and SUSE (firefox, java-11-openjdk, java-1_7_0-openjdk, java-1_8_0-openjdk, nodejs10, and ruby2.1). --------------------------------------------- https://lwn.net/Articles/822588/ ∗∗∗ Citrix Systems Workspace App: Mehrere Schwachstellen ermöglichen Privilegieneskalation ∗∗∗ --------------------------------------------- Die Citrix Workspace App ist eine Client Software, die es ermöglicht von zahlreichen Geräten wie Smartphones, Tablets und PCs auf Dokumente, Applikationen und Desktops zuzugreifen. Ein lokaler Angreifer kann mehrere Schwachstellen in Citrix Systems Workspace App ausnutzen, um seine Privilegien zu erhöhen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0549 ∗∗∗ SAP Patchday Juni 2020 ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in SAP Produkten und Anwendungskomponenten ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität der Anwendungen zu gefährden. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0555 ∗∗∗ Siemens SSA-817401: Missing Authentication Vulnerability in SIEMENS LOGO! ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-817401.txt ∗∗∗ Siemens SSA-927095: UltraVNC Vulnerabilities in SINUMERIK Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-927095.txt ∗∗∗ Siemens SSA-352504: Urgent/11 TCP/IP Stack Vulnerabilities in Siemens Power Meters ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-352504.txt ∗∗∗ Siemens SSA-462066: Vulnerability known as TCP SACK PANIC in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-462066.txt ∗∗∗ Siemens SSA-480230: Denial-of-Service in Webserver of Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-480230.txt ∗∗∗ Siemens SSA-689942: Denial-of-Service and DLL Hijacking Vulnerabilities in Multiple SIMATIC Software Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-689942.txt ∗∗∗ Siemens SSA-312271: Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-312271.txt ∗∗∗ Security Bulletin: Vulnerability in Dojo Toolkit affecting Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-dojo-too… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.06.2020
by Daily end-of-shift report 08 Jun '20

08 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 05-06-2020 18:00 − Montag 08-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Fake ransomware decryptor double-encrypts desperate victims files ∗∗∗ --------------------------------------------- A fake decryptor for the STOP Djvu Ransomware is being distributed that lures already desperate people with the promise of free decryption. Instead of getting their files back for free, they are infected with another ransomware that makes their situation even worse. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-ransomware-decryptor-do… ∗∗∗ SMBGhost: Code für Windows-Exploit veröffentlicht ∗∗∗ --------------------------------------------- Auf Github ist nutzbarer Code für eine Sicherheitslücke im SMBv3-Protokoll veröffentlicht worden. Verwundbare Systeme sollten dringend gepatcht werden. --------------------------------------------- https://www.golem.de/news/smbghost-code-fuer-windows-exploit-veroeffentlich… ∗∗∗ Evasion Tactics in Hybrid Credit Card Skimmers ∗∗∗ --------------------------------------------- The most common type of Magento credit card stealing malware is client-side JavaScript that grabs data entered in a checkout form and sends it to a third-party server controlled by the attackers. Though popular with bad actors, one of the drawbacks of this approach is that it’s possible to track requests to suspicious servers if you monitor the traffic generated by checkout pages — or any other infected pages. A lesser-known, but still very popular, type of skimmer can instead be [...] --------------------------------------------- https://blog.sucuri.net/2020/06/evasion-tactics-in-hybrid-credit-card-skimm… ∗∗∗ Abo-Falle statt Gebrauchsanweisung auf anleitungenfinden.com ∗∗∗ --------------------------------------------- Sind Sie gerade auf der Suche nach einer Gebrauchsanweisung für Ihr Smartphone, Ihren Fernseher, ein Haushaltsgerät oder ähnliches? Dann nehmen Sie sich vor der Website anleitungefinden.com in Acht. Für den Betrag von 0,95 Euro sollen Sie die gewünschte Anleitung für Ihr Gerät erhalten. Tatsächlich schließen Sie damit aber ein verstecktes Abonnement über 49,95 Euro monatlich ab, das automatisch von Ihrer Kreditkarte abgebucht wird. --------------------------------------------- https://www.watchlist-internet.at/news/abo-falle-statt-gebrauchsanweisung-a… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (cups, dbus, gnutls28, graphicsmagick, libupnp, and nodejs), Fedora (gnutls, kernel, libarchive, php-phpmailer6, and sympa), openSUSE (axel, GraphicsMagick, libcroco, libreoffice, libxml2, and xawtv), Oracle (bind, firefox, freerdp, and kernel), Red Hat (bind, freerdp, and unbound), Scientific Linux (firefox), SUSE (dpdk, file-roller, firefox, gnuplot, libexif, php7, php72, slurm_20_02, and vim), and Ubuntu (gnutls28). --------------------------------------------- https://lwn.net/Articles/822512/ ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Apr 2020 – Includes Oracle Apr 2020 CPU minus CVE-2020-2773 affects Liberty for Java for IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to server side request forgery (SSRF) (CVE-2020-4529) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: There is an information disclosure vulnerability in Liberty for Java (CVE-2020-4329) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-there-is-an-information-d… ∗∗∗ Security Bulletin: Potential spoofing attack in Liberty for Java (CVE-2020-4421) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-spoofing-attack… ∗∗∗ Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java™ Technology Edition used in Liberty for Java ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-2949-may-affect-… ∗∗∗ Red Hat OpenShift Application Runtimes: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0543 ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0542 ∗∗∗ Node.js: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0544 ∗∗∗ ffmpeg: Schwachstelle ermöglicht nicht spezifizierten Angriff ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0548 ∗∗∗ Perl: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0546 ∗∗∗ ImageMagick: Schwachstelle ermöglicht nicht spezifizierten Angriff ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0545 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.06.2020
by Daily end-of-shift report 05 Jun '20

05 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 04-06-2020 18:00 − Freitag 05-06-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Ongoing eCh0raix ransomware campaign targets QNAP NAS devices ∗∗∗ --------------------------------------------- After remaining relatively quiet over the past few months, the threat actors behind the eCh0raix Ransomware have launched a brand new campaign targeting QNAP storage devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ongoing-ech0raix-ransomware-… ∗∗∗ Understanding the Payload-Less Email Attacks Evading Your Security Team ∗∗∗ --------------------------------------------- Business email compromise (BEC) attacks represent a small percentage of email attacks, but disproportionately represent the greatest financial risk. --------------------------------------------- https://threatpost.com/understanding-payload-less-email-attacks/156299/ ∗∗∗ Botnet blasts WordPress sites with configuration download attacks ∗∗∗ --------------------------------------------- A million sites attacked by 20,000 different computers. --------------------------------------------- https://nakedsecurity.sophos.com/2020/06/05/botnet-blasts-wordpress-sites-w… ∗∗∗ Not so FastCGI!, (Fri, Jun 5th) ∗∗∗ --------------------------------------------- This past month, we've seen some new and different scans targeting tcp ports between 8000 and 10,000. The first occurrence was on 30 April 2020 and originated from ip address 23.95.67.187 and containing payload: [...] --------------------------------------------- https://isc.sans.edu/diary/rss/26208 ∗∗∗ IBM Releases Open Source Toolkits for Processing Data While Encrypted ∗∗∗ --------------------------------------------- IBM this week announced the availability of open source toolkits that allow for data to be processed while it’s still encrypted. --------------------------------------------- https://www.securityweek.com/ibm-releases-open-source-toolkits-processing-d… ∗∗∗ Achtung: Gewinn24.de fordert hohe Geldsummen am Telefon ∗∗∗ --------------------------------------------- „Guten Tag, Inkassobüro XY spricht. Sie haben einen Abo-Vertrag mit Gewinn24 abgeschlossen und sind mit Ihrer Zahlung im Rückstand“. So oder so ähnlich beginnen BetrügerInnen, die im Auftrag von Gewinn24.de anrufen, das Telefongespräch. Ein vermeintliches Inkassobüro erklärt am Telefon, dass die Kosten für ein Abo mit Gewinn24.de nicht bezahlt wurden. Die Opfer wissen jedoch selten von so einem Abo. Das ist auch nicht verwunderlich: [...] --------------------------------------------- https://www.watchlist-internet.at/news/achtung-gewinn24de-fordert-hohe-geld… ∗∗∗ New Sandbox Evasions spot in VBS samples ∗∗∗ --------------------------------------------- While hidden Macro 4.0 samples are on the rise, we recently spotted some very interesting evasive VBS samples. In this short blog post, we will look at sample files#_56117.vbs, MD5: 147091e61ec59f67ab598d26f15ad0e7 and outline some of the evasive tricks. --------------------------------------------- http://blog.joesecurity.org/2020/06/new-evasive-vbs-samples-spot.html ∗∗∗ Ransomware nimmt Windows- und Linux-Systeme mit neuartigem Angriff ins Visier ∗∗∗ --------------------------------------------- Die Hintermänner programmieren die Erpressersoftware in Java. Die Verteilung erfolgt über eine Java-Image-Datei. Sicherheitsforschern zufolge hilft das Vorgehen bei der Verschleierung der Aktivitäten der Malware. --------------------------------------------- https://www.zdnet.de/88380548/ransomware-nimmt-windows-und-linux-systeme-mi… ===================== = Vulnerabilities = ===================== ∗∗∗ Security: Sicherheitslücken betreffen praktisch alle Qnap-NAS-Systeme ∗∗∗ --------------------------------------------- Gleich drei Security-Probleme sind von Qnap gemeldet worden. Das Unternehmen rät zu einem sofortigen Update des Betriebssystems. --------------------------------------------- https://www.golem.de/news/security-sicherheitsluecken-betreffen-praktisch-a… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (bind, firefox, and freerdp), Debian (netqmail and python-django), Fedora (cacti, cacti-spine, dbus, firefox, gjs, mbedtls, mozjs68, and perl), Oracle (freerdp and kernel), Scientific Linux (bind and firefox), Slackware (mozilla), SUSE (krb5-appl, libcroco, libexif, libreoffice, libxml2, qemu, transfig, and vim), and Ubuntu (firefox, freerdp, and python-django). --------------------------------------------- https://lwn.net/Articles/822342/ ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4449) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Session is not invalidated After Logout ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-session-is-not-invalidate… ∗∗∗ Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-remote-code-execution-vul… ∗∗∗ Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by multiple vulnerabilities in libssh2 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management… ∗∗∗ Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server that is installed with IBM SPSS Analytic Server (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-c… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4450) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by a vulnerability in libssh2 (CVE-2016-0787) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.06.2020
by Daily end-of-shift report 04 Jun '20

04 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 03-06-2020 18:00 − Donnerstag 04-06-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sophisticated Info-Stealer Targets Air-Gapped Devices via USB ∗∗∗ --------------------------------------------- The newly discovered USBCulprit malware is part of the arsenal of an APT known as Cycldek, which targets government entities. --------------------------------------------- https://threatpost.com/info-stealer-air-gapped-devices-usb/156262/ ∗∗∗ AddTrust: Auswirkungen auf E-Mail-Dienste durch abgelaufenes Zertifkat ∗∗∗ --------------------------------------------- Obwohl das abgelaufene AddTrust-Zwischenzertifikat in erster Linie alte Clients betrifft, kann es durchaus Auswirkungen auf den regulären E-Mail-Betrieb haben. --------------------------------------------- https://heise.de/-4774588 ∗∗∗ Bekannte stecken coronabedingt im Ausland und brauchen Geld? ∗∗∗ --------------------------------------------- Kriminelle nützen gehackte E-Mail-Accounts, übernommene Facebook-Konten und Ähnliches, um ihren Opfern Geld aus der Tasche zu ziehen. So kann es passieren, dass Sie scheinbar von einer guten Freundin oder einem guten Freund eine Nachricht bekommen. Diese säßen im Ausland fest und könnten wegen Covid-19 nicht zurück nach Hause kommen. Um ihnen zu helfen, sollen Sie ihnen Geld per Bargeldtransferdienst schicken. Vorsicht: es handelt sich um einen Betrugsversuch! --------------------------------------------- https://www.watchlist-internet.at/news/bekannte-stecken-coronabedingt-im-au… ===================== = Vulnerabilities = ===================== ∗∗∗ Updates für IOS, NX-OS und Co. – Cisco flickt seine Netzwerkbetriebssysteme ∗∗∗ --------------------------------------------- Ein ganzes Bündel frisch veröffentlichter Updates behebt zahlreiche Sicherheitsprobleme, von denen viele als "High" bis "Critical" eingestuft wurden. --------------------------------------------- https://heise.de/-4774667 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr), Fedora (firefox and prboom-plus), Oracle (bind), Red Hat (firefox), and SUSE (osc). --------------------------------------------- https://lwn.net/Articles/822220/ ∗∗∗ MISP 2.4.126 released (Spring release edition) ∗∗∗ --------------------------------------------- [...] This version includes a security fix and various quality of life improvements.Security fix - fixed XSSFixed a persistent XSS (CVE-2020-13153) that could be triggered by correlating an attribute via the freetext import tool with an attribute that contains a javascript payload in the comment field. --------------------------------------------- https://www.misp-project.org/2020/06/04/MISP.2.4.126.released.html ∗∗∗ HPESBHF04005 rev.1 - HPE Edgeline EL300 Converged Edge System Running HPE Integrated System Manager (iSM), Remote Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ GnuTLS: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0532 ∗∗∗ Services - Moderately critical - Access bypass - SA-CONTRIB-2020-022 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2020-022 ∗∗∗ Security Bulletin: IBM QRadar is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2020-4509) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-is-vulnerable-… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services v2.1.1 (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OS Command Injection vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: A vulnerability in Python affects IBM Cloud App Management (CVE-2020-8492) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-python… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: A vulnerability in Apache CXF affects IBM Cloud App Management (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Use of a Broken or Risky Cryptographic Algorithm vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Three vulnerabilities in Nimbus JOSE+JWT affect IBM Spectrum Conductor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-three-vulnerabilities-in-… ∗∗∗ Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php ∗∗∗ Cayin Content Management Server 11.0 Root Remote Command Injection ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php ∗∗∗ Cayin Signage Media Player 3.0 Root Remote Command Injection ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5569.php -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.06.2020
by Daily end-of-shift report 03 Jun '20

03 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 02-06-2020 18:00 − Mittwoch 03-06-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Mukashi malware: What it is, how it works and how to prevent it | Malware spotlight ∗∗∗ --------------------------------------------- Learning from the past can be an important part of future success in any endeavor, including cyberattacks. Attack groups observe this concept and apply it when they create new attack campaigns before they are released into the wild. Mukashi is an example of a malware that uses what has worked well for attackers in [...] --------------------------------------------- https://resources.infosecinstitute.com/mukashi-malware-what-it-is-how-it-wo… ∗∗∗ System Takeover Through New SAP ASE Vulnerabilities ∗∗∗ --------------------------------------------- Organizations often store their most critical data in databases, which, in turn, are often necessarily exposed in untrusted or publicly exposed environments. This makes vulnerabilities like these essential to address and test quickly since they not only threaten the data in the database but potentially the full host that it is running on. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/system-take… ∗∗∗ Jetzt patchen! Weltweit immer noch mehr als 1 Millionen Exim-Server attackierbar ∗∗∗ --------------------------------------------- Die National Security Agency (NSA) warnt vor Attacken auf Exim-Mailserver. Sicherheitsupdates sind schon länger verfügbar. --------------------------------------------- https://heise.de/-4772712 ∗∗∗ Large Scale Attack Campaign Targets Database Credentials ∗∗∗ --------------------------------------------- Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files. The peak of this attack campaign occurred on May 30, 2020. At this point, attacks from this campaign accounted for 75% of all attempted exploits of [...] --------------------------------------------- https://www.wordfence.com/blog/2020/06/large-scale-attack-campaign-targets-… ∗∗∗ Zahlreiche China-Shops werben auf Facebook mit günstiger Damenmode ∗∗∗ --------------------------------------------- Das Unternehmen „Chicv International Holding Limited“ ist schon länger bekannt, da es für zahlreiche Online-Shops verantwortlich ist. Laut Erfahrungsberichten von KonsumentInnen treffen die bestellten Produkte von diesen Shops – wenn überhaupt – sehr spät ein. Sind die Waren schließlich angekommen, zeigt sich schnell, dass diese nichts mit den Bildern und Beschreibungen im Online-Shop zu tun haben. --------------------------------------------- https://www.watchlist-internet.at/news/zahlreiche-china-shops-werben-auf-fa… ∗∗∗ Sophos Web Appliance: Certificate validation failed for sites signed by Sectigo root CA ∗∗∗ --------------------------------------------- Websites that are signed by Sectigo root CA may fail to connect and a certificate validation failed due to certificate AddTrust External CA Root expired on May 30th 2020. --------------------------------------------- https://community.sophos.com/kb/en-US/135544 ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates: Firefox und Tor Browser könnten private Schlüssel leaken ∗∗∗ --------------------------------------------- Mehrere Sicherheitslücken in den Webbrowsern Firefox, Firefox ESR und Tor Browser gefährden Computer. --------------------------------------------- https://heise.de/-4772615 ∗∗∗ Vulnerability Spotlight: Two vulnerabilities in Zoom could lead to code execution ∗∗∗ --------------------------------------------- Cisco Talos recently discovered two vulnerabilities in the popular Zoom video chatting application that could allow a malicious user to execute arbitrary code on victims’ machines. --------------------------------------------- https://blog.talosintelligence.com/2020/06/vuln-spotlight-zoom-code-executi… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (java-11-openjdk, perl-Email-MIME, perl-Email-MIME-ContentType, and slurm), openSUSE (imapfilter, mailman, and python-rpyc), Red Hat (bind and firefox), SUSE (evolution-data-server, python, qemu, and w3m), and Ubuntu (python-django). --------------------------------------------- https://lwn.net/Articles/822136/ ∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200603-… ∗∗∗ Security Advisory - Improper Handling of Exceptional Condition Vulnerability in Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200603-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by Use of Hard-Coded Credentials vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Improper Access Control vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Hard-coded passwords vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OS Command Injection vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2020-4303, CVE-2020-4304) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: The vanruability (net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact) found Network Performance Insight (CVE-2019-17571) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-the-vanruability-net-sf-e… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ June 2, 2020 TNS-2020-04 [R1] Nessus Network Monitor 5.11.1 Fixes One Third-party Vulnerability ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2020-04 ∗∗∗ docker: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0524 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.06.2020
by Daily end-of-shift report 02 Jun '20

02 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 29-05-2020 18:00 − Dienstag 02-06-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Critical Exim bugs being patched but many servers still at risk ∗∗∗ --------------------------------------------- Patching Exim mail servers is not going fast enough and members of the Russian hacker group Sandworm are actively exploiting three critical vulnerabilities that allow executing remote command or code remotely. --------------------------------------------- https://www.bleepingcomputer.com/news/security/critical-exim-bugs-being-pat… ∗∗∗ How to scan email headers for phishing and malicious content ∗∗∗ --------------------------------------------- Phishing emails are one of the most common attack vectors used by cybercriminals. They can be used to deliver a malicious payload or steal user credentials from their target. Spearphishing emails are designed to be more specifically targeted and more believable to their intended victims. By crafting a pretext that is extremely personal to [...] --------------------------------------------- https://resources.infosecinstitute.com/how-to-scan-email-headers-for-phishi… ∗∗∗ In-depth analysis of the new Team9 malware family ∗∗∗ --------------------------------------------- Publicly discovered in late April 2020, the Team9 malware family (also known as ‘Bazar [1]’) appears to be a new malware being developed by the group behind Trickbot. Even though the development of the malware appears to be recent, [...] --------------------------------------------- https://blog.fox-it.com/2020/06/02/in-depth-analysis-of-the-new-team9-malwa… ∗∗∗ Apple schließt kritische Lücke in Anmeldedienst "Sign in with Apple" ∗∗∗ --------------------------------------------- In Apples bequemem Anmeldedienst klaffte eine kritische Sicherheitslücke, mit der sich beliebige Nutzerkonten übernehmen ließen. Sie ist inzwischen geschlossen. --------------------------------------------- https://heise.de/-4770560 ∗∗∗ How I tricked Symantec with a Fake Private Key ∗∗∗ --------------------------------------------- Lately, some attention was drawn to a widespread problem with TLS certificates. Many people are accidentally publishing their private keys. Sometimes they are released as part of applications, in Github repositories or with common filenames on web servers. If a private key is compromised, a certificate authority is obliged to revoke it. The Baseline Requirements – a set of rules that browsers and certificate authorities agreed upon – regulate this and say that in such a case a [...] --------------------------------------------- https://blog.hboeck.de:443/archives/888-How-I-tricked-Symantec-with-a-Fake-… ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Unexpected IP in IP Packet Processing Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass certain security boundaries or cause a denial of service (DoS) condition on an affected device.The vulnerability is due to the affected device unexpectedly decapsulating and processing IP in IP packets that are destined to a locally configured IP address. An attacker could exploit this vulnerability by sending a crafted IP in IP packet to an affected device. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (ant, bind, freerdp, and unbound), CentOS (bind, freerdp, and git), Debian (python-httplib2), Fedora (ant, kernel, sqlite, and sympa), openSUSE (java-11-openjdk and qemu), Oracle (bind), Red Hat (freerdp), Scientific Linux (python-pip and python-virtualenv), Slackware (firefox), SUSE (qemu), and Ubuntu (Apache Ant, ca-certificates, flask, and freerdp2). --------------------------------------------- https://lwn.net/Articles/822036/ ∗∗∗ VMware Cloud Director Vulnerability Has Major Impact for Cloud Providers ∗∗∗ --------------------------------------------- A recently patched vulnerability affecting VMware Cloud Director has a major impact for cloud services providers as it can allow an attacker to take full control of all private clouds hosted on the same infrastructure, cybersecurity firm Citadelo revealed on Monday. --------------------------------------------- https://www.securityweek.com/vmware-cloud-director-vulnerability-has-major-… ∗∗∗ Androids June 2020 Patches Fix Critical RCE Vulnerabilities ∗∗∗ --------------------------------------------- Google has started rolling out the June 2020 security patches for the Android operating system, which address a total of 43 vulnerabilities, including several rated critical. --------------------------------------------- https://www.securityweek.com/androids-june-2020-patches-fix-critical-rce-vu… ∗∗∗ [20200604] - Core - XSS in jQuery.htmlPrefilter ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/816-20200604-core-xss-in-j… ∗∗∗ [20200603] - Core - XSS in com_modules tag options ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/815-20200603-core-xss-in-c… ∗∗∗ [20200605] - Core - CSRF in com_postinstall ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/817-20200605-core-csrf-in-… ∗∗∗ [20200602] - Core - Inconsistent default textfilter settings ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/814-20200602-core-inconsis… ∗∗∗ [20200601] - Core - XSS in modules heading tag option ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/813-20200601-core-xss-in-m… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Spectrum Conductor and IBM Spectrum Conductor with Spark ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: CVE-2019-4667 Lack of Built in HSTS option ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4667-lack-of-bui… ∗∗∗ Security Bulletin: Vulnerabilities in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager (CVE-2019-18348) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-open-s… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor and IBM Spectrum Conductor with Spark ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-c… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2020 – Includes Oracle Jan 2020 CPU minus CVE-2020-2585, CVE-2020-2654, and CVE-2020-2590 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-… ∗∗∗ Security Bulletin: WebSphere liberty is vulnerable to a DOS (CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-is-vuln… ∗∗∗ Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server Liberty (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-c… ∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-wo… ∗∗∗ NTP vulnerability CVE-2020-11868 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K44305703?utm_source=f5support&utm_mediu… ∗∗∗ PEPPERL+FUCHS, PACTware: Two password vulnerabilities found ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-017 ∗∗∗ PHOENIX CONTACT FL MGUARD, TC MGUARD, TC ROUTER and TC CLOUD CLIENT: PPPD vulnerable to CVE-2020-8597 ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-018 ∗∗∗ Red Hat OpenShift Application Runtimes: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0516 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.05.2020
by Daily end-of-shift report 29 May '20

29 May '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 28-05-2020 18:00 − Freitag 29-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ 200K sites with buggy WordPress plugin exposed to wipe attacks ∗∗∗ --------------------------------------------- Two high severity security vulnerabilities found in the PageLayer plugin can let attackers to potentially wipe the contents or take over WordPress sites using vulnerable plugin versions. --------------------------------------------- https://www.bleepingcomputer.com/news/security/200k-sites-with-buggy-wordpr… ∗∗∗ Sicherheit: OpenSSH kündigt RSA mit SHA-1 ab ∗∗∗ --------------------------------------------- Obwohl SHA-1 angreifbar ist, kommt es immer noch häufig zum Einsatz. Auch bei SSH. Das soll sich ändern. --------------------------------------------- https://www.golem.de/news/sicherheit-openssh-kuendigt-rsa-mit-sha-1-an-2005… ∗∗∗ Inside the Hoaxcalls Botnet: Both Success and Failure ∗∗∗ --------------------------------------------- The DDoS group sets itself apart by using exploits -- but it doesnt always pan out. --------------------------------------------- https://threatpost.com/inside-hoaxcalls-botnet-success-failure/156107/ ∗∗∗ Goodbye Mworm, Hello Nworm: TrickBot Updates Propagation Module ∗∗∗ --------------------------------------------- TrickBot, one of the most commonly distributed malwares used in phishing emails, just updated its mworm module, making it harder to detect. --------------------------------------------- https://unit42.paloaltonetworks.com/goodbye-mworm-hello-nworm-trickbot-upda… ∗∗∗ Kaspersky warnt vor Angriffen auf deutsche Industrieunternehmen ∗∗∗ --------------------------------------------- Sie richten sich gegen die Lieferkette. Neben Deutschland sind auch Großbritannien und Japan betroffen. Die unbekannten Täter greifen Firmen mit maßgeschneiderten Phishing-Mails an und schleusen eine Malware ein, die Authentifizierungsdaten für Windows-Konten stiehlt. --------------------------------------------- https://www.zdnet.de/88380387/kaspersky-warnt-vor-angriffen-auf-deutsche-in… ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2020-0011 ∗∗∗ --------------------------------------------- VMware ESXi, Workstation, Fusion, VMware Remote Console and Horizon Client updates address multiple security vulnerabilities (CVE-2020-3957, CVE-2020-3958, CVE-2020-3959) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0011.html ∗∗∗ VMSA-2020-0007.1 ∗∗∗ --------------------------------------------- VMware vRealize Log Insight addresses Cross Site Scripting (XSS) and Open Redirect vulnerabilities (CVE-2020-3953, CVE-2020-3954) [...] 5. Change log 2020-04-14 VMSA-2020-0007 Initial security advisory. 2020-05-28: VMSA-2020-0007.1 It was determined that the fixes for CVE-2020-3953 included in 8.1.0 were not complete. This has been corrected in the 8.1.1 release. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0007.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libexif and tomcat8), Fedora (python38), openSUSE (libxslt), Oracle (git), Red Hat (bind, freerdp, and git), Scientific Linux (git), SUSE (qemu and tomcat), and Ubuntu (apt, json-c, kernel, linux, linux-raspi2, linux-raspi2-5.3, and openssl). --------------------------------------------- https://lwn.net/Articles/821794/ ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: Reverse tabnabbing vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4490 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-reverse-tabnabbing-vulner… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM MQ for HPE NonStop Server is affected by vulnerability CVE-2020-4352 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-se… ∗∗∗ Security Bulletin: IBM Planning Analytics has addressed multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-ha… ∗∗∗ Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0514 ∗∗∗ Red Hat Enterprise Linux: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0513 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.05.2020
by Daily end-of-shift report 28 May '20

28 May '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 27-05-2020 18:00 − Donnerstag 28-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ New Octopus Scanner malware spreads via GitHub supply chain attack ∗∗∗ --------------------------------------------- Security researchers have found a new malware that finds and backdoors open-source NetBeans projects hosted on the GitHub web-based code hosting platform to spread to Windows, Linux, and macOS systems and deploy a Remote Administration Tool (RAT). --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-octopus-scanner-malware-… ∗∗∗ The zero-day exploits of Operation WizardOpium ∗∗∗ --------------------------------------------- Back in October 2019 we detected a classic watering-hole attack that exploited a chain of Google Chrome and Microsoft Windows zero-days. In this blog post we’d like to take a deep technical dive into the attack. --------------------------------------------- https://securelist.com/the-zero-day-exploits-of-operation-wizardopium/97086/ ∗∗∗ Inside a ransomware gang’s attack toolbox ∗∗∗ --------------------------------------------- Ransomwares changed a lot over the years - heres a peek into a criminal gangs current toolbox [...] --------------------------------------------- https://nakedsecurity.sophos.com/2020/05/28/inside-a-ransomware-gangs-attac… ∗∗∗ NetWalker Ransomware – What You Need to Know ∗∗∗ --------------------------------------------- What is NetWalker? NetWalker (also known as Mailto) is the name given to a sophisticated family of Windows ransomware that has targeted corporate computer networks, encrypting the files it finds, and demanding that a cryptocurrency payment is made for the safe recovery of the encrypted data. Ransomware is nothing new. Why should I particularly care [...] --------------------------------------------- https://www.tripwire.com/state-of-security/featured/netwalker-ransomware-wh… ∗∗∗ Massenhaft betrügerische DHL-Nachrichten von SMSinfo ∗∗∗ --------------------------------------------- Unzählige Watchlist Internet Leserinnen und Leser melden uns momentan eine gefälschte SMS-Nachricht von DHL. Die Kriminellen geben sich als Versanddienstleister aus und behaupten in der Nachricht von SMSinfo, dass ein Teil der Portokosten fehlen würde. Die Nachricht muss ignoriert werden, denn die Zahlung des verlangten Betrags führt in eine Abo-Falle! --------------------------------------------- https://www.watchlist-internet.at/news/massenhaft-betruegerische-dhl-nachri… ∗∗∗ Microsoft warns about attacks with the PonyFinal ransomware ∗∗∗ --------------------------------------------- PonyFinal infections have been reported in India, Iran, and the US. --------------------------------------------- https://www.zdnet.com/article/microsoft-warns-about-attacks-with-the-ponyfi… ∗∗∗ Cybereason: Valak-Malware greift Unternehmen und den USA und Deutschland an ∗∗∗ --------------------------------------------- In nur sechs Monaten wird aus einem Malware-Loader eine Schadsoftware mit modularer Architektur. Die Verbreitung von Valak erfolgt derzeit über speziell gestaltete Word-Dateien. Das eigentliche Ziel sind Exchange-Server, um E-Mails und Zertifikate zu stehlen. --------------------------------------------- https://www.zdnet.de/88380246/cybereason-valak-malware-greift-unternehmen-u… ===================== = Vulnerabilities = ===================== ∗∗∗ Apple sends out 11 security alerts – get your fixes now! ∗∗∗ --------------------------------------------- Apples current round of updates have been officially anounced in the companys latest Security Advisory emails. --------------------------------------------- https://nakedsecurity.sophos.com/2020/05/27/apple-sends-out-11-security-ale… ∗∗∗ Password Reset Landing Page (PRLP) - Highly critical - Access bypass - SA-CONTRIB-2020-021 ∗∗∗ --------------------------------------------- This module enables you to force a password update when using password reset link. The module doesnt sufficiently validate the login URL allowing a malicious user to use a specially crafted URL to log in as another user. --------------------------------------------- https://www.drupal.org/sa-contrib-2020-021 ∗∗∗ Drupal Commerce - Moderately critical - Access bypass - SA-CONTRIB-2020-020 ∗∗∗ --------------------------------------------- Drupal Commerce is used to build eCommerce websites and applications. Its possible to configure commerce to permit orders by anonymous users. In this configuration, customers who do not choose to create an account upon checkout completion remain anonymous, and the resulting orders are never assigned an [...] --------------------------------------------- https://www.drupal.org/sa-contrib-2020-020 ∗∗∗ SaltStack FrameWork Vulnerabilities Affecting Cisco Products ∗∗∗ --------------------------------------------- On April 29, 2020, the Salt Open Core team notified their community regarding the following two CVE-IDs: CVE-2020-11651: Authentication Bypass Vulnerability CVE-2020-11652: Directory Traversal Vulnerability Cisco Modeling Labs Corporate Edition (CML) and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities. Cisco has released software updates that address these [...] --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (dovecot, dpdk, knot-resolver, and unbound), Mageia (ant, libexif, and php), SUSE (libmspack), and Ubuntu (php5, php7.0, php7.2, php7.3, php7.4 and unbound). --------------------------------------------- https://lwn.net/Articles/821659/ ∗∗∗ SWARCO: Critical Vulnerability in CPU LS4000 ∗∗∗ --------------------------------------------- A critical Vulnerability was found in SWARCO TRAFFIC SYSTEMS CPU LS4000 --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-016 ∗∗∗ ADVISORY: Phish Threat Outlook plugin reporting non-campaign emails are failing to send ∗∗∗ --------------------------------------------- Reporting non-campaign emails (ie spam or actual phishing emails) through the Phish Threat Report Message add-on are not being delivered to the configured administrators. --------------------------------------------- https://community.sophos.com/kb/en-US/135524 ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4233) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4248) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2018-1058, CVE-2018-10936, CVE-2019-9193) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: Vulnerability in the Apache CXF library used in WebSphere Application Server Liberty Core affect CICS Transaction Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-the-apac… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4231) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2019-11729, CVE-2019-11745) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2020-4419) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-af… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4245) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Trend Micro InterScan Web Security Virtual Appliance: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0510 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily