- Daily - CERT.at

Tageszusammenfassung - 13.03.2020
by Daily end-of-shift report 13 Mar '20

13 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 12-03-2020 18:00 − Freitag 13-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware ∗∗∗ --------------------------------------------- The security research team at DomainTools recently observed an uptick in suspicious Coronavirus and COVID-19 domains, leading them to discover CovidLock, a malicious Android App. --------------------------------------------- https://www.domaintools.com/resources/blog/covidlock-mobile-coronavirus-tra… ∗∗∗ mTAN abgefangen: Betrüger räumten Konten in Österreich leer ∗∗∗ --------------------------------------------- Mit SIM-Swapping haben Kriminelle bei Dutzenden Österreichern Geld abgehoben. Nun wurden sie verhaftet. (TAN, Malware) --------------------------------------------- https://www.golem.de/news/mtan-abgefangen-betrueger-raeumten-konten-in-oest… ∗∗∗ Persistent Cross-Site Scripting, the MSSQL Way ∗∗∗ --------------------------------------------- If you save wide Unicode brackets (i.e. ＜＞) into a char or varchar field, MSSQL Server will convert them into HTML brackets (i.e. ). So, ＜img src=x onerror=alert(pxss)＞ will be converted to compliments of the backend DB. This will likely help you sneak past server-side filters, WAFs, etc. and execute a persistent Cross-Site Scripting (PXSS) attack. As a bonus, .NET request validation will not detect it. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/persistent-… ∗∗∗ Tor team warns of Tor Browser bug that runs JavaScript on sites it shouldnt ∗∗∗ --------------------------------------------- Tor team says its working on a fix, but has no timeline. --------------------------------------------- https://www.zdnet.com/article/tor-team-warns-of-tor-browser-bug-that-runs-j… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox, golang-golang-x-crypto, kernel, mbedtls, ppp, and python-django), Debian (slirp and yubikey-val), Fedora (firefox, java-1.8.0-openjdk-aarch32, mbedtls, monit, seamonkey, sympa, and zsh), Gentoo (chromium, e2fsprogs, firefox, groovy, postgresql, rabbitmq-c, ruby, and vim), Mageia (ppp), openSUSE (kernel), and SUSE (glibc, kernel, openstack-manila, php5, and squid). --------------------------------------------- https://lwn.net/Articles/814817/ ∗∗∗ Update - Kritische Sicherheitslücke in Microsoft SMBv3 - Patch und Workarounds verfügbar ∗∗∗ --------------------------------------------- 03. März 2020 Update: 13. März 2020 Beschreibung Microsoft hat außerhalb des monatlichen Patch-Zyklus ein Security Advisory mit Workarounds für eine kritische Sicherheitslücke in Microsoft Server Message Block 3.1.1 (SMBv3) veröffentlicht. CVE-Nummern: CVE-2020-0796 CVSS Base Score: 10.0 (laut CERT/CC) Update: 13. März 2020 Microsoft gibt unter https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020… ebenfalls einen CVSS Base Score --------------------------------------------- https://cert.at/de/warnungen/2020/3/kritische-sicherheitslucke-in-microsoft… ∗∗∗ Security Bulletin: PowerVC is impacted by information leakage from nova APIs during external exception (CVE-2019-14433) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-powervc-is-impacted-by-in… ∗∗∗ Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-… ∗∗∗ Security Bulletin: Content Collector for Email is affected by a 3RD PARTY Path Traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-ema… ∗∗∗ Security Bulletin: Content Collector for Email is affected by a cross-site scripting vulnerability in WebSphere Application Server Admin Console ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-ema… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect Snapshot for VMware (CVE-2019-2989) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: A vulnerability in Python affects IBM Operations Analytics Predictive Insights (CVE-2019-18348) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-python… ∗∗∗ Security Bulletin: Content Collector for Email is affected by a File traversal vulnerability in WebSphere Application Server Admin Console ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-ema… ∗∗∗ Security Bulletin: Content Collector for Email is affected by a Information disclosure vulnerability in WebSphere Application Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-ema… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for ACH Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ VMSA-2020-0004 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0004.html ∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0228 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.03.2020
by Daily end-of-shift report 12 Mar '20

12 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 11-03-2020 18:00 − Donnerstag 12-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Prenotification Security Advisory for Adobe Acrobat and Reader ∗∗∗ --------------------------------------------- Adobe is planning to release security updates for Adobe Acrobat and Reader for Windows and macOS on Tuesday, March 17, 2020. --------------------------------------------- https://helpx.adobe.com/security/products/acrobat/apsb20-13.html ∗∗∗ Live Coronavirus Map Used to Spread Malware ∗∗∗ --------------------------------------------- Cybercriminals constantly latch on to news items that captivate the publics attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software. --------------------------------------------- https://krebsonsecurity.com/2020/03/live-coronavirus-map-used-to-spread-mal… ===================== = Vulnerabilities = ===================== ∗∗∗ Achtung: Sicherheitspatch gegen kritische SMBv3-Lücke jetzt verfügbar ∗∗∗ --------------------------------------------- Gegen die kritische Windows-Sicherheitslücke CVE-2020-0796 gibt es jetzt einen Patch von Microsoft. Admins sollten ihre Systeme möglichst sofort akualisieren.. --------------------------------------------- https://heise.de/-4681993 ∗∗∗ Flaws Riddle Zyxel’s Network Management Software ∗∗∗ --------------------------------------------- Over 16 security flaws, including multiple backdoors and hardcoded SSH server keys, plague the software. --------------------------------------------- https://threatpost.com/flaws-zyxels-network-management-software/153554/ ∗∗∗ Vulnerabilities Patched in Popup Builder Plugin Affecting over 100,000 Sites ∗∗∗ --------------------------------------------- On March 4th, our Threat Intelligence team discovered several vulnerabilities in Popup Builder, a WordPress plugin installed on over 100,000 sites. One vulnerability allowed an unauthenticated attacker to inject malicious JavaScript into any published popup, which would then be executed whenever the popup loaded. .. We highly recommend updating to the latest version, 3.64.1, immediately. --------------------------------------------- https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-popup-bui… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel), Debian (dojo, firefox-esr, sleuthkit, and wpa), Fedora (cacti, cacti-spine, and python-psutil), Oracle (kernel), Red Hat (kernel), Scientific Linux (kernel), SUSE (ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, ...), Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/814652/ ∗∗∗ ABB eSOMS ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-072-01 ∗∗∗ ABB Asset Suite ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-072-02 ∗∗∗ Rockwell Automation Allen-Bradley Stratix 5950 ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-072-03 ∗∗∗ XSS vulnerability in the FortiManager via the buffer parameter ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-19-271 ∗∗∗ Information disclosure through diagnose debug commands in FortiWeb ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-19-269 ∗∗∗ XSS Vulnerability in Disclaimer Description of a Replacement Message in FortiWeb ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-20-001 ∗∗∗ Unquoted Service Path exploit in FortiClient ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-19-281 ∗∗∗ Authorizations Bypass in the FortiPresence portal parameters ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-19-258 ∗∗∗ XSS vulnerability in the URL Description of URL filter ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-19-270 ∗∗∗ XSS vulnerability in the Anomaly Detection Parameter Name ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-19-265 ∗∗∗ FortiSIEM is vulnerable to a CSRF attack ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/ FG-IR-19-240 ∗∗∗ Security Advisory - Out of Bounds Read Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200311-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200311-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200311-… ∗∗∗ Security Advisory - Improper Integrity Checking Vulnerability on some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200311-… ∗∗∗ Security Bulletin: Vulnerability from Apache HttpClient affects IBM Cloud Pak System (CVE-2012-5783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-from-apache… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in HTTP/2 implementation used by Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: An information disclosure security vulnerability has been identified with the embedded Content Navigator component shipped with IBM Business Automation Workflow (CVE-2019-4679) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-an-information-disclosure… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.03.2020
by Daily end-of-shift report 11 Mar '20

11 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 10-03-2020 18:00 − Mittwoch 11-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ LVI Attacks: New Intel CPUs Vulnerability Puts Data Centers At Risk ∗∗∗ --------------------------------------------- Tracked as CVE-2020-0551, dubbed "Load Value Injection in the Line Fill Buffers" or LVI-LFB for short, the new speculative-execution attack could let a less privileged attacker steal sensitive information—encryption keys or passwords—from the protected memory and subsequently, take significant control over a targeted system. --------------------------------------------- https://thehackernews.com/2020/03/intel-load-value-injection.html ∗∗∗ Forthcoming OpenSSL release ∗∗∗ --------------------------------------------- The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1e. This release will be made available on Tuesday 17th March 2020 between 1300-1700 UTC. This will contain one LOW severity fix for CVE-2019-1551 --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2020-March/000166.html ∗∗∗ A new and advanced Rowhammer-based attack on DDR4 memory ∗∗∗ --------------------------------------------- A new and advanced Rowhammer-based attack on DDR4 memory was announced on March 10, 2020. (CVE-2020-10255) The attack has been shown to cause memory corruption in lab environments. --------------------------------------------- https://www.ibm.com/blogs/psirt/a-new-and-advanced-rowhammer-based-attack-o… ∗∗∗ Klicken Sie keine Links und Anhänge in E-Mails an! ∗∗∗ --------------------------------------------- „Ihr PayPal-Konto wurde eingeschränkt! … Öffnen Sie die Anhangsdatei, um Ihre Einschränkung aufzuheben!“ Diese Nachricht landet derzeit in zahlreichen E-Mail-Postfächern. Die Datei im Anhang enthält Schadsoftware, die Links führen auf Phishing-Seiten mit denen Zugangsdaten ausspioniert werden sollen. Schützen kann man sich nur, indem man nichts anklickt, sondern sich auf anderen Wegen informiert, ob die E-Mail echt sein kann. --------------------------------------------- https://www.watchlist-internet.at/news/klicken-sie-keine-links-und-anhaenge… ∗∗∗ Microsoft orchestrates coordinated takedown of Necurs botnet ∗∗∗ --------------------------------------------- Microsoft and partners in 35 countries move to bring down Necurs, todays largest malware botnet. --------------------------------------------- https://www.zdnet.com/article/microsoft-orchestrates-coordinated-takedown-o… ===================== = Vulnerabilities = ===================== ∗∗∗ Kritische Sicherheitslücke in Microsoft SMBv3 - Workarounds verfügbar ∗∗∗ --------------------------------------------- Microsoft hat außerhalb des monatlichen Patch-Zyklus ein Security Advisory mit Workarounds für eine kritische Sicherheitslücke in Microsoft Server Message Block 3.1.1 (SMBv3) veröffentlicht. ... Die Lücke kann über das Netzwerk ausgenützt werden und ermöglicht die Ausführung von beliebigen Befehlen mit SYSTEM Rechten. --------------------------------------------- https://cert.at/de/warnungen/2020/3/kritische-sicherheitslucke-in-microsoft… ∗∗∗ IPAS: Security Advisories for March 2020 ∗∗∗ --------------------------------------------- Hi everyone, It’s the second Tuesday in March 2020 and today we released 9 security advisories. For full details on these advisories, please visit the Intel Security Center. --------------------------------------------- https://blogs.intel.com/technology/2020/03/ipas-security-advisories-for-mar… ∗∗∗ SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-006 ∗∗∗ --------------------------------------------- This module enables you to authenticate Drupal users using an external SAML Identity Provider. If the site is configured to allow visitors to register for user accounts but administrator approval is required, the module doesnt sufficiently enforce the administrative approval requirement, in the case where the requesting user has already authenticated through SAML. --------------------------------------------- https://www.drupal.org/sa-contrib-2020-006 ∗∗∗ Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage ∗∗∗ --------------------------------------------- Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This months Patch Tuesday covers 117 vulnerabilities, 25 of which are considered critical. There is also one moderate vulnerability and 91 that are considered important. --------------------------------------------- https://blog.talosintelligence.com/2020/03/microsoft-patch-tuesday-march-20… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (qemu-kvm and sudo), Debian (chromium), Mageia (gpac, libseccomp, and tomcat), openSUSE (gd and postgresql10), Oracle (qemu-kvm), Red Hat (chromium-browser), Scientific Linux (qemu-kvm), Slackware (firefox), and SUSE (ipmitool, java-1_7_0-openjdk, librsvg, and tomcat). --------------------------------------------- https://lwn.net/Articles/814574/ ∗∗∗ Synology-SA-20:03 Kr00k ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to obtain sensitive information via a susceptible version of Synology Router Manager (SRM) that is equipped with Broadcom BCM43460. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_03 ∗∗∗ MISP 2.4.123 released (aka the dashboard and security fix release) ∗∗∗ --------------------------------------------- A new version of MISP (2.4.123) has been released. This version includes various security related fixed, and a new Dashboard system. --------------------------------------------- https://www.misp-project.org/2020/03/10/MISP.2.4.123.released.html ∗∗∗ Credential Disclosure in WatchGuard Fireware AD Helper Component ∗∗∗ --------------------------------------------- RedTeam Pentesting discovered a credential-disclosure vulnerability in the AD Helper component of the WatchGuard Fireware Threat Detection and Response (TDR) service, which allows unauthenticated attackers to gain Active Directory credentials for a Windows domain in plaintext. --------------------------------------------- https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-001/ ∗∗∗ Johnson Controls Kantech EntraPass ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-070-04 ∗∗∗ Johnson Controls Metasys ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-070-05 ∗∗∗ Rockwell Automation MicroLogix Controllers and RSLogix 500 Software ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-070-06 ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-202003116… ∗∗∗ Security Bulletin: IBM InfoSphere Governance Catalog is affected by a cross-site scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-governance… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (August 2019 CPU) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Linux kernel vulnerability CVE-2019-19072 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42438635 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.03.2020
by Daily end-of-shift report 10 Mar '20

10 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Montag 09-03-2020 18:00 − Dienstag 10-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Microsoft Exchange Server Flaw Exploited in APT Attacks ∗∗∗ --------------------------------------------- The vulnerability in question (CVE-2020-0688) exists in the control panel of Exchange, Microsoft’s mail server and calendaring server, and was fixed as part of Microsoft’s February Patch Tuesday updates. However, researchers in a Friday advisory said that unpatched servers are being exploited in the wild by unnamed advanced persistent threat (APT) actors. --------------------------------------------- https://threatpost.com/microsoft-exchange-server-flaw-exploited-in-apt-atta… ∗∗∗ Variant of Paradise Ransomware Targets Office IQY Files ∗∗∗ --------------------------------------------- A new variant of the Paradise ransomware attacks rarely-targeted Microsoft Office Excel IQY files, providing a new and relatively inobtrusive way to infiltrate and hijack an organization’s network, researchers have found. --------------------------------------------- https://threatpost.com/variant-of-paradise-ransomware-targets-office-iqy-fi… ∗∗∗ How poor IoT security is allowing this 12-year-old malware to make a comeback ∗∗∗ --------------------------------------------- Conficker peaked in 2009, but unsupported connected devices are allowing it to spread in 2020 - and the healthcare sector is where its infected the most targets. --------------------------------------------- https://www.zdnet.com/article/how-poor-iot-security-is-allowing-this-ten-ye… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libvpx and network-manager-ssh), Fedora (cacti, cacti-spine, and podman), openSUSE (chromium and python-bleach), Oracle (curl), Red Hat (ansible and qemu-kvm), SUSE (gd, ipmitool, and php7), and Ubuntu (runc and sqlite3). --------------------------------------------- https://lwn.net/Articles/814493/ ∗∗∗ MISP: Mehrere Schwachstellen ermöglichen Cross-Site Scripting ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in MISP ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0206 ∗∗∗ SAP Security Patch Day – March 2020 ∗∗∗ --------------------------------------------- On 10th of March 2020, SAP Security Patch Day saw the release of 16 Security Notes. There are 2 updates to previously released Patch Day Security Notes. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305 *** Joomla Security Updates (Severity: low) *** --------------------------------------------- ∗ [20200306] - Core - SQL injection in Featured Articles menu parameters https://developer.joomla.org/security-centre/807-20200306-core-sql-injectio… ∗ [20200304] - Core - Identifier collisions in com_users https://developer.joomla.org/security-centre/805-20200304-core-identifier-c… ∗ [20200305] - Core - Incorrect Access Control in com_fields SQL field https://developer.joomla.org/security-centre/806-20200305-core-incorrect-ac… ∗ [20200303] - Core - Incorrect Access Control in com_templates https://developer.joomla.org/security-centre/804-20200303-core-incorrect-ac… ∗ [20200302] - Core - XSS in Protostar and Beez3 https://developer.joomla.org/security-centre/803-20200302-core-xss-in-proto… ∗ [20200301] - Core - CSRF in com_templates image actions https://developer.joomla.org/security-centre/802-20200301-core-csrf-in-com-… ∗∗∗ TYPO3-EXT-SA-2020-003: Multiple vulnerabilities in extension "Magalone Flipbook for TYPO3" (magaloneflipbook) ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2020-003 ∗∗∗ TYPO3-EXT-SA-2020-002: Remote Code Execution in extension "PHPUnit" (phpunit) ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2020-002 ∗∗∗ TYPO3-EXT-SA-2020-001: SQL Injection in extension "phpmyadmin" (phpmyadmin) ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2020-001 ∗∗∗ SSA-938930: Cross-Site Scripting Vulnerability in Spectrum Power™ 5 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-938930.txt ∗∗∗ SSA-508982: Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-508982.txt ∗∗∗ SSA-844761: Multiple Vulnerabilities in CCS, FTP and Streaming Services of SiNVR Video Management Solution ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-844761.txt ∗∗∗ Security Bulletin: Vulnerability in DCNM Network Management Software used by IBM c-type SAN directors and switches. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-dcnm-net… ∗∗∗ Security Bulletin: Vulnerability in DCNM Network Management Software used by IBM c-type SAN directors and switches. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-dcnm-net… ∗∗∗ Security Bulletin: An information disclosure vulnerability has been identified with the embedded Content Platform Engine component shipped with IBM Business Automation Workflow (CVE-2019-4572) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-an-information-disclosure… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2019 – Includes Oracle Oct 2019 CPU minus CVE-2019-2949 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: IBM Workload scheduler 9.3 vulnerable to CVE-2019-4608 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-workload-scheduler-9-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.03.2020
by Daily end-of-shift report 09 Mar '20

09 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 06-03-2020 18:00 − Montag 09-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Data-Stealing FormBook Malware Preys on Coronavirus Fears ∗∗∗ --------------------------------------------- Another email campaign pretending to be Coronavirus (COVID-19) information from the World Health Organization (WHO) is distributing a malware downloader that installs the FormBook information-stealing Trojan. --------------------------------------------- https://www.bleepingcomputer.com/news/security/data-stealing-formbook-malwa… ∗∗∗ Neue CPU-Sicherheitslücke in AMD-Prozessoren laut AMD gar nicht neu ∗∗∗ --------------------------------------------- Sicherheitsforscher haben laut eigenen Angaben neue Sicherheitslücken in AMDs Prozessoren gefunden – unter anderem Ryzen und Epyc sollen betroffen sein. --------------------------------------------- https://heise.de/-4678823 ∗∗∗ Inkassoschreiben über 516,24 Euro müssen nicht bezahlt werden ∗∗∗ --------------------------------------------- Aktuell werden vermehrt Mahnungen und Zahlungsaufforderungen von angeblichen Inkassobüros für Abos bei Streamingdiensten ausgesendet. Die gute Nachricht: Zahlen Sie nicht! Die schlechte Nachricht: Es wird nicht die letzte Zahlungsaufforderung gewesen sein. --------------------------------------------- https://www.watchlist-internet.at/news/inkassoschreiben-ueber-51624-euro-mu… ===================== = Vulnerabilities = ===================== ∗∗∗ Google Authenticator: 2FA-Codes lassen sich einfach abgreifen ∗∗∗ --------------------------------------------- Google Authenticator, Microsoft Authenticator und etliche andere Apps zur Zwei-Faktor-Authentifizierung haben keinen Schutz vor Screenshots eingerichtet. Eine Schadsoftware soll dies bereits ausnutzen. --------------------------------------------- https://www.golem.de/news/google-authenticator-2fa-codes-lassen-sich-einfac… ∗∗∗ Talos Vulnerability Spotlight: WAGO products contain remote code execution, other vulnerabilities ∗∗∗ --------------------------------------------- Cisco Talos recently discovered several vulnerabilities in multiple products from the company WAGO. WAGO produces a line of automation software called “e!COCKPIT,” an integrated development environment that aims to speed up automation tasks and machine and system startup. --------------------------------------------- https://blog.talosintelligence.com/2020/03/wago-vulnerability-spotlight-mar… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (seamonkey), Mageia (apache-mod_auth_openidc, binutils, chromium-browser-stable, dojo, firejail, gcc, glib2.0, glibc, http-parser, ilmbase, libarchive, libgd, libsolv, mbedtls, pcre, pdfresurrect, php, proftpd, pure-ftpd, python-bleach, ruby-rake, transfig, weechat, and xen), openSUSE (chromium, ovmf, python-bleach, and yast2-rmt), Oracle (curl, http-parser, kernel, sudo, and xerces-c), Red Hat (chromium-browser and kernel-alt) [...] --------------------------------------------- https://lwn.net/Articles/814371/ ∗∗∗ Security Bulletin: Stack is displayed in WebSphere Application Server (CVE-2019-4441) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-stack-is-displayed-in-web… ∗∗∗ Security Bulletin: Vulnerability in Node.js affects IBM App Connect Enterprise V11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-node-js-… ∗∗∗ Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable to Apache Commons Beanutils in WebSphere Application Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-atlas-ediscovery-process-… ∗∗∗ Security Bulletin: Cookie created without secure flag WAS Liberty (CVE-2019-4305) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cookie-created-without-se… ∗∗∗ Security Bulletin: 3RD PARTY Stored Cross-Site Scripting in Tivoli Application Dependency Discovery Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-3rd-party-stored-cross-si… ∗∗∗ Security Bulletin: Bypass security restrictions in WAS Liberty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-bypass-security-restricti… ∗∗∗ Security Bulletin: [All] Python (Publicly disclosed vulnerability) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-all-python-publicly-discl… ∗∗∗ Security Bulletin: Apache CXF (Publicly disclosed vulnerability) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-publicly-discl… ∗∗∗ Security Bulletin: Python vulnerability in IBM Tivoli Application Dependency Discovery Manager (CVE-2019-16935) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-python-vulnerability-in-i… ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozzila Firefox (less than Firefox 68.4 ESR) have affected Synthetic Playback Agent 8.1.4.0 – 8.1.4 IF10 + ICAM 3.0 – 4.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an attacker can cause a denial of service (CVE-2020-4217) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method ( CVE-2019-14907) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-samba-… ∗∗∗ Apache Tomcat vulnerability CVE-2020-1935 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43709560 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.03.2020
by Daily end-of-shift report 06 Mar '20

06 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 05-03-2020 18:00 − Freitag 06-03-2020 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ PwndLocker Ransomware Gets Pwned: Decryption Now Available ∗∗∗ --------------------------------------------- Emsisoft has discovered a way to decrypt files encrypted by the new PwndLocker Ransomware so that victims can recover their files without paying a ransom. --------------------------------------------- https://www.bleepingcomputer.com/news/security/pwndlocker-ransomware-gets-p… ∗∗∗ Emotet Actively Using Upgraded WiFi Spreader to Infect Victims ∗∗∗ --------------------------------------------- Emotets authors have upgraded the malwares Wi-Fi spreader by making it a fully-fledged module and adding new functionality as shown by multiple samples that were recently delivered to infected devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/emotet-actively-using-upgrad… ∗∗∗ Security: Das Intel-ME-Chaos kommt ∗∗∗ --------------------------------------------- Bis zum Chaos sei es nur eine Frage der Zeit, schreiben die ME-Hacker. Intel versucht, das zu verschweigen, und kann das Security-Theater eigentlich auch gleich sein lassen. --------------------------------------------- https://www.golem.de/news/security-das-intel-me-chaos-kommt-2003-147099-rss… ∗∗∗ Lets Encrypt: OK, maybe nuking three million HTTPS certs at once was a tad ambitious. Lets take time out ∗∗∗ --------------------------------------------- Lets Encrypt has halted its plans to cancel all three million flawed web security certificates – after fearing the super-revocation may effectively break a chunk of the internet for netizens. --------------------------------------------- https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/05/lets_enc… ∗∗∗ NCSC Releases Advisory on Securing Internet-Connected Cameras ∗∗∗ --------------------------------------------- The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an advisory on securing internet-connected cameras such as smart security cameras and baby monitors. An attacker could gain access to unsecured, or poorly secured, internet-connected cameras to obtain live feeds or images.The following steps can help consumers secure their devices. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2020/03/05/ncsc-releases-advi… ∗∗∗ A Safe Excel Sheet Not So Safe ∗∗∗ --------------------------------------------- I discovered a nice sample yesterday. This excel sheet was found in a mail flagged as “suspicious” by a security appliance. The recipient asked to release the mail from the quarantine because “it was sent from a known contact”. Before releasing such a mail from the quarantine, the process in place is to have a quick look at the file to ensure that it is safe to be released. --------------------------------------------- https://isc.sans.edu/forums/diary/A+Safe+Excel+Sheet+Not+So+Safe/25868/ ===================== = Vulnerabilities = ===================== ∗∗∗ WAGO I/O-CHECK ∗∗∗ --------------------------------------------- This advisory contains mitigations for information exposure through sent data, buffer access with incorrect length value, missing authentication for critical function, and classic buffer overflow vulnerabilities in the WAGO I/O CHECK software. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-065-01 ∗∗∗ Critical Zoho Zero-Day Flaw Disclosed ∗∗∗ --------------------------------------------- A Zoho zero day vulnerability and proof of concept (PoC) exploit code was disclosed on Twitter. --------------------------------------------- https://threatpost.com/critical-zoho-zero-day-flaw-disclosed/153484/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, opensc, opensmtpd, and weechat), Debian (jackson-databind and pdfresurrect), Fedora (sudo), openSUSE (openfortivpn and squid), Red Hat (virt:8.1 and virt-devel:8.1), Scientific Linux (http-parser and xerces-c), and SUSE (gd, kernel, postgresql10, and tomcat). --------------------------------------------- https://lwn.net/Articles/814035/ ∗∗∗ Synology-SA-20:02 ppp ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of DiskStation Manager (DSM) or Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_02 ∗∗∗ Security Bulletin: Rational Integration Tester HTTP/TCP Proxy component in Rational Test Virtualization Server and Rational Test Workbench affected by Netty vulnerabilities (CVE-2020-7238, CVE-2019-16869, CVE-2019-20445, CVE-2019-20444) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-rational-integration-test… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2019 – Includes Oracle Oct 2019 CPU minus CVE-2019-2949 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: Vulnerability in Curl used in OS image for RedHat Enterprise Linux for Cloud Pak System (CVE-2018-16842) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-curl-use… ∗∗∗ Multiple Vulnerabilities Patched in RegistrationMagic Plugin ∗∗∗ --------------------------------------------- https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.03.2020
by Daily end-of-shift report 05 Mar '20

05 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 04-03-2020 18:00 − Donnerstag 05-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ In eigener Sache: CERT.at sucht Verstärkung (Software Entwickler für Open-Source Projekt, Teil-/Vollzeit) ∗∗∗ --------------------------------------------- Für unser international renommiertes Open-Source Projekt IntelMQ suchen wir eine/n Software Entwickler/in (Teil- oder Vollzeit 25-38,5 Stunden) zum ehestmöglichen Einstieg. Dienstort ist Wien. Details finden sich wie immer auf unserer Jobs-Seite. --------------------------------------------- https://cert.at/de/blog/2020/3/in-eigener-sache-certat-sucht-verstarkung-so… ∗∗∗ Jackpotting malware ∗∗∗ --------------------------------------------- Introduction Jackpotting malware is not well known because it exclusively targets automated teller machines (ATMs). ... In this article, we will examine two of the most widely known types of jackpotting malware, Ploutus and Cutlet Maker. We will also look at the operation of jackpotting malware and provide recommendations on how banks can protect against it. --------------------------------------------- https://resources.infosecinstitute.com/jackpotting-malware/ ∗∗∗ Mokes and Buerak distributed under the guise of security certificates ∗∗∗ --------------------------------------------- We recently discovered a new approach to the well-known distributing malware technique: visitors to infected sites were informed that some kind of security certificate had expired. --------------------------------------------- https://securelist.com/mokes-and-buerak-distributed-under-the-guise-of-secu… ∗∗∗ Guildma – innovativer Bankentrojaner aus Lateinamerika ∗∗∗ --------------------------------------------- Ein in Brasilien weitverbreiteter Bankentrojaner treibt sein Unwesen. Wir haben die Guildma-Malware analysiert und sind dabei auf einige interessante Fakten gestoßen. --------------------------------------------- https://www.welivesecurity.com/deutsch/2020/03/05/guildma-bankentrojaner-la… ∗∗∗ Malicious Chrome extension caught stealing Ledger wallet recovery seeds ∗∗∗ --------------------------------------------- A Chrome extension named Ledger Live was exposed today as malicious. It is currently heavily promoted via Google search ads. --------------------------------------------- https://www.zdnet.com/article/malicious-chrome-extension-caught-stealing-le… ===================== = Vulnerabilities = ===================== ∗∗∗ VU#782301: pppd vulnerable to buffer overflow due to a flaw in EAP packet processing ∗∗∗ --------------------------------------------- Due to a flaw in the Extensible Authentication Protocol (EAP) packet processing in the Point-to-Point Protocol Daemon (pppd), an unauthenticated remote attacker may be able to cause a stack buffer overflow, which may allow arbitrary code execution on the target system. --------------------------------------------- https://kb.cert.org/vuls/id/782301 ∗∗∗ SVG Formatter - Critical - Cross site scripting - SA-CONTRIB-2020-005 ∗∗∗ --------------------------------------------- Project: SVG Formatter Security risk: Critical This security release fixes third-party dependencies included in or required by SVG Formatter. XSS bypass using entities and tab.This vulnerability is mitigated by the fact that an attacker must be able to upload SVG files. --------------------------------------------- https://www.drupal.org/sa-contrib-2020-005 ∗∗∗ Cisco Email Security Appliance Uncontrolled Resource Exhaustion Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated remote attacker to exhaust resources on an affected device. The vulnerability is due to insufficient control over system memory allocation. An attacker could exploit this vulnerability by sending a crafted email through the targeted device. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Sicherheitslücken: Angreifer könnten WLAN-Router von Netgear übernehmen ∗∗∗ --------------------------------------------- Wer einen WLAN-Router von Netgear besitzt, sollte das Gerät zügig aktualisieren. Eine Sicherheitslücke gilt als kritisch. --------------------------------------------- https://heise.de/-4676824 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (http-parser and xerces-c), Debian (tomcat7), Fedora (opensmtpd), openSUSE (openfortivpn and permissions), Red Hat (http-parser, openstack-octavia, python-waitress, and sudo), Slackware (ppp), and SUSE (kernel). --------------------------------------------- https://lwn.net/Articles/813888/ ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: API Connect is impacted by multiple vulnerabilities in Oracle MySQL. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-api-connect-is-impacted-b… ∗∗∗ Security Bulletin: Information disclosure vulnerability in WebSphere Application Server affects IBM Watson Text to Speech and Speech to Text (IBM Watson™ Speech Services 1.1) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: WAS Liberty vunerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson™ Speech Services 1.1) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-was-liberty-vunerabilitie… ∗∗∗ Security Bulletin: API Connect's Developer Portal is impacted by vulnerabilities in PHP ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-api-connects-developer-po… ∗∗∗ Security Bulletin: WAS Liberty vunerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson™ Speech Services 1.1) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-was-liberty-vunerabilitie… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.03.2020
by Daily end-of-shift report 04 Mar '20

04 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 03-03-2020 18:00 − Mittwoch 04-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Achtung: Lets Encrypt macht Mittwochnacht 3 Millionen Zertifikate ungültig ∗∗∗ --------------------------------------------- Webadmins aufgepasst: Wer jetzt seine Lets-Encrypt-Zertifikate nicht erneuert, könnte Donnerstag früh verunsicherte Nutzer auf der Matte stehen haben. --------------------------------------------- https://heise.de/-4676017 ∗∗∗ Ransomware Attackers Use Your Cloud Backups Against You ∗∗∗ --------------------------------------------- Backups are one the most, if not the most, important defense against ransomware, but if not configured properly, attackers will use it against you. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-you… ∗∗∗ ACSC Releases Securing Content Management Systems Guide ∗∗∗ --------------------------------------------- The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide outlining strategies for identifying and minimizing risks to web servers from installed content management systems (CMS). --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2020/03/04/acsc-releases-secu… ∗∗∗ A Zero-Day Homograph Domain Name Attack ∗∗∗ --------------------------------------------- What started as almost casual research in November 2019 and disclosed to various vendors as a vulnerability in November and December 2019 and January 2020 was abruptly reclassified and treated as a zero-day vulnerability on February 13, 2020. --------------------------------------------- https://www.securityweek.com/zero-day-homograph-domain-name-attack ∗∗∗ Academics find 30 file upload vulnerabilities in 23 web apps, CMSes, and forums ∗∗∗ --------------------------------------------- Impacted projects include WordPress, Concrete5, Composr, SilverStripe, ZenCart, and others. --------------------------------------------- https://www.zdnet.com/article/academics-find-30-file-upload-vulnerabilities… ∗∗∗ Voice assistants can be hacked with ultrasonic waves ∗∗∗ --------------------------------------------- With access to text messages and the ability to make fraudulent phone calls, attackers could wreak more damage than youd think --------------------------------------------- https://www.welivesecurity.com/2020/03/04/voice-assistants-hacked-ultrasoni… ===================== = Vulnerabilities = ===================== ∗∗∗ Emerson ValveLink ∗∗∗ --------------------------------------------- This advisory contains mitigations for an improper access control vulnerability in Emersons ValveLink digital valve controllers. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-063-01 ∗∗∗ PHOENIX CONTACT Emalytics Controller ILC ∗∗∗ --------------------------------------------- This advisory contains mitigations for an incorrect permission assignment for critical resource vulnerability in Phoenix Contacts Emalytics Controller modular inline devices. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-063-02 ∗∗∗ Omron PLC CJ Series ∗∗∗ --------------------------------------------- This advisory contains mitigations for an uncontrolled resource consumption vulnerability in Omrons PLC CJ Series programmable logic controllers. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-063-03 ∗∗∗ Moxa AWK-3131A Series Industrial AP/Bridge/Client ∗∗∗ --------------------------------------------- This advisory contains mitigations for several vulnerabilities in Moxas AWK-3131A wireless networking appliance. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-063-04 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libzypp), Fedora (opensmtpd and thunderbird), openSUSE (nodejs8), Red Hat (http-parser, kpatch-patch, and xerces-c), SUSE (cloud-init, compat-openssl098, kernel, postgresql96, python, and yast2-rmt), and Ubuntu (python-django and rake). --------------------------------------------- https://lwn.net/Articles/813797/ ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/publicationListing.x ∗∗∗ Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-suscept… ∗∗∗ Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by a vulnerability in libssh2 (CVE-2016-0787) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management… ∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (February 2020v3) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in Apache Commons Beanutils library affect IBM Cúram Social Program Management (CVE-2019-10086) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-c… ∗∗∗ Security Bulletin: A security vulnerability has been addressed in IBM Security Privileged Identity Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSSL (CVE-2012-4929) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management… ∗∗∗ Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by a vulnerability with the IPv6 networking support (CVE-2015-2922) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management… ∗∗∗ Security Bulletin: IBM Security Privileged Identity Manager is affected by a security vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-i… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2019 – Includes Oracle Oct 2019 CPU minus CVE-2019-2949 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ HPESBHF03987 rev.1 - HPE OneView Global Dashboard (OVGD), Remote Information Disclosure ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ Red Hat OpenShift Container Platform: Mehrere Schwachstellen ermöglichen Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0189 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.03.2020
by Daily end-of-shift report 03 Mar '20

03 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Montag 02-03-2020 18:00 − Dienstag 03-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ New PwndLocker Ransomware Targeting U.S. Cities, Enterprises ∗∗∗ --------------------------------------------- Driven by the temptation of big ransom payments, a new ransomware called PwndLocker has started targeting the networks of businesses and local governments with ransom demands over $650,000. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-pwndlocker-ransomware-ta… ∗∗∗ TLS: Lets Encrypt muss drei Millionen Zertifikate zurückziehen ∗∗∗ --------------------------------------------- Ein Fehler bei Lets Encrypt hat dazu geführt, dass der Check von CAA-DNS-Records nicht korrekt durchgeführt wurde. Die Zertifizierungsstelle zieht jetzt kurzfristig betroffene Zertifikate zurück, was für einige Probleme sorgen dürfte. --------------------------------------------- https://www.golem.de/news/tls-let-s-encrypt-muss-drei-millionen-zertifikate… ∗∗∗ TrickBot Adds ActiveX Control, Hides Dropper in Images ∗∗∗ --------------------------------------------- The tricky trojan has evolved again, to stay a step ahead of defenders. --------------------------------------------- https://threatpost.com/trickbot-activex-control-dropper/153370/ ∗∗∗ 7 Tips for Protecting Your Website ∗∗∗ --------------------------------------------- For many people, website security is an intimidating topic. It seems like there’s an endless list of things necessary for protecting your website. And while resources like our Website Security Guide cut through much of the clutter of the threat landscape, some folks might need it simplified even further. Okay, we hear ya. --------------------------------------------- https://blog.sucuri.net/2020/03/7-tips-for-protecting-your-website.html ∗∗∗ The Jan/Feb 2020 issue of our SWITCH Security Report is available! ∗∗∗ --------------------------------------------- Dear Reader! A new issue of our bi-monthly SWITCH Security Report is available! The topics covered in this report are: When backdoors become trapdoors: ‘Crypto Leaks’ hits Switzerland, Crypto Valley – and the entire ecosystem I, Robot, ZigBee and IoT [...] --------------------------------------------- https://securityblog.switch.ch/2020/03/03/the-jan-feb-2020-issue-of-our-swi… ∗∗∗ Leverage ATT&CK for ICS to Secure Industrial Control Systems ∗∗∗ --------------------------------------------- [...] In security operations centers (SOCs), we have already realized the value that MITRE ATT&CK provides through its encyclopedia of mapped tactics, techniques and procedures (TTPs) based on real-world observations of adversaries. The knowledge base enables security teams to link adversarial TTPs when conducting a gap analysis and threat modeling. --------------------------------------------- https://securityintelligence.com/posts/leverage-attck-for-ics-to-secure-ind… ∗∗∗ Jetzt patchen: Kritische Lücke "Ghostcat" in Apache-Tomcat-Versionen seit 6.0 ∗∗∗ --------------------------------------------- Für eine Lücke, die sich seit 13 Jahre lang in Apache Tomcat verbarg, sind mehrere Proofs-of-Concept verfügbar. Abgesicherte Versionen schließen sie. --------------------------------------------- https://heise.de/-4673983 ∗∗∗ The Case for Limiting Your Browser Extensions ∗∗∗ --------------------------------------------- Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code. An investigation determined it was injected by a browser extension installed on the computer of a Blue Shield employee whod edited the Web site in the past month. --------------------------------------------- https://krebsonsecurity.com/2020/03/the-case-for-limiting-your-browser-exte… ∗∗∗ Google Launches Free Fuzzer Benchmarking Service ∗∗∗ --------------------------------------------- Google this week announced the launch of FuzzBench, a free and open source service for evaluating fuzzers. The fully automated service was designed to allow for an easy but rigorous evaluation of fuzzing research, in an attempt to boost the adoption of fuzzing research – an important bug finding technique. --------------------------------------------- https://www.securityweek.com/google-launches-free-fuzzer-benchmarking-servi… ∗∗∗ Corona-Virus: Fake-Shops verkaufen Atemschutzmasken ∗∗∗ --------------------------------------------- Atemschutzmasken werden aus Angst vor dem Corona-Virus aktuell vermehrt gekauft. Auch Organisationen haben Engpässe und suchen daher nach B2B-Online-HändlerInnen. Kriminelle nutzen die Angst der Bevölkerung und die steigende Nachfrage und bieten diverse medizinische Produkte in Fake-Shops an. Bis jetzt sind uns die Fake-Shops globalmasksuppliers.com, medicalsmilesgmbh.com und pharmacyfirstgmbh.com bekannt. --------------------------------------------- https://www.watchlist-internet.at/news/corona-virus-fake-shops-verkaufen-at… ∗∗∗ Malware-free attacks now most popular tactic amongst cybercriminals ∗∗∗ --------------------------------------------- Malware-free or fileless techniques accounted for 51% of attacks last year, compared to 40% the year before, as hackers turn to stolen credentials to breach corporate networks, reveals CrowdStrikes latest threat report. --------------------------------------------- https://www.zdnet.com/article/malware-free-attacks-now-most-popular-tactic-… ===================== = Vulnerabilities = ===================== ∗∗∗ Google-März-Patch: Android Sicherheitslücke wird seit einem Jahr ausgenutzt ∗∗∗ --------------------------------------------- Seit fast einem Jahr lassen sich auf vielen Mittelklasse-Smartphones mit Android leicht Root-Rechte erlangen. Schad-Apps nutzen diese bereits aus, dennoch gibt es kaum Hersteller, die einen Patch ausliefern. Nun will Google ihn selbst verteilen. --------------------------------------------- https://www.golem.de/news/google-maerz-patch-android-sicherheitsluecke-wird… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium and webkit2gtk), Debian (collabtive, dojo, firebird2.5, gst-plugins-base0.10, libapache2-mod-auth-openidc, openjdk-7, php5, python-bleach, and rrdtool), Fedora (kernel, kernel-headers, kernel-tools, mingw-openjpeg2, and openjpeg2), Mageia (hiredis, kernel, rsync, wireshark, and zsh), openSUSE (cacti, cacti-spine, libexif, proftpd, python-azure-agent, python3, and webkit2gtk3), Oracle (ppp), SUSE (permissions), and Ubuntu (libarchive). --------------------------------------------- https://lwn.net/Articles/813684/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (linux-4.9, proftpd-dfsg, rrdtool, and zsh), Fedora (kernel), openSUSE (cacti, cacti-spine, mariadb, and ppp), Red Hat (kernel, qemu-kvm, qemu-kvm-ma, and ruby), Slackware (seamonkey), SUSE (kernel, libpng16, ovmf, python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer, and python36), and Ubuntu [...] --------------------------------------------- https://lwn.net/Articles/813757/ ∗∗∗ Security advisory 2020-03-03 ∗∗∗ --------------------------------------------- Insufficient data validation in yubikey-val --------------------------------------------- https://www.yubico.com/support/security-advisories/ysa-2020-01/ ∗∗∗ Security Bulletin: The Relationship admin page in Tivoli Netcool/OMNIbus WebGUI is vulnerable to Cross Site Scripting attack (CVE-2020-4198) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-the-relationship-admin-pa… ∗∗∗ Security Bulletin: Cacheable HTTPS Responses have been identified on multiple Tivoli Netcool/OMNIbus WebGUI admin pages (CVE-2020-4197) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cacheable-https-responses… ∗∗∗ Security Bulletin: Cross-Site Scripting (XSS) vulnerability have been identified on Tool Prompt Configuration page of Tivoli Netcool/OMNIbus WebGUI (CVE-2020-4196) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-xss-… ∗∗∗ Security Bulletin: IBM MobileFirst Platform Foundation susceptible to privilege escalation on Android ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mobilefirst-platform-… ∗∗∗ Security Bulletin: OpenSSL publicly disclosed vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclose… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.03.2020
by Daily end-of-shift report 02 Mar '20

02 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 28-02-2020 18:00 − Montag 02-03-2020 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ New Evasion Encyclopedia Shows How Malware Detects Virtual Machines ∗∗∗ --------------------------------------------- A new Malware Evasion Encyclopedia has been launched that offers insight into the various methods malware uses to detect if it is running under a virtual environment. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-evasion-encyclopedia-sho… ∗∗∗ Secure vs. cleartext protocols - couple of interesting stats, (Mon, Mar 2nd) ∗∗∗ --------------------------------------------- For a very long time, there has been a strong effort aimed toward moving all potentially sensitive network-based communications from unencrypted protocols to the secure and encrypted ones. And with the recently released APWG report noting that 74% of phishing sites used HTTPS in the last quarter of 2019[1] and Apples supposed plan to start supporting only TLS certificates with no more than one year period of validity [...] --------------------------------------------- https://isc.sans.edu/diary/rss/25854 ∗∗∗ Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen ∗∗∗ --------------------------------------------- Im niedersächsischen Neustadt schlug der Trojaner Emotet mit voller Wucht zu. Nun spricht die Stadtverwaltung offen über das Desaster – damit andere lernen. --------------------------------------------- https://heise.de/-4665958 ∗∗∗ Large-scale phishing attack on Western Europe ∗∗∗ --------------------------------------------- Beginning in November 2019, 360 Security Center detected multiple large-scale cyber attack incidents carrying AgentTesla stealing Trojans. This cyber attack mainly targeted countries in Western Europe [...] --------------------------------------------- https://blog.360totalsecurity.com/en/large-scale-phishing-attack-on-western… ===================== = Vulnerabilities = ===================== ∗∗∗ NVIDIA schließt Lücken in GPU-Treiber und vGPU-Software ∗∗∗ --------------------------------------------- Von insgesamt fünf Lücken in NVIDIAs GPU Display-Treiber für Windows und in der vGPU-Software geht ein teils hohes Sicherheitsrisiko aus. Es gibt Updates. --------------------------------------------- https://heise.de/-4672318 ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozzila Firefox (less than Firefox 68.3 ESR) have affected Synthetic Playback Agent 8.1.4.0 – 8.1.4 IF10 + ICAM 3.0 – 4.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Aspera Shares Web Application is affected by NGINX Vulnerabilities (CVE-2019-13067) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-shares-web-app… ∗∗∗ Security Bulletin: IBM Security Information Queue has overly permissive CORS policy (CVE-2020-4292) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-information-… ∗∗∗ Security Bulletin: IBM RackSwitch firmware products are affected by the following OpenSLL vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-p… ∗∗∗ Security Bulletin: Addressing the Sqlite Vulnerability CVE-2019-16168, CVE-2019-19242 and CVE-2019-19244 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-addressing-the-sqlite-vul… ∗∗∗ Security Bulletin: Aspera Web Shares application is affected by NGINX Vulnerabilities (CVE-2019-12208, CVE-2019-12207) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-shares-applica… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a denial of service shipped with Jazz for Service Management (CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: A vulnerability in Python affects IBM Operations Analytics Predictive Insights (CVE-2019-10160) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-python… ∗∗∗ Security Bulletin: A vulnerability in Python affects IBM Operations Analytics Predictive Insights (CVE-2018-14647) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-python… ∗∗∗ Security Bulletin: Vulnerabilities in Python affect IBM Operations Analytics Predictive Insights (CVE-2019-9948, CVE-2019-9947) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-python… ∗∗∗ Security Bulletin: A security vulnerability has been identified in SQLite shipped with PowerAI. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A security vulnerability has been identified in SQLite shipped with PowerAI. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A security vulnerability has been identified in SQLite shipped with PowerAI. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A security vulnerability has been identified in TensorFlow shipped with PowerAI. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.02.2020
by Daily end-of-shift report 28 Feb '20

28 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 27-02-2020 18:00 − Freitag 28-02-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Nemty Ransomware Actively Distributed via Love Letter Spam ∗∗∗ --------------------------------------------- Security researchers have spotted an ongoing malspam campaign using emails disguised as messages from secret lovers to deliver Nemty Ransomware payloads on the computers of potential victims. --------------------------------------------- https://www.bleepingcomputer.com/news/security/nemty-ransomware-actively-di… ∗∗∗ Site Takeover Campaign Exploits Multiple Zero-Day Vulnerabilities ∗∗∗ --------------------------------------------- Early yesterday, the Flexible Checkout Fields for WooCommerce plugin received a critical update to patch a zero-day vulnerability which allowed attackers to modify the plugin’s settings. As our Threat Intelligence team researched the scope of this attack campaign, we discovered three additional zero-day vulnerabilities in popular WordPress plugins that are being exploited as a part of this [...] --------------------------------------------- https://www.wordfence.com/blog/2020/02/site-takeover-campaign-exploits-mult… ∗∗∗ Ghostcat bug impacts all Apache Tomcat versions released in the last 13 years ∗∗∗ --------------------------------------------- Ghostcat vulnerability can allow hackers to read configuration files or plant backdoors on Tomcat servers. --------------------------------------------- https://www.zdnet.com/article/ghostcat-bug-impacts-all-apache-tomcat-versio… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (java-1.7.0-openjdk and ppp), Debian (libimobiledevice, libusbmuxd, and pure-ftpd), Fedora (caddy, firejail, golang-github-gorilla-websocket, golang-vitess, hugo, mingw-libpng, php, and proftpd), openSUSE (chromium, enigmail, ipmitool, libsolv, libzypp, zypper, weechat, and yast2-rmt), Oracle (java-1.7.0-openjdk and ppp), Red Hat (java-1.7.0-openjdk and ppp), Scientific Linux (java-1.7.0-openjdk and ppp), and SUSE (java-1_8_0-ibm, kernel, mariadb, [...] --------------------------------------------- https://lwn.net/Articles/813543/ ∗∗∗ HPESBST03980 rev.1 - HPE StoreFabric C-series Switches with Cisco Prime Data Center Network Manager (DCNM), Remote Authentication Bypass ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ wpdefault - Backdoor Plugin ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/10096 ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-2989, CVE-2020-2593 and CVE-2019-4732 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ Security Bulletin: Apache Log4j vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-17571) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilit… ∗∗∗ Security Bulletin: Man in the middle vulnerability CVE-2014-3603 affects Websphere Liberty and OpenLiberty used by MobileFirst Platform Foundation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-man-in-the-middle-vulnera… ∗∗∗ Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-node-js-vulnerabilities-a… ∗∗∗ Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in TCP (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management… ∗∗∗ Security Bulletin: WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4663 and CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Node.js handlebars vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-node-js-handlebars-vulner… ∗∗∗ Security Bulletin: MobileFirst Platform Foundation is affected by WebSphere Application Server Liberty is affected by Apache Commons Compress vulnerability (CVE-2019-12402) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-mobilefirst-platform-foun… ∗∗∗ Security Bulletin: Information disclosure vulnerability in WebSphere Application Server which is shipped with Jazz for Service Management (CVE-2019-4477) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-siteprotecto… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.02.2020
by Daily end-of-shift report 27 Feb '20

27 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 26-02-2020 18:00 − Donnerstag 27-02-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Norton LifeLock Phishing Scam Installs Remote Access Trojan ∗∗∗ --------------------------------------------- Cybercriminals behind a recently observed phishing campaign used a clever ruse in the form of a bogus NortonLifelock document to fool victims into installing a remote access tool (RAT) that is typically used for legitimate purposes. --------------------------------------------- https://www.bleepingcomputer.com/news/security/norton-lifelock-phishing-sca… ∗∗∗ RSAC 2020: Smart Baby Monitor Vulnerable to Remote Hackers ∗∗∗ --------------------------------------------- A popular baby monitor has been found riddled with vulnerabilities that give attackers full access to personal information and sensitive video footage. --------------------------------------------- https://threatpost.com/rsac-2020-another-smart-baby-monitor-vulnerable-to-r… ∗∗∗ Android malware can steal Google Authenticator 2FA codes ∗∗∗ --------------------------------------------- A new version of the "Cerberus" Android banking trojan will be able to steal one-time codes generated by the Google Authenticator app and bypass 2FA-protected accounts. --------------------------------------------- https://www.zdnet.com/article/android-malware-can-steal-google-authenticato… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel, ksh, python-pillow, and thunderbird), Debian (opensmtpd, proftpd-dfsg, and rake), Fedora (NetworkManager-ssh), openSUSE (chromium), and SUSE (libexif, mariadb, ovmf, python3, and squid). --------------------------------------------- https://lwn.net/Articles/813431/ ∗∗∗ Wireshark: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Wireshark ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0177 ∗∗∗ Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Bulletin: SQL injection vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4479) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerabili… ∗∗∗ Security Bulletin: IBM MQ certified container is vulnerable to multiple vulnerabilities within IBM MQ.(CVE-2019-4655, CVE-2019-4560, CVE-2019-4614, CVE-2019-4620) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-certified-containe… ∗∗∗ Security Bulletin: Vulnerability in OpenSLP affects Power Hardware Management Console (CVE-2019-5544) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openslp-… ∗∗∗ Security Bulletin: IBM MQ certified container is vulnerable to a denial of service vulnerability in golang (CVE-2019-17596) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-certified-containe… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Oct 2019 CPU (CVE-2019-2964,CVE-2019-2978,CVE-2019-2983,CVE-2019-2989) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Bypass security restrictions in WAS Liberty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-bypass-security-restricti… ∗∗∗ Security Bulletin: Vulnerabilities have been identified in OpenSSL and the Kernel shipped with the DS8000 Hardware Management Console (HMC) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.02.2020
by Daily end-of-shift report 26 Feb '20

26 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 25-02-2020 18:00 − Mittwoch 26-02-2020 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Multiple WordPress Plugin Vulnerabilities Actively Being Attacked ∗∗∗ --------------------------------------------- One adversary security researchers call 'tonyredball' gets backdoor access to websites that run a vulnerable version of the following two plugins: * ThemeGrill Demo Importer (below 1.6.3) * Profile Builder free and Pro (below 3.1.1) --------------------------------------------- https://www.bleepingcomputer.com/news/security/multiple-wordpress-plugin-vu… ∗∗∗ Flaw in Billions of Wi-Fi Devices Left Communications Open To Eavesdropping ∗∗∗ --------------------------------------------- Eset, the security company that discovered the vulnerability, said the flaw primarily affects Cyperess' and Broadcom's FullMAC WLAN chips, which are used in billions of devices. Eset has named the vulnerability Kr00k, and it is tracked as CVE-2019-15126. Manufacturers have made patches available for most or all of the affected devices, but it's not clear how many devices have installed the patches. Of greatest concern are vulnerable wireless routers, which often go unpatched indefinitely. --------------------------------------------- https://mobile.slashdot.org/story/20/02/26/165207/flaw-in-billions-of-wi-fi… ∗∗∗ Silver & Golden Tickets Explained ∗∗∗ --------------------------------------------- This article clarifies the concepts of PAC, Silver Ticket, Golden Ticket, as well as the different encryption methods used in authentication. These notions are essential to understand Kerberos attacks in Active Directory. --------------------------------------------- https://en.hackndo.com/kerberos-silver-golden-tickets/ ∗∗∗ PayPal über Google Pay: Lücke noch immer nicht behoben – und wohl schlimmer als befürchtet ∗∗∗ --------------------------------------------- Eine Sicherheitslücke, die unautorisierte PayPal-Abbuchungen via Google Pay ermöglicht, ist laut ihrem Entdecker noch leichter ausnutzbar als zuvor angenommen. --------------------------------------------- https://heise.de/-4668350 ∗∗∗ HTTP Request Smuggling. A how-to ∗∗∗ --------------------------------------------- HTTP Request Smuggling is not a new issue, a 2005 white paper from Watchfire discusses it in detail and there are other resources too. What I found missing was practical, actionable, how-to references. This post covers my findings and, hopefully, sheds some light on the intricacies of HTTP Request Smuggling. --------------------------------------------- https://www.pentestpartners.com/security-blog/http-request-smuggling-a-how-… ∗∗∗ Ist diese Webseite seriös? – Checken Sie unsere Listen! ∗∗∗ --------------------------------------------- Es ist nicht unwahrscheinlich, dass Sie als InternetnutzerIn ab und an auf eine betrügerische oder unseriöse Internetseite stoßen. Haben Sie beispielsweise bei einem Online-Shop, einer Streaming-Plattform, einem Speditionsunternehmen oder einer Reiseplattform ein ungutes Gefühl, schauen Sie am besten in unseren Listen nach. Dort finden Sie unzählige Internetseiten, die Sie besser meiden sollten! --------------------------------------------- https://www.watchlist-internet.at/news/ist-diese-webseite-serioes-checken-s… ===================== = Vulnerabilities = ===================== ∗∗∗ Privilege escalation vulnerability in multiple RICOH printer drivers ∗∗∗ --------------------------------------------- If a user who can login to the computer where the affected printer driver is installed uses the specially crafted printer driver, that may result in administrative privileges being taken by privilege escalation. --------------------------------------------- https://jvn.jp/en/jp/JVN15697526/ ∗∗∗ Multiple vulnerabilities in RICOH printers ∗∗∗ --------------------------------------------- * A user who can access the device may access the debugging Web page and obtain sensitive information - CVE-2019-14301 * A user who can physically access the device may execute arbitrary code, alter settings, and/or disable the function - CVE-2019-14302 * If a user accesses a specially crafted page, unintended operations such as changing settings of the device may be performed - CVE-2019-14304 * A user who can access the device may the device settings information - CVE-2019-14306 --------------------------------------------- https://jvn.jp/en/jp/JVN52962201/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (python-pysaml2), Mageia (clamav, graphicsmagick, opencontainers-runc, squid, and xmlsec1), Oracle (kernel, ksh, python-pillow, systemd, and thunderbird), Red Hat (rh-nodejs12-nodejs), Scientific Linux (ksh, python-pillow, and thunderbird), and SUSE (nodejs6, openssl, ppp, and squid). --------------------------------------------- https://lwn.net/Articles/813349/ ∗∗∗ Moxa MB3xxx Series Protocol Gateways ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-056-01 ∗∗∗ Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-056-02 ∗∗∗ Moxa PT-7528 and PT-7828 Series Ethernet Switches ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-056-03 ∗∗∗ Moxa EDS-G516E and EDS-510E Series Ethernet Switches ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-056-04 ∗∗∗ Honeywell WIN-PAK ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-056-05 ∗∗∗ Cisco FXOS Software CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Border Gateway Protocol MD5 Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Anycast Gateway Invalid ARP Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software NX-API Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco MDS 9000 Series Multilayer Switches Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FXOS and UCS Manager Software CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FXOS and UCS Manager Software Local Management CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco MDS 9000 Series Multilayer Switches Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FXOS and UCS Manager Software Local Management CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Out of Bounds Write Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200226-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: SQL Injection Vulnerability Affects IBM Sterling B2B Integrator EBICS (CVE-2019-4597) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerabili… ∗∗∗ Security Bulletin: SQL Injection Vulnerability Affects IBM Sterling B2B Integrator Dashboard User Interface (CVE-2019-4598) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerabili… ∗∗∗ Security Bulletin: Cross-Site Request Forgery Affects IBM Sterling B2B Integrator (CVE-2019-4726) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-request-forger… ∗∗∗ Security Bulletin: Information disclosure vulnerability in IBM WebSphere Service Registry and Repository (CVE-2019-4537) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: Java Update ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-java-update/ ∗∗∗ Security Bulletin: Cross-Site Scripting Vulnerability Affects IBM Sterling B2B Integrator Dashboard User Interface (CVE-2019-4596) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect TPF Toolkit ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ HPESBST03983 rev.1 - HPE Command View Advanced Edition (CVAE), Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.02.2020
by Daily end-of-shift report 25 Feb '20

25 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Montag 24-02-2020 18:00 − Dienstag 25-02-2020 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Network Traffic Analysis for IR — Discovering RATs ∗∗∗ --------------------------------------------- Discovering RATs is not an easy task, as they neither show up on running processes nor slow down the computer speed. Nevertheless, incident response (IR) teams can perform a network traffic analysis to discover RATs. --------------------------------------------- https://resources.infosecinstitute.com/network-traffic-analysis-for-ir-disc… ∗∗∗ VB2019 paper: Static analysis methods for detection of Microsoft Office exploits ∗∗∗ --------------------------------------------- Today we publish the VB2019 paper and presentation by McAfee researcher Chintan Shah in which he described static analysis methods for the detection of Microsoft Office exploits. --------------------------------------------- https://www.virusbulletin.com:443/blog/2020/02/vb2019-paper-static-analysis… ∗∗∗ Fünf Jahre Updates: BSI definiert Anforderungen an sichere Smartphones ∗∗∗ --------------------------------------------- Das BSI bringt einen Katalog von Smartphone-Sicherheitskriterien heraus, die später ins IT-Sicherheitskennzeichen einfließen könnten. --------------------------------------------- https://heise.de/-4667637 ∗∗∗ ENISA publishes procurement guidelines for cybersecurity in hospitals ∗∗∗ --------------------------------------------- The Procurement Guidelines for Cybersecurity in Hospitals published by the Agency is designed to support the healthcare sector in taking informative decisions on cybersecurity when purchasing new hospital assets. It provides the information to be included in the procurement requests that hospitals publish in order to obtain IT equipment. --------------------------------------------- https://www.helpnetsecurity.com/2020/02/25/cybersecurity-procurement-hospit… ∗∗∗ PayPal accounts abused en-masse for unauthorized payments ∗∗∗ --------------------------------------------- Since last Friday, users have reported seeing mysterious transactions pop up in their PayPal history as originating from their Google Pay account. ... On February 25, 07:30am ET, PayPal told ZDNet that they have addressed the issue being exploited over the weekend. --------------------------------------------- https://www.zdnet.com/article/paypal-accounts-are-getting-abused-en-masse-f… ===================== = Vulnerabilities = ===================== ∗∗∗ Signature Validation Bypass Leading to RCE In Electron-Updater ∗∗∗ --------------------------------------------- As part of a security engagement for one of our customers, we have reviewed the update mechanism performed by Electron Builder, and discovered an overall lack of secure coding practices. In particular, we identified a vulnerability that can be leveraged to bypass the signature verification check hence leading to remote command execution. --------------------------------------------- https://blog.doyensec.com/2020/02/24/electron-updater-update-signature-bypa… ∗∗∗ McAfees WebAdvisor für Chrome und Firefox kann Hacker einladen ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für McAfees Webbrowser-Erweiterung WebAdvisor. --------------------------------------------- https://heise.de/-4667767 ∗∗∗ Zyxel Fixes 0day in Network Storage Devices ∗∗∗ --------------------------------------------- The vulnerable devices include NAS542, NAS540, NAS520, NAS326, NSA325 v2, NSA325, NSA320S, NSA320, NSA310S, NSA310, NSA221, NSA220+, NSA220, and NSA210. The flaw is designated as CVE-2020-9054. However, many of these devices are no longer supported by Zyxel and will not be patched. Zyxel’s advice for those users is simply “do not leave the product directly exposed to the internet.” --------------------------------------------- https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-dev… ∗∗∗ Multiple Cross-site Scripting (XSS) Vulnerabilities in PHP-Fusion CMS ∗∗∗ --------------------------------------------- Business recommendation: Update to the latest version of PHP-Fusion. --------------------------------------------- https://sec-consult.com/en/blog/advisories/multiple-cross-site-scripting-xs… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl and otrs2), Fedora (NetworkManager-ssh and python-psutil), Mageia (ipmitool, libgd, libxml2_2, nextcloud, radare2, and upx), openSUSE (inn and sudo), Oracle (kernel, ksh, python-pillow, and thunderbird), Red Hat (curl, kernel, nodejs:10, nodejs:12, procps-ng, rh-nodejs10-nodejs, ruby, and systemd), SUSE (dpdk, firefox, java-1_7_1-ibm, java-1_8_0-ibm, libexif, libvpx, nodejs10, nodejs8, openssl1, pdsh, slurm_18_08, python-azure-agent, python3, webkit2gtk3), Ubuntu (libapache2-mod-auth-mellon, libpam-radius-auth, rsync). --------------------------------------------- https://lwn.net/Articles/813250/ ∗∗∗ D-LINK Router: Mehrere Schwachstellen ermöglichen Codeausführung ∗∗∗ --------------------------------------------- D-LINK Router DIR-867, D-LINK Router DIR-878, D-LINK Router DIR-882 Ein anonymer Angreifer aus dem angrenzenden Netzbereich kann mehrere Schwachstellen in D-LINK Routern ausnutzen, um beliebigen Programmcode auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0159 ∗∗∗ Security Bulletin: IBM QRadar Advisor With Watson App for IBM QRadar SIEM uses weaker than expected cryptographic algorithms (CVE-2019-4557) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-advisor-with-w… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: IBM QRadar Advisor With Watson App for IBM QRadar SIEM uses weaker than expected cryptographic algorithms (CVE-2019-4557) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-advisor-with-w… ∗∗∗ Linux sudo process vulnerability CVE-2019-18634 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K91327225?utm_source=f5support&utm_mediu… ∗∗∗ PHOENIX CONTACT: Advisory for multiple FL Switch GHS utilising VxWorks ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-002 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.02.2020
by Daily end-of-shift report 24 Feb '20

24 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 21-02-2020 18:00 − Montag 24-02-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Windows 10 Gets Temp Fix for Critical Security Vulnerability ∗∗∗ --------------------------------------------- Until Microsoft releases a permanent solution for the troublesome KB4532693 update, enterprises with Windows 10 1903 and 1909 are forced to delay applying the security fixes that come with it. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-10-gets-temp-fix-for… ∗∗∗ Celebrating Milestones (European CERT/CSIRT Report Coverage) ∗∗∗ --------------------------------------------- Celebrating a particularly significant long term milestone - our 107th National CERT/CSIRT recently signed up for Shadowservers free daily networking reporting service, which takes us to 136 countries and over 90% of the IPv4 Internet by IP space/ASN. This has finally changed our internal CERT reporting coverage map of Europe entirely green. --------------------------------------------- https://www.shadowserver.org/news/celebrating-milestones-european-cert-csir… ∗∗∗ Microsoft stellt Domaincontroller langsam auf LDAPS um ∗∗∗ --------------------------------------------- Microsoft bereitet eine Umstellung auf LDAPS im Active Directory vor. Admins sollten rechtzeitig Einstellungen und Logs prüfen, um Ausfälle zu vermeiden. --------------------------------------------- https://heise.de/-4666079 ∗∗∗ Emotet: Sicherheitsrisiko Microsoft Office 365 ∗∗∗ --------------------------------------------- Dokumentiert aber wenig bekannt: Den Business-Versionen von Office 365 fehlt eine wichtige Schutzfunktion, die unter anderem Emotet-Infektionen verhindern kann. --------------------------------------------- https://heise.de/-4665197 ∗∗∗ Betrügerisches Wettbüro: sportbetting-365.com ∗∗∗ --------------------------------------------- Vorsicht vor betrügerischen Wettbüros im Internet wie sportbetting-365.com. Die Website erinnert auf den ersten Blick an zahlreiche echte Wettangebote und Online-Casinos. Bei genauerem Hinsehen fallen aber grobe Mängel auf: So gibt es beispielsweise kein Impressum. Einzahlungen funktionieren äußerst einfach, Auszahlungen hingegen sind praktisch unmöglich. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerisches-wettbuero-sportbetti… ===================== = Vulnerabilities = ===================== ∗∗∗ OpenSMTPD 6.6.4p1 Security Release ∗∗∗ --------------------------------------------- An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group. --------------------------------------------- https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/6.6.4p1 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libpam-radius-auth, pillow, ppp, proftpd-dfsg, and python-pysaml2), Fedora (firefox, glib2, hiredis, http-parser, libuv, mingw-openjpeg2, nghttp2, nodejs, openjpeg2, python-pillow, skopeo, and webkit2gtk3), Mageia (patch, postgresql, and systemd), Red Hat (ksh, nodejs:10, openjpeg2, python-pillow, systemd, and thunderbird), and SUSE (java-1_7_1-ibm, libsolv, libzypp, zypper, pdsh, slurm_18_08, and php53). --------------------------------------------- https://lwn.net/Articles/813153/ ∗∗∗ Bugtraq: [TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP) ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/542240 ∗∗∗ Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Privilege Escalation Vulnerability in Huawei PCManager Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200221-… ∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (February 2020v2) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to Path Disclosure (CVE-2019-4745) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: Vulnerabilities in Curl affect PowerSC (CVE-2019-5481, CVE-2019-5482) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-a… ∗∗∗ Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerablility. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-suscept… ∗∗∗ Security Bulletin: Vulnerability in Apache Commons Compress affects IBM Spectrum Protect Plus (CVE-2019-12402). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-c… ∗∗∗ Security Bulletin: Command injection vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4210, CVE-2020-4213, CVE-2020-4222, CVE-2020-4212, CVE-2020-4211) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-command-injection-vulnera… ∗∗∗ Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Protect Plus (CVE-2019-14833, CVE-2019-14847, CVE-2019-10218) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-samba-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Information Disclosure in IBM Spectrum Protect Plus (CVE-2019-4703) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in… ∗∗∗ Security Bulletin: Multiple vulnerabilities in FasterXML Jackson-databind affect IBM Spectrum Protect Plus (CVE-2019-16943, CVE-2019-16942, CVE-2019-17531, CVE-2019-17267, CVE-2019-14540, CVE-2019-16335, CVE-2019-14379, CVE-2019-14439) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A security vulnerability has been identified in libjpeg-turbo shipped with PowerAI. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ HPESBGN03984 rev.1 - HPE OpenCall Media Platform (OCMP), Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03985 rev.1 - Certain HPE Servers with Intel Xeon SP-based processors, Local Disclosure of Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.02.2020
by Daily end-of-shift report 21 Feb '20

21 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 20-02-2020 18:00 − Freitag 21-02-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Coronavirus-Malware breitet sich massiv aus ∗∗∗ --------------------------------------------- Cybersecurity-Experten warnen, dass der Coronavirus immer mehr zur Verbreitung von Malware genutzt wird. --------------------------------------------- https://futurezone.at/digital-life/coronavirus-malware-breitet-sich-massiv-… ∗∗∗ Subdomain-Takeover: Hunderte Microsoft-Subdomains gekapert ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher konnte in den vergangenen Jahren Hunderte Microsoft-Subdomains kapern, doch trotz Meldung kümmerte sich Microsoft nur um wenige. Doch nicht nur der Sicherheitsforscher, auch eine Glücksspielseite übernahm offizielle Microsoft.com-Subdomains. --------------------------------------------- https://www.golem.de/news/subdomain-takeover-hunderte-microsoft-subdomains-… ∗∗∗ Apple: Safari soll nur noch einjährige TLS-Zertifikate akzeptieren ∗∗∗ --------------------------------------------- Apples Browser Safari soll ab 1. September nur noch TLS-Zertifikate mit einer maximalen Gültigkeit von 13 Monaten akzeptieren. Betroffen sind Webseiten wie Github.com oder Microsoft.com, die derzeit auf Zwei-Jahres-Zertifikate setzen. --------------------------------------------- https://www.golem.de/news/apple-safari-soll-nur-noch-einjaehrige-tls-zertif… ∗∗∗ Quick Analysis of an Encrypted Compound Document Format, (Fri, Feb 21st) ∗∗∗ --------------------------------------------- We like when our readers share interesting samples! Even if we have our own sources to hunt for malicious content, its always interesting to get fresh meat from third parties. Robert shared an interesting Microsoft Word document that I quickly analysed. Thanks to him! --------------------------------------------- https://isc.sans.edu/diary/rss/25826 ∗∗∗ How to Find & Remove SEO Spam on WordPress ∗∗∗ --------------------------------------------- Perhaps the best way to dive into the subject of finding and removing SEO spam on WordPress is with a quick experiment — probably one you’ll want to conduct at a private location. Run a Google search with the terms buy viagra cialis. Without clicking anything (seriously, don’t), take a close look at the results. You’ll likely see one or more seemingly innocent, non-pharmaceutical websites advertising these medications. --------------------------------------------- https://blog.sucuri.net/2020/02/remove-seo-spam-wordpress.html ∗∗∗ Fuzzing – Angriff ist die beste Verteidigung ∗∗∗ --------------------------------------------- Das automatisierte Testen von Software mit Fuzzing bietet einige Vorzüge, die sich Entwickler beim Testen zunutze machen sollten. --------------------------------------------- https://heise.de/-4659818 ∗∗∗ Over 400 ICS Vulnerabilities Disclosed in 2019: Report ∗∗∗ --------------------------------------------- More than 400 vulnerabilities affecting industrial control systems (ICS) were disclosed in 2019 and over a quarter of them had no patches when their existence was made public, according to a report published on Thursday by industrial cybersecurity firm Dragos. --------------------------------------------- https://www.securityweek.com/over-400-ics-vulnerabilities-disclosed-2019-re… ∗∗∗ Identitätsdiebstahl: Sicherheitsforscher warnen vor grundlegender Lücke in LTE-Netzen ∗∗∗ --------------------------------------------- Angreifer könnten sich als andere Personen ausgeben, und in deren Namen auftreten – Allerdings hoher Aufwand notwendig --------------------------------------------- https://www.derstandard.at/story/2000114840745/identitaetsdiebstahl-sicherh… ===================== = Vulnerabilities = ===================== ∗∗∗ B&R Industrial Automation Automation Studio and Automation Runtime ∗∗∗ --------------------------------------------- This advisory contains mitigations for an improper authorization vulnerability in B&R Industrial Automations Automation Studio and Automation Runtime software. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-051-01 ∗∗∗ Rockwell Automation FactoryTalk Diagnostics ∗∗∗ --------------------------------------------- This advisory contains mitigations for a deserialization of untrusted data vulnerability in Rockwell Automations FactoryTalk Diagnostics software. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-051-02 ∗∗∗ Honeywell NOTI-FIRE-NET Web Server (NWS-3) ∗∗∗ --------------------------------------------- This advisory contains mitigations for authentication bypass by capture relay, and path traversal vulnerabilities in Honeywells NOTI-FIRE-NET web servers. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-051-03 ∗∗∗ Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App) ∗∗∗ --------------------------------------------- This advisory contains mitigations for cleartext transmission of sensitive information, origin validation error, use of hard-coded credentials, weak password recovery mechanism for forgotten password, and weak password requirements vulnerabilities in Auto-Maskins RP 210E Remote Panels, DCU 210E Control Units, and Marine Observer Pro (Android App). --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-051-04 ∗∗∗ Root-Sicherheitslücke gefährdet IBM-Datenbank Db2 ∗∗∗ --------------------------------------------- Db2 von IBM ist verwundbar und Angreifer könnten schlimmstenfalls Schadcode ausführen. Vorläufige Fixes sind verfügbar. --------------------------------------------- https://heise.de/-4665536 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (openjpeg2), Debian (cloud-init, jackson-databind, and python-reportlab), Red Hat (ksh, python-pillow, systemd, and thunderbird), Slackware (proftpd), SUSE (java-1_7_0-ibm, nodejs10, and nodejs12), and Ubuntu (ppp and squid, squid3). --------------------------------------------- https://lwn.net/Articles/812995/ ∗∗∗ Security Bulletin: IBM API Connect V5 is impacted by a denial of service vulnerability in Linux kernel (CVE-2019-11477) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v5-is-imp… ∗∗∗ Security Bulletin: Phishing Attack Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4595) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-phishing-attack-vulnerabi… ∗∗∗ Security Bulletin: Multiple Vulnerabilities identified in IBM StoredIQ ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM License Metric Tool v9 (CVE-2019-4441). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-we… ∗∗∗ Trend Micro Produkte: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0155 ∗∗∗ Apache Tomcat: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0154 ∗∗∗ Red Hat OpenShift Container Platform: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0157 ∗∗∗ Red Hat Enterprise Linux Server: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0156 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.02.2020
by Daily end-of-shift report 20 Feb '20

20 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 19-02-2020 18:00 − Donnerstag 20-02-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Cybergang Favors G Suite and Physical Checks For BEC Attacks ∗∗∗ --------------------------------------------- Exaggerated Lion, a newly discovered cybercrime group, uses new and unique tactics to target U.S. companies in BEC attacks. --------------------------------------------- https://threatpost.com/cybergang-favors-g-suite-and-physical-checks-for-bec… ∗∗∗ Nearly half of hospital Windows systems still vulnerable to RDP bugs ∗∗∗ --------------------------------------------- Almost half of connected hospital devices are still exposed to the wormable BlueKeep Windows flaw nearly a year after it was announced, according to a report released this week. --------------------------------------------- https://nakedsecurity.sophos.com/2020/02/20/nearly-half-of-hospital-windows… ∗∗∗ Building a Stronger Cybersecurity Community: 8th ENISA Industry Event ∗∗∗ --------------------------------------------- On 17 February 2020, the EU Agency for Cybersecurity organised its 8th Industry Event in Brussels. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/building-a-stronger-cybersecuri… ∗∗∗ Telecom Security Authorities meeting in Brussels ∗∗∗ --------------------------------------------- Last week the EU Agency for Cybersecurity hosted the 30th Article 13a meeting in Brussels. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/telecom-security-authorities-me… ∗∗∗ Sicherheitsupdates: Ciscos High-Availability-Feature heißt Angreifer willkommen ∗∗∗ --------------------------------------------- Cisco kümmert sich unter anderem um kritische Lücken in Smart Software Manager, Email Security Appliance & Co. --------------------------------------------- https://heise.de/-4664787 ∗∗∗ Betrügerische Trading-Plattformen nehmen frühere Opfer ins Visier ∗∗∗ --------------------------------------------- Unseriöse Trading-Plattformen versuchen ihren Opfern mit unterschiedlichsten Maschen das Geld aus der Tasche zu ziehen. Einige frühere Betroffene werden nun erneut kontaktiert, obwohl sie bereits jeglichen Kontakt abgebrochen hatten: Angeblich wurden zwischenzeitlich hohe Gewinne erzielt, die nach Zahlung der Steuern beantragt werden könnten. Hier darf nichts bezahlt werden! --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-trading-plattformen-n… ∗∗∗ Exploiting Jira for Host Discovery ∗∗∗ --------------------------------------------- Last October I dived into the world of Jira Software (version 8.4.1) in the hope of discovering new vulnerabilities. Initially, I came across a few Cross-Site Request Forgery (CSRF) weaknesses, leading me to a vulnerability that allows a user to instruct the Jira server to initiate connections to other hosts of my choice. --------------------------------------------- https://medium.com/tenable-techblog/exploiting-jira-for-host-discovery-43be… ===================== = Vulnerabilities = ===================== ∗∗∗ Critical Adobe Flaws Fixed in Out-of-Band Update ∗∗∗ --------------------------------------------- Two critical Adobe vulnerabilities have been fixed in Adobe After Effects and Adobe Media Encoder. --------------------------------------------- https://threatpost.com/critical-adobe-flaws-fixed-in-out-of-band-update/153… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (netty and netty-3.9), Fedora (ceph, dovecot, poppler, and webkit2gtk3), openSUSE (inn and rmt-server), Oracle (openjpeg2), Red Hat (rabbitmq-server), Scientific Linux (openjpeg2), SUSE (dnsmasq, rsyslog, and slurm), and Ubuntu (php7.0). --------------------------------------------- https://lwn.net/Articles/812924/ ∗∗∗ jQuery vulnerability CVE-2015-9251 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K29562170 ∗∗∗ PHP: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0147 ∗∗∗ Duplicator < 1.3.28 - Unauthenticated Arbitrary File Download ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/10078 ∗∗∗ Profile - Moderately critical - Access Bypass - SA-CONTRIB-2020-004 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2020-004 ∗∗∗ Security Bulletin: SQL Injection Affects IBM Emptoris Spend Analysis (CVE-2019-4752) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-affects-ibm… ∗∗∗ Security Bulletin: Resilient is vulnerable to Using Components with Known Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-resilient-is-vulnerable-t… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2019-4640) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-cast-iron-s… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM API Connect has addressed the following vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-has-addre… ∗∗∗ Security Bulletin: IBM API Connect is impacted by a vulnerability in Kubernetes(CVE-2019-11251) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impact… ∗∗∗ Security Bulletin: SQL Injection Affects IBM Emptoris Strategic Supply Management Platform (CVE-2019-4752) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-affects-ibm… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.02.2020
by Daily end-of-shift report 19 Feb '20

19 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 18-02-2020 18:00 − Mittwoch 19-02-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ SMS Attack Spreads Emotet, Steals Bank Credentials ∗∗∗ --------------------------------------------- A new Emotet campaign is spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan. --------------------------------------------- https://threatpost.com/sms-attack-spreads-emotet-bank-credentials/153015/ ∗∗∗ Jetzt updaten: Exploit-Code für Lücke in Microsoft SQL Server veröffentlicht ∗∗∗ --------------------------------------------- Updates für MS SQL Server 2012, 2014 und 2016 vom Patch Tuesday beheben eine Sicherheitslücke, für die nun Proof-of-Concept-Code vorliegt. --------------------------------------------- https://heise.de/-4663968 ∗∗∗ Firmware-Sicherheitslücken: Angriffe auf Notebooks von Dell, HP und Lenovo ∗∗∗ --------------------------------------------- Notebook-Hersteller verbauen allerlei Komponenten von Zulieferern, denen selbst einfache Schutzmaßnahmen fehlen. --------------------------------------------- https://heise.de/-4664246 ∗∗∗ E-Mail der DNS Austria ist betrügerisch ∗∗∗ --------------------------------------------- Zahlreiche Website-BesitzerInnen erhalten momentan ein E-Mail einer DNS Austria – einem Unternehmen, das angeblich Domainnamen registriert. Sie werden darüber informiert, dass jemand ihre Domain mit einer anderen Endung registrieren möchte. Ihnen wird die Möglichkeit geboten, diese Domain zuvor zu kaufen. Überweisen Sie der DNS Austria kein Geld, es handelt sich um ein betrügerisches Vorgehen und das Unternehmen existiert nicht. --------------------------------------------- https://www.watchlist-internet.at/news/e-mail-der-dns-austria-ist-betrueger… ===================== = Vulnerabilities = ===================== ∗∗∗ Spacelabs Xhibit Telemetry Receiver (XTR) ∗∗∗ --------------------------------------------- This medical advisory contains mitigations for an improper input validation vulnerability in Spacelabs Xhibit Telemetry Receiver hardware --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsma-20-049-01 ∗∗∗ GE Ultrasound products ∗∗∗ --------------------------------------------- This medical advisory contains mitigations for a protection mechanism failure vulnerability in GE ultrasound products. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsma-20-049-02 ∗∗∗ Honeywell INNCOM INNControl 3 ∗∗∗ --------------------------------------------- This advisory contains mitigations for an improper privilege management vulnerability in Honeywells INNCOM INNControl 3 energy management platform. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-049-01 ∗∗∗ Emerson OpenEnterprise ∗∗∗ --------------------------------------------- This advisory contains mitigations for a heap-based buffer overflow vulnerability in Emersons OpenEnterprise SCADA Server software. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-049-02 ∗∗∗ VMSA-2020-0003 ∗∗∗ --------------------------------------------- vRealize Operations for Horizon Adapter updates address multiple security vulnerabilities (CVE-2020-3943, CVE-2020-3944, CVE-2020-3945) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0003.html ∗∗∗ Zero-Day Vulnerability in ThemeREX Addons Plugin Exploited in the Wild ∗∗∗ --------------------------------------------- Description: Remote Code Execution Affected Plugin: ThemeREX Addons Plugin Slug: trx_addons Affected Versions: Versions greater than 1.6.50 CVSS Score: 9.8 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Patched Version: Currently No Patch. Today, February 18th, our Threat Intelligence team was notified of a vulnerability present in ThemeREX Addons, a WordPress plugin installed on an estimated 44,000 sites. --------------------------------------------- https://www.wordfence.com/blog/2020/02/zero-day-vulnerability-in-themerex-a… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox, java-1.7.0-openjdk, ksh, and sudo), Debian (php7.0 and python-django), Fedora (cacti, cacti-spine, mbedtls, and thunderbird), openSUSE (chromium, re2), Oracle (firefox, java-1.7.0-openjdk, and sudo), Red Hat (openjpeg2 and sudo), Scientific Linux (java-1.7.0-openjdk and sudo), SUSE (dbus-1, dpdk, enigmail, fontforge, gcc9, ImageMagick, ipmitool, php72, sudo, and wicked), and Ubuntu (clamav, linux, linux-aws, linux-aws-hwe, linux-azure, --------------------------------------------- https://lwn.net/Articles/812851/ ∗∗∗ Bugtraq: [TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP) ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/542236 ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/publicationListing.x ∗∗∗ FortiOS URL redirection attack via the admin password change page ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-19-179 ∗∗∗ Huawei Security Advisories ∗∗∗ --------------------------------------------- https://www.huawei.com/en/psirt/all-bulletins?name=security-advisories&year… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4135). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4161) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: A vulnerability have been identified in Netty shipped with IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library (CVE-2019-16869) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-have-been… ∗∗∗ Security Bulletin: A vulnerability has been identified in FasterXML Jackson library shipped with IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2019-14540) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4200). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-4663) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to privilege escalation (CVE-2020-4230). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2019-4429) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: Vulnerability in Netty affects IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-netty-af… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.02.2020
by Daily end-of-shift report 18 Feb '20

18 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Montag 17-02-2020 18:00 − Dienstag 18-02-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ SSL Testing Methods ∗∗∗ --------------------------------------------- Not all SSL configurations on websites are equal, and a growing number push for HTTPS everywhere. There is an increasing demand to check and quantify that little padlock in your browser. Some simple online tools provide a fast SSL report. They are SSL configuration checkers, which do not just check a certificate, which is really only part of that configuration. Instead, they perform a more thorough look. --------------------------------------------- https://blog.sucuri.net/2020/02/ssl-testing-methods.html ∗∗∗ Gut behütet: OWASP API Security Top 10 ∗∗∗ --------------------------------------------- Zunehmend stehen APIs im Visier von Hackern. Ein Blick auf die neue OWASP-Liste zu den Schwachstellen zeigt, an welchen Stellen Entwickler gefordert sind. --------------------------------------------- https://heise.de/-4660904 ∗∗∗ Kritische Lücke in WordPress-Plugin Profile Builder macht jeden zum Site-Admin ∗∗∗ --------------------------------------------- In der aktuellen Version des WordPress-Plugin Profile Builder haben die Entwickler eine Sicherheitslücke mit Höchstwertung geschlossen. --------------------------------------------- https://heise.de/-4663152 ∗∗∗ Building a bypass with MSBuild ∗∗∗ --------------------------------------------- Living-off-the-land binaries (LoLBins) continue to pose a risk to security defenders. We analyze the usage of the Microsoft Build Engine by attackers and red team personnel. These threats demonstrate techniques T1127 (Trusted Developer Utilities) and T1500 (Compile After Delivery) of MITRE ATT&CK framework. --------------------------------------------- https://blog.talosintelligence.com/2020/02/building-bypass-with-msbuild.html ∗∗∗ Vorsicht vor betrügerischen PayLife E-Mails ∗∗∗ --------------------------------------------- PayLife KundInnen aufgepasst: Aktuell sind Phishing-E-Mails unterwegs. Kriminelle geben sich als PayLife aus und behaupten, dass Ihre Karte gesperrt wurde. Um die Karte wieder freizuschalten, müssen Sie einen Identifikationsprozess durchlaufen und Ihre Daten bestätigen. Klicken Sie keinesfalls auf den Link, es handelt sich um Betrug! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-betruegerischen-paylife… ∗∗∗ Bypass Windows 10 User Group Policy (and more) with this One Weird Trick ∗∗∗ --------------------------------------------- I‘m going to share an (ab)use of a Windows feature which can result in bypassing User Group Policy (as well as a few other interesting things). Bypassing User Group Policy is not the end of the world, but it’s also not something that should be allowed and depending on User Group Policy setup, could result in unfortunate security scenarios. --------------------------------------------- https://medium.com/tenable-techblog/bypass-windows-10-user-group-policy-and… ===================== = Vulnerabilities = ===================== ∗∗∗ Vulnerability in wpCentral Plugin Leads to Privilege Escalation ∗∗∗ --------------------------------------------- Description: Improper Access Control to Privilege Escalation Affected Plugin: wpCentral Affected Versions: [...] --------------------------------------------- https://www.wordfence.com/blog/2020/02/vulnerability-in-wpcentral-plugin-le… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (systemd and thunderbird), Debian (clamav, libgd2, php7.3, spamassassin, and webkit2gtk), Fedora (kernel, kernel-headers, and sway), Mageia (firefox, kernel-linus, mutt, python-pillow, sphinx, thunderbird, and webkit2), openSUSE (firefox, nextcloud, and thunderbird), Oracle (firefox and ksh), Red Hat (curl, java-1.7.0-openjdk, kernel, and ruby), Scientific Linux (firefox and ksh), SUSE (sudo and xen), and Ubuntu (clamav, php5, php7.0, php7.2, [...] --------------------------------------------- https://lwn.net/Articles/812763/ ∗∗∗ Serious Vulnerabilities Expose SonicWall SMA Appliances to Remote Attacks ∗∗∗ --------------------------------------------- Several serious vulnerabilities have been found by a researcher in Secure Mobile Access (SMA) and Secure Remote Access (SRA) appliances made by SonicWall. The vendor has released software updates that patch the flaws. --------------------------------------------- https://www.securityweek.com/serious-vulnerabilities-expose-sonicwall-sma-a… ∗∗∗ F-Secure Patches Old AV Bypass Vulnerability ∗∗∗ --------------------------------------------- A vulnerability addressed by F-Secure in some of its business products could have been exploited to bypass their scanning engine using malformed archives. --------------------------------------------- https://www.securityweek.com/f-secure-patches-old-av-bypass-vulnerability ∗∗∗ Bugtraq: [TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN) ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/542235 ∗∗∗ Intel processors vulnerability CVE-2019-14607 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K29100014?utm_source=f5support&utm_mediu… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Operations Analytics – Log Analysis is affected by stack displayed in WebSphere Application Server (CVE-2019-4441) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operations-analytics-… ∗∗∗ Security Bulletin: Oct 2019 : Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-oct-2019-multiple-vulnera… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2019-2989) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Bypass security restrictions in WebSphere Application Server Liberty affect IBM Operations Analytics – Log Analysis (CVE-2019-4304) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-bypass-security-restricti… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Oct 2019 : Multiple vulnerabilities in IBM Java Runtime affect TXSeries for Multiplatforms ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-oct-2019-multiple-vulnera… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.02.2020
by Daily end-of-shift report 17 Feb '20

17 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 14-02-2020 18:00 − Montag 17-02-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Escaping the Chrome Sandbox with RIDL ∗∗∗ --------------------------------------------- tl;dr: Vulnerabilities that leak cross process memory can be exploited to escape the Chrome sandbox. An attacker is still required to compromise the renderer prior to mounting this attack. To protect against attacks on affected CPUs make sure your microcode is up to date and disable hyper-threading (HT). --------------------------------------------- https://googleprojectzero.blogspot.com/2020/02/escaping-chrome-sandbox-with… ∗∗∗ How to hack a company by circumventing its WAF through the abuse of a different security appliance and win bug bounties ∗∗∗ --------------------------------------------- Hey, wait! What do bug bounties and network security appliances have in common? Usually nothing! On the contrary, the security appliances allow virtual patching practices and actively participate to reduce the number of bug bounties paid to researchers…but this is a reverse story: a bug bounty was paid to us thanks to a misconfigured security appliance. --------------------------------------------- https://www.redtimmy.com/web-application-hacking/how-to-hack-a-company-by-c… ∗∗∗ Flaw in WordPress Themes Plugin Allowed Hackers to Become Site Admin ∗∗∗ --------------------------------------------- A serious vulnerability found in a WordPress themes plugin with over 200,000 active installations can be exploited to wipe a website’s database and gain administrator access to the site. read more --------------------------------------------- https://www.securityweek.com/flaw-wordpress-themes-plugin-allowed-hackers-b… ∗∗∗ Theres finally a way to remove xHelper, the unremovable Android malware ∗∗∗ --------------------------------------------- Malwarebytes researchers find a way to remove the malware, but they still dont know how it really operates. --------------------------------------------- https://www.zdnet.com/article/theres-finally-a-way-to-remove-xhelper-the-un… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (evince, postgresql-9.4, and thunderbird), Fedora (ksh and libxml2), openSUSE (hostapd and nextcloud), Red Hat (chromium-browser, firefox, flash-plugin, and ksh), and SUSE (firefox and thunderbird). --------------------------------------------- https://lwn.net/Articles/812664/ ∗∗∗ PHOENIX CONTACT Emalytics Controller ILC 2050 BI(L) allows unauthorised read and write access to the configuration file. ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-001 ∗∗∗ Security Bulletin: Information disclosure in WebSphere Application Server Liberty bundled with IBM Operations Analytics – Log Analysis (CVE-2019-4305) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in… ∗∗∗ Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Spectrum Protect Plus (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2019 – Includes Oracle Oct 2019 CPU minus CVE-2019-2949 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-sd… ∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Private – Kubernetes (CVE-2019-17110, CVE-2019-10223, CVE-2019-11253) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server Liberty in IBM Cloud Private VM Quickstarter ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerabilities in Websphere Liberty and OpenLiberty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-websph… ∗∗∗ Security Bulletin: IBM Tivoli Common Reporting (TCR) interim fixes address Security Vulnerability and Exposure CVE-2018-1902 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-common-reporti… ∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Private – Go (CVE-2019-17596) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Vulnerabilities in Apache Commons Compress ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.02.2020
by Daily end-of-shift report 14 Feb '20

14 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 13-02-2020 18:00 − Freitag 14-02-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Parallax RAT: Common Malware Payload After Hacker Forums Promotion ∗∗∗ --------------------------------------------- A remote access Trojan named Parallax is being widely distributed through malicious spam campaigns that when installed allow attackers to gain full control over an infected system. --------------------------------------------- https://www.bleepingcomputer.com/news/security/parallax-rat-common-malware-… ∗∗∗ Keep an Eye on Command-Line Browsers, (Fri, Feb 14th) ∗∗∗ --------------------------------------------- For a few weeks, Im searching for suspicious files that make use of a command line browser like curl.exe or wget.exe in Windows environment. Wait, you were not aware of this? Just open a cmd.exe and type 'curl.exe' on your Windows 10 host: [...] --------------------------------------------- https://isc.sans.edu/diary/rss/25804 ∗∗∗ LokiBot Impersonates Popular Game Launcher and Drops Compiled C# Code File ∗∗∗ --------------------------------------------- Recently, we discovered LokiBot (detected by Trend Micro as Trojan.Win32.LOKI) impersonating a popular game launcher to trick users into executing it on their machines. Further analysis revealed that a sample of this variant employs a quirky, installation routine that involves dropping a compiled C# code file. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/WsiHoe_u7N4/ ∗∗∗ An In-Depth Technical Analysis of CurveBall (CVE-2020-0601) ∗∗∗ --------------------------------------------- The first Microsoft patch Tuesday of 2020 contained fixes for CVE-2020-0601 [...] an attacker exploiting this vulnerability could potentially create their own cryptographic certificates that appear to originate from a legitimate certificate that is fully trusted by Windows by default. .. this post will primarily highlight the code-level root cause analysis of the vulnerability in the context of how applications are likely to use CryptoAPI to handle certificates — more specifically in the [...] --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-tec… ∗∗∗ Sicherheitslücken-Sammlung SweynTooth: SocS in zahlreichen Produkten verwundbar ∗∗∗ --------------------------------------------- Zwölf Lücken in der Bluetooth-Low-Energy-Umsetzung auf Systems-on-Chip mehrerer Hersteller betreffen Wearables, IoT- aber wohl auch medizinische Geräte. --------------------------------------------- https://heise.de/-4660872 ===================== = Vulnerabilities = ===================== ∗∗∗ Trend Micro AntiVirus: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- Trend Micro AntiVirus ist eine Anti-Viren-Software. Trend Micro Maximum Security ist eine Desktop Security Suite. Trend Micro Internet Security ist eine Firewall und Antivirus Lösung. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/02/warn… ∗∗∗ Schneider Electric Modicon Ethernet Serial RTU ∗∗∗ --------------------------------------------- This advisory contains mitigations for improper check for unusual or exceptional conditions, and improper access control vulnerabilities in Schneider Electrics Modicons BMXNOR0200H Ethernet Serial RTU, a remote terminal unit. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-044-01 ∗∗∗ Schneider Electric Magelis HMI Panels ∗∗∗ --------------------------------------------- This advisory contains mitigations for an improper check for unusual or exceptional conditions vulnerability in Schneiders Magelis HMI Panels. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-044-02 ∗∗∗ FortiManager Cross-Site WebSocket Hijacking (CSWSH) ∗∗∗ --------------------------------------------- An Insufficient Verification of Data Authenticity vulnerability in FortiManager may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. FortiManager 6.2.0 to 6.2.1, 6.0.6 and below. --------------------------------------------- https://fortiguard.com/psirt/FG-IR-19-191 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (debian-security-support, postgresql-11, and postgresql-9.6), Fedora (cutter-re, firefox, php-horde-Horde-Data, radare2, and texlive-base), openSUSE (docker-runc), Oracle (kernel), Red Hat (sudo), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/812494/ ∗∗∗ Bugtraq: [TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG) ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/542223 ∗∗∗ Security Bulletin: Vulnerability affecting IBM Network Performance Insight (CVE-2019-12402) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affecting-i… ∗∗∗ Security Bulletin: Vulnerability affecting IBM Network Performance Insight (CVE-2019-16335) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affecting-i… ∗∗∗ Security Bulletin: Oct 2019 : Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-oct-2019-multiple-vulnera… ∗∗∗ Security Bulletin: OpenSSL vulnerability affects IBM Rational Team Concert ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-aff… ∗∗∗ Security Bulletin: Oracle Outside In Technology vulnerability in Rational DOORS Next Generation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-outside-in-technol… ∗∗∗ Security Bulletin: Vulnerabilities affect IBM Network Performance Insight (CVE-2019-14379, CVE-2019-17531, CVE-2019-14439 and CVE-2019-14540) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-ib… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Digital Payments ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Red Hat Virtualization: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0132 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.02.2020
by Daily end-of-shift report 13 Feb '20

13 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 12-02-2020 18:00 − Donnerstag 13-02-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Microsoft Urges Exchange Admins to Disable SMBv1 to Block Malware ∗∗∗ --------------------------------------------- Microsoft is recommending administrators disable the SMBv1 network communication protocol on Exchange servers to provide better protection against malware threats and attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-urges-exchange-ad… ∗∗∗ VU#597809: IBM ServeRAID Manager exposes unauthenticated Java Remote Method Invocation (RMI) service ∗∗∗ --------------------------------------------- Impact: An unauthenticated remote attacker can execute arbitrary code on a vulnerable system, with SYSTEM privileges on Microsoft Windows. Solution: ServeRAID Manager is no longer supported and we do not expect IBM to release fixes. --------------------------------------------- https://kb.cert.org/vuls/id/597809 ∗∗∗ How to escalate privileges and steal secrets in Google Cloud Platform ∗∗∗ --------------------------------------------- The problem? There just isnt a lot of information available about GCP written from an attackers perspective. We set out to learn as much as we could about Google Cloud and how an attacker might work to abuse common design decisions --------------------------------------------- https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileg… ∗∗∗ From S3 bucket to Laravel unserialize RCE ∗∗∗ --------------------------------------------- TLDR: Anyone who have access to the app key can both impersonate other users and, if enabled, make the application deserialize arbitrary data. --------------------------------------------- https://blog.truesec.com/2020/02/12/from-s3-bucket-to-laravel-unserialize-r… ∗∗∗ Tipps für die Sicherheit Ihrer E-Mail-Adressen ∗∗∗ --------------------------------------------- Immer wieder erreichen die Watchlist Internet Meldungen verzweifelter KonsumentInnen zu Problemen mit ihren E-Mail-Accounts. So kann es zur Übernahme von Mail-Adressen oder Hacks kommen. Auch vergessene Passwörter, Sicherheitsfragen oder verdächtige Aktivitäten führen häufig zu Schwierigkeiten. --------------------------------------------- https://www.watchlist-internet.at/news/tipps-fuer-die-sicherheit-ihrer-e-ma… ∗∗∗ Wireshark Tutorial: Examining Qakbot Infections ∗∗∗ --------------------------------------------- Brad Duncan is back with a new Wireshark tutorial. This one examines a recent infection of Qakbot (AKA Qbot), which is an information stealer, so security pros can better understand its traffic patterns for detecting and investigating in the future. The post Wireshark Tutorial: Examining Qakbot Infections appeared first on Unit42. --------------------------------------------- https://unit42.paloaltonetworks.com/tutorial-qakbot-infection/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (dovecot, firefox, ksh, and webkit2gtk), Debian (firefox-esr and openjdk-8), Mageia (exiv2, flash-player-plugin, python-waitress, and vim and neovim), openSUSE (pcp and rubygem-rack), Oracle (kernel), Red Hat (sudo), and Slackware (libarchive). --------------------------------------------- https://lwn.net/Articles/812389/ ∗∗∗ Security Bulletin: CVE-2019-4666 IBM UrbanCode Deploy (UCD) could allow a local user to obtain sensitive information by unmasking certain secure values in documents. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4666-ibm-urbanco… ∗∗∗ Security Bulletin: vulnerabilities in Nimbus JOSE+JWT affect IBM Watson Machine Learning Accelerator 1.2.1 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-nimbus… ∗∗∗ Security Bulletin: Authentication bypass in IBM Tivoli Monitoring Service console ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-authentication-bypass-in-… ∗∗∗ Security Bulletin: OpenSSL vulnerability affects IBM Rational Team Concert ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-aff… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: CVE-2019-4666 IBM UrbanCode Build (UCB) could allow a local user to obtain sensitive information by unmasking certain secure values in documents. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4666-ibm-urbanco… ∗∗∗ Security Bulletin: CVE-2019-0199 The HTTP/2 implementation in embded Apache Tomcat Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-0199-the-http-2-… ∗∗∗ Security Bulletin: IBM Tivoli Monitoring Basic Services component (CVE-2019-15903) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-bas… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.02.2020
by Daily end-of-shift report 12 Feb '20

12 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 11-02-2020 18:00 − Mittwoch 12-02-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Jenkins servers can be abused for DDoS attacks ∗∗∗ --------------------------------------------- DDoS attacks can reach an amplification factor of 100, but servers will crash very quickly. --------------------------------------------- https://www.zdnet.com/article/jenkins-servers-can-be-abused-for-ddos-attack… ===================== = Vulnerabilities = ===================== ∗∗∗ Intel Releases Security Updates ∗∗∗ --------------------------------------------- Intel has released security updates to address vulnerabilities in multiple products. * RWC3 Advisory INTEL-SA-00341 * MPSS Advisory INTEL-SA-00340 * RWC2 Advisory INTEL-SA-00339 * SGX SDK Advisory INTEL-SA-00336 * CSME Advisory INTEL-SA-00307 * Renesas Electronics USB 3.0 Driver Advisory INTEL-SA-00273 --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2020/02/11/intel-releases-sec… ∗∗∗ Patchday: Microsoft schließt Zero-Day-Lücke in Internet Explorer ∗∗∗ --------------------------------------------- Seit Januar gibt es Attacken auf Internet Explorer. Dem schiebt Microsoft nun einen Riegel vor. Außerdem gibt es Sicherheitsupdates für Windows & Co. --------------------------------------------- https://heise.de/-4658554 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (spice-gtk), Debian (libemail-address-list-perl), openSUSE (chromium, libqt5-qtbase, nginx, systemd, and wicked), Oracle (spice-gtk), Slackware (firefox and thunderbird), and Ubuntu (libexif and Yubico PIV Tool). --------------------------------------------- https://lwn.net/Articles/812293/ ∗∗∗ Red Hat OpenShift Service Mesh: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- Die Red Hat OpenShift Container Platform bietet Unternehmen die Möglichkeit der Steuerung ihrer Kubernetes Umgebungen. Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift Service Mesh ausnutzen, um Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0120 ∗∗∗ 2020-02-12: Vulnerability in ABB Asset Suite - Direct Object Reference ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&Lan… ∗∗∗ 2020-02-12: Vulnerabilities in ABB eSOMS ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&Lan… ∗∗∗ Wordpress Plugin: GDPR Cookie Consent < 1.8.3 - Improper Access Controls ∗∗∗ --------------------------------------------- https://wordpress.org/plugins/cookie-law-info/ ∗∗∗ Security Advisory - Dangling Pointer Reference Vulnerability in Some Huawei Firewall Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200212-… ∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Firewall Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200212-… ∗∗∗ Security Advisory - Denial of Service Vulnerability in Some Huawei Firewall Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200212-… ∗∗∗ Security Advisory - Small OOB Read Vulnerability in Huawei Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200212-… ∗∗∗ Security Advisory - Double Free Memory Vulnerability in Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200212-… ∗∗∗ Security Advisory - Denial of Service Vulnerability in Huawei Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200212-… ∗∗∗ Security Advisory - Input Validation Vulnerability in Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200212-… ∗∗∗ Security Bulletin: OpenSSL vulnerabilites (CVE-2019-1552) impacting IBM Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop 3.9.1 and earlier ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-cv… ∗∗∗ Security Bulletin: Security Vulnerability in Expat affects IBM Netezza Analytics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in… ∗∗∗ Security Bulletin: OpenSSL vulnerabilites (CVE-2019-1563, CVE-2019-1547) impacting IBM Aspera High-Speed Transfer Server 3.9.1, Aspera High-Speed Transfer Endpoint, Aspera Desktop Client 3.9.1 and earlier ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-cv… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP NonStop ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities affect Rational Publishing Engine ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Cognos Controller 2020Q1 Security Updater: Multiple Security Vulnerabilities have been identified in IBM Cognos Controller ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-controller-202… ∗∗∗ Security Bulletin: Curl vulnerabilities CVE-2019-5443 impact IBM Aspera High-Speed Transfer Server, IBM Aspera High-Speed Transfer Client, IBM Aspera Desktop Client 3.9.1 and earlier ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-curl-vulnerabilities-cve-… ∗∗∗ Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache… ∗∗∗ Security Bulletin: OpenSSL vulnerabilites impacting Aspera High-Speed Transfer Server, Aspera Desktop Client 3.9.1 and earlier (CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-im… ∗∗∗ Security Bulletin: OpenSSL vulnerabilites impacting Aspera High-Speed Transfer Server, Aspera Desktop Client 3.9.1 and earlier (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-im… ∗∗∗ Red Hat Quay: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0119 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.02.2020
by Daily end-of-shift report 11 Feb '20

11 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Montag 10-02-2020 18:00 − Dienstag 11-02-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Fake-Abmahnungen im Namen echter Kanzleien mit Schadsoftware ∗∗∗ --------------------------------------------- Zahlreiche Internet-UserInnen und Website-BetreiberInnen erhalten derzeit vermeintliche Abmahnschreiben wegen angeblicher Urheberrechtsverletzungen im Namen echter Anwaltskanzleien. Kriminelle geben sich beispielsweise als Kanzlei Böhmert und Böhmert oder Kanzlei Wilde Beuger Solmecke aus. Die Schreiben sind gefälscht und enthalten Downloadlinks mit gefährlicher Schadsoftware! --------------------------------------------- https://www.watchlist-internet.at/news/fake-abmahnungen-im-namen-echter-kan… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Framemaker (APSB20-04), Adobe Acrobat and Reader (APSB20-05), Adobe Flash Player (APSB20-06), Adobe Digital Edition (APSB20-07) and Adobe Experience Manager (APSB20-08). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1830 ∗∗∗ Mozilla Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2020/02/11/mozilla-releases-s… ∗∗∗ FortiAP-S/W2 system files overwrite through tcpdump CLI command ∗∗∗ --------------------------------------------- An improper input validation (CWE-20) vulnerability in FortiAP-S/W2 CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump CLI commands. --------------------------------------------- https://fortiguard.com/psirt/FG-IR-19-298 ∗∗∗ FortiAP system command injection through ifconfig command ∗∗∗ --------------------------------------------- A system command injection vulnerability in the FortiAP CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands. --------------------------------------------- https://fortiguard.com/psirt/%20FG-IR-19-209 ∗∗∗ SAP Security Patch Day – February 2020 ∗∗∗ --------------------------------------------- On 11th of February 2020, SAP Security Patch Day saw the release of 13 Security Notes. There are 2 updates to previously released Patch Day Security Notes. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (checkstyle), Fedora (poppler), Oracle (kernel), Red Hat (389-ds:1.4, java-1.7.1-ibm, java-1.8.0-ibm, nss-softokn, and spice-gtk), and Scientific Linux (spice-gtk). --------------------------------------------- https://lwn.net/Articles/812219/ ∗∗∗ Flaws in Accusoft ImageGear Expose Users to Remote Attacks ∗∗∗ --------------------------------------------- Critical vulnerabilities addressed in the Accusoft ImageGear library could be exploited by remote attackers to execute code on a victim machine, Cisco Talos’ security researchers report. read more --------------------------------------------- https://www.securityweek.com/flaws-accusoft-imagegear-expose-users-remote-a… ∗∗∗ SSA-986695 (Last Update: 2020-02-11): Information Disclosure Vulnerability in the OZW Web Server ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-986695.txt ∗∗∗ SSA-978558 (Last Update: 2020-02-11): Insufficient Logging Vulnerability in SIPORT MP ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-978558.txt ∗∗∗ SSA-974843 (Last Update: 2020-02-11): Denial-of-Service Vulnerability in SIPROTEC 4 and SIPROTEC Compact Relay Families ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-974843.txt ∗∗∗ SSA-951513 (Last Update: 2020-02-11): Clickjacking Vulnerability in SCALANCE X-300, X-200IRT, and X-200 Switch Families ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-951513.txt ∗∗∗ SSA-940889 (Last Update: 2020-02-11): Vulnerabilities in the embedded FTP server of SIMATIC CP 1543-1 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-940889.txt ∗∗∗ SSA-780073 (Last Update: 2020-02-11): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-780073.txt ∗∗∗ SSA-750824 (Last Update: 2020-02-11): Denial-of-Service Vulnerability in Profinet Devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-750824.txt ∗∗∗ SSA-591405 (Last Update: 2020-02-11): Web Vulnerabilities in SCALANCE S-600 family ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-591405.txt ∗∗∗ SSA-431678 (Last Update: 2020-02-11): Denial-of-Service Vulnerability in SIMATIC S7 CPU Families ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-431678.txt ∗∗∗ SSA-398519 (Last Update: 2020-02-11): Vulnerabilities in Intel CPUs (November 2019) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-398519.txt ∗∗∗ SSA-270778 (Last Update: 2020-02-11): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-270778.txt ∗∗∗ SSA-978220 (Last Update: 2020-02-11): Denial-of-Service Vulnerability over SNMP in Multiple Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-978220.txt ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server (CVE-2020-2593, CVE-2020-2583, CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2020-2593, CVE-2020-2583, CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Content Navigator is vulnerable to Server Side Request Forgery (SSRF) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-… ∗∗∗ Symantec Endpoint Protection: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0111 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.02.2020
by Daily end-of-shift report 10 Feb '20

10 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 07-02-2020 18:00 − Montag 10-02-2020 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ KBOT: sometimes they come back ∗∗∗ --------------------------------------------- We recently discovered malware that spread through injecting malicious code into Windows executable files; in other words, a virus. It is the first “living” virus in recent years that we have spotted in the wild. We named it KBOT. --------------------------------------------- https://securelist.com/kbot-sometimes-they-come-back/96157/ ∗∗∗ Emotet: Erster Hase-Igel-Loop für EmoCheck ∗∗∗ --------------------------------------------- Eine neue Emotet-Version machte ein erstes Update des Erkennungs-Tools EmoCheck fällig. --------------------------------------------- https://heise.de/-4656609 ∗∗∗ Dangerous Domain Corp.com Goes Up for Sale ∗∗∗ --------------------------------------------- As an early domain name investor, Mike OConnor had by 1994 snatched up several choice online destinations, including bar.com, cafes.com, grill.com, place.com, pub.com and television.com. Some he sold over the years, but for the past 26 years OConnor refused to auction perhaps the most sensitive domain in his stable -- corp.com. --------------------------------------------- https://krebsonsecurity.com/2020/02/dangerous-domain-corp-com-goes-up-for-s… ∗∗∗ Betrügerisches Raiffeisen SMS im Umlauf ∗∗∗ --------------------------------------------- Zahlreiche HandynutzerInnen empfangen aktuell angeblich eine SMS von der Raiffeisenbank. Die Funktion pushTAN sei nicht aktiviert. Um das Problem zu beheben, werden Sie aufgefordert, einem Link zu folgen. Klicken Sie nicht auf den Link, Sie gelangen auf eine gefälschte Raiffeisen-Login-Seite. Kriminelle stehlen Ihre Zugangsdaten und Ihre Telefonnummer. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerisches-raiffeisen-sms-im-um… ===================== = Vulnerabilities = ===================== ∗∗∗ Tutor LMS < 1.5.3 - Cross-Site Request Forgery (CSRF) ∗∗∗ --------------------------------------------- Tutor LMS WordPress plugin is vulnerable to Cross-Site Request Forgery (CSRF) attacks. --------------------------------------------- https://wpvulndb.com/vulnerabilities/10058 ∗∗∗ Geschlossene Lücke: Dell SupportAssist Client könnte Schadcode laden ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für Dell SupportAssist for business PCs und Dell SupportAssist for home PCs. --------------------------------------------- https://heise.de/-4656474 ∗∗∗ Sicherheitsupdate: Wiki-Software Confluence unter Windows angreifbar ∗∗∗ --------------------------------------------- Angreifer könnten die Windows-Version von Confluence attackieren und sich gegebenenfalls höhere Nutzerrechte verschaffen. --------------------------------------------- https://heise.de/-4656770 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ipmitool, libexif, and ppp), Fedora (glib2, java-1.8.0-openjdk, java-11-openjdk, libasr, libuv, mingw-gdk-pixbuf, mingw-SDL2, nethack, nghttp2, nodejs, nodejs-mixin-deep, nodejs-set-value, nodejs-yarn, opensmtpd, python-feedgen, runc, samba, sox, and texlive-base), Mageia (chromium-browser-stable, mgetty, openslp, qtbase5, spamassassin, sudo, and xmlrpc), openSUSE (ceph and chromium), Oracle (grub2 and kernel), SUSE (docker-runc, LibreOffice, docker-runc, wicked), Ubuntu (libxml2, qtbase-opensource-src) --------------------------------------------- https://lwn.net/Articles/812118/ ∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200207-… ∗∗∗ Security Bulletin: Aspera Web Shares application is affected by NGINX Vulnerabilities (CVE-2018-16845, CVE-2018-16843, CVE-2019-7401) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-shares-applica… ∗∗∗ Security Bulletin: Aspera Web Applications (Faspex, Console, Shares) are affected by Apache Vulnerabilities (CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10098), ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-applications-f… ∗∗∗ Security Bulletin: Aspera Web Applications (Faspex, Console) are affected by Apache Vulnerabilities (CVE-2019-0196, CVE-2019-0197, CVE-2019-0215, CVE-2019-0217, CVE-2019-0220) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-applications-f… ∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (February 2020v1) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server January 2020 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Aspera Web Application (Faspex, Console, Orchestrator, Shares) are affected by Apache vulnerabilities (CVE-2019-9517, CVE-2019-10097) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-application-fa… ∗∗∗ Security Bulletin: Aspera Web Faspex application is affected by OpenSSL Vulnerability (CVE-2019-1552) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-faspex-applica… ∗∗∗ Security Bulletin: IBM Aspera WebApps (Shares, Faspex, Console, Orchestrator) and products are affected by OpenSSL Vulnerability (CVE-ID: CVE-2019-1543) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-webapps-shares… ∗∗∗ HPESBHF03978 rev.2 - HPE Superdome Flex Server, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily