- Daily - CERT.at

Tageszusammenfassung - 19.08.2020
by Daily end-of-shift report 19 Aug '20

19 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 18-08-2020 18:00 − Mittwoch 19-08-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ FritzFrog malware attacks Linux servers over SSH to mine Monero ∗∗∗ --------------------------------------------- A sophisticated botnet campaign named FritzFrog has been discovered breaching SSH servers around the world, since at least January 2020. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fritzfrog-malware-attacks-li… ∗∗∗ Example of Word Document Delivering Qakbot, (Wed, Aug 19th) ∗∗∗ --------------------------------------------- Qakbot is back on stage at the moment! Many security companies already reported some peaks of activity around this malware. On my side, I also spotted several samples. The one that I'll cover today has been reported by one of our readers (thanks to him) and deserves a quick analysis of the obfuscation used by the attackers. It is not available on VT at this time (SHA256:507312fe58352d75db057aee454dafcdce2cdac59c0317255e30a43bfa5dffbc) --------------------------------------------- https://isc.sans.edu/diary/rss/26482 ∗∗∗ CDN-Filestore Credit Card Stealer for Magento ∗∗∗ --------------------------------------------- During a website remediation, we recently discovered a new version of a Magento credit card stealer which sends all compromised data to the malicious domain cdn-filestore[dot]com. My colleague Luke Leal originally wrote about this malware in a blog post earlier this year. Malware Evolution & Evasive Techniques One primary difference between this new version and theone Luke wrote about in April is that it was not packed. This detail suggests that the attackers updated the malware in an [...] --------------------------------------------- https://blog.sucuri.net/2020/08/cdn-filestore-credit-card-stealer-for-magen… ∗∗∗ Voice Phishers Targeting Corporate VPNs ∗∗∗ --------------------------------------------- The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers networks. But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees. --------------------------------------------- https://krebsonsecurity.com/2020/08/voice-phishers-targeting-corporate-vpns/ ∗∗∗ Angriff der Insta‑Klone ∗∗∗ --------------------------------------------- Unser Autor macht den Test: Mit einem geklonten Social-Media-Account und psychologischem Geschick lassen sich seine Kontakte ausnutzen und Betrügen. Vorsicht ist angesagt. --------------------------------------------- https://www.welivesecurity.com/deutsch/2020/08/18/angriff-der-insta-klone/ ∗∗∗ 10 WordPress Security Mistakes You Might Be Making ∗∗∗ --------------------------------------------- Yesterday, August 18, 2020, the Wordfence Live team covered 10 WordPress Security Mistakes You Might be Making. This companion blog post reviews the recommendations we provided to avoid these mistakes and better secure your WordPress environment. --------------------------------------------- https://www.wordfence.com/blog/2020/08/10-wordpress-security-mistakes-you-m… ∗∗∗ Ongoing Campaign Uses HTML Smuggling for Malware Delivery ∗∗∗ --------------------------------------------- An ongoing cybercrime campaign is employing a technique known as HTML smuggling to deliver malware onto the victim’s machine, Menlo Security reports. Referred to as Duri, the campaign started in early July and continues to date, attempting to evade network security solutions, including proxies and sandboxes, to deliver malicious code. --------------------------------------------- https://www.securityweek.com/ongoing-campaign-uses-html-smuggling-malware-d… ∗∗∗ Zahlreiche Meldungen zu hilufon.de, applefy.de und coyshop.de ∗∗∗ --------------------------------------------- Auf den unterschiedlichen Websites der appl handels ug werden und wurden diverse iPhone Modelle angeboten. Es handelt sich dabei um gebrauchte Geräte. Zahlreiche InternetuserInnen wenden sich jedoch an die Watchlist Internet und klagen über ausbleibende oder stark verspätete Lieferungen und andere Probleme mit dem Anbieter. Auch auf Bewertungsportalen zeigt sich ein ähnliches Bild. --------------------------------------------- https://www.watchlist-internet.at/news/zahlreiche-meldungen-zu-hilufonde-ap… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (imagemagick and ruby-websocket-extensions), Fedora (libetpan, LibRaw, and php), Gentoo (nss), Mageia (apache, ark, clamav, claws-mail, dovecot, firefox, firejail, freerdp, golang, jasper, kernel, libssh, libx11, postgresql-jdbc, python-rstlib, radare2, roundcubemail, squid, targetcli, thunderbird, tomcat, and x11-server), Red Hat (rh-mysql80-mysql), SUSE (dovecot22, freerdp, libvirt, and postgresql12), and Ubuntu (curl and linux-hwe, linux-azure-5.3, [...] --------------------------------------------- https://lwn.net/Articles/829102/ ∗∗∗ Vulnerability in Thales Product Could Expose Millions of IoT Devices to Attacks ∗∗∗ --------------------------------------------- Security researchers at IBM have discovered a potentially serious vulnerability in a communications module made by Thales for IoT devices. Millions of devices could be impacted, but the vendor released a patch six months ago. --------------------------------------------- https://www.securityweek.com/vulnerability-thales-product-could-expose-mill… ∗∗∗ Security Advisory - Denial of Service Vulnerability in SmartPhone Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200819-… ∗∗∗ Security Bulletin: Vulnerability identified in docker for Red Hat Enterprise Linux ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-identified-… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to IBM WebSphere Application Server Liberty vulnerabilities (CVE-2020-4303, CVE-2020-4304) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Elastic Storager Server GUI where authorised user can execute unauthorized function (CVE-2020-4378) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Private – OpenSSL (CVE-2019-1551) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to a Kubernetes vulnerability (CVE-2019-11254) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: Vulnerability in GNU gettext affects IBM Spectrum Protect Plus (CVE-2018-18751) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-gnu-gett… ∗∗∗ Security Bulletin: IBM Elastic Storage Server GUI is affected by cross-site scripting (CVE-2020-4358) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-serve… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-17573) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cloud Private ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.08.2020
by Daily end-of-shift report 18 Aug '20

18 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Montag 17-08-2020 18:00 − Dienstag 18-08-2020 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Cryptojacking worm steals AWS credentials from Docker systems ∗∗∗ --------------------------------------------- According to researchers at Cado Security this is the first-ever worm that comes with AWS credential theft functionality on top of run-of-the-mill cryptomining modules. This botnet uses already infected servers to execute an open-source masscan IP port scanner instance that scans for exposed Docker APIs (and Kubernetes systems as later discovered), installing itself in new containers on any misconfigured servers it finds. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cryptojacking-worm-steals-aw… ∗∗∗ E-Mail: Gefährliche Mailto-Links können Daten stehlen ∗∗∗ --------------------------------------------- Dieses Feature für Dateianhänge ist nicht Teil der Standardspezifikation für Mailto-Links. Es handelt sich um eine inoffizielle Erweiterung, die von einigen Mailprogrammen genutzt wird. Laut der Veröffentlichung wird das Feature in Kmail und Evolution unterstützt, die Standardmailprogramme der Linux-Desktopumgebungen KDE und Gnome. Auch IBM Notes unterstützen das Feature. Thunderbird ist zwar selbst nicht betroffen, kann aber verwundbar sein, wenn die Verarbeitung der Mailto-Links über das Tool xdg-open erfolgt. --------------------------------------------- https://www.golem.de/news/e-mail-gefaehrliche-mailto-links-koennen-daten-st… ∗∗∗ Pre-announcement of five BIND security issues scheduled for disclosure 20 August 2020 ∗∗∗ --------------------------------------------- We therefore are writing to inform you that the August BIND maintenance releases that will be released on Thursday, 20 August, contain patches for five separate vulnerabilities. Further details about the vulnerabilities will be publicly disclosed at the time the releases are published on Thursday. --------------------------------------------- https://lists.isc.org/pipermail/bind-announce/2020-August/001161.html ∗∗∗ Online- Anlagen- und Investitionsbetrug floriert ∗∗∗ --------------------------------------------- Laufend treten von Investitionsbetrug betroffene Konsumentinnen und Konsumenten an die Watchlist Internet heran. Die Methoden der Kriminellen sind dabei fast immer die gleichen. Erfundene Werbeschaltungen, hohe Gewinnversprechen und persönliche Betreuung verleiten die Opfer zu großen Investitionen. Im Endergebnis führt dies zu mitunter existenzbedrohenden Schadenssummen. --------------------------------------------- https://www.watchlist-internet.at/news/online-anlagen-und-investitionsbetru… ===================== = Vulnerabilities = ===================== ∗∗∗ Rocket.Chat Cross-Site Scripting leading to Remote Code Execution CVE-2020-15926 ∗∗∗ --------------------------------------------- A malicious user can send a specially crafted message either to a channel or in a direct message to another user which will result in executing JavaScript in the victim's browser or inside the desktop client when the victim will use the 'Reply in Thread' functionality. In the case of desktop clients cross-site scripting (XSS) vulnerability leads to a remote code execution (RCE) --------------------------------------------- https://blog.redteam.pl/2020/08/rocket-chat-xss-rce-cve-2020-15926.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (sane-backends), Fedora (kernel, LibRaw, and wob), openSUSE (balsa, hylafax+, postgresql, postgresql96, postgresql10, postgresql12, and postgresql96, postgresql10 and postgresql12), Oracle (.NET Core 3.1), Red Hat (bash and bind), SUSE (dovecot23, firefox, fwupd, postgresql10, postgresql12, python-azure-agent, and zabbix), and Ubuntu (ark, gnome-shell, libonig, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon, linux-gke-5.0, linux-oem-osp1 and software-properties). --------------------------------------------- https://lwn.net/Articles/829030/ ∗∗∗ Vulnerability Allowing Full Server Takeover Found in Concrete5 CMS ∗∗∗ --------------------------------------------- The issue was identified in Concrete5 version 8.5.2, which essentially allowed an attacker to modify site configuration and upload a PHP file onto the server, thus gaining arbitrary command execution capabilities. --------------------------------------------- https://www.securityweek.com/vulnerability-allowing-full-server-takeover-fo… ∗∗∗ Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update ∗∗∗ --------------------------------------------- Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could result in a number of security issues  --------------------------------------------- https://support.citrix.com/article/CTX276688 ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: IBM Elastic Storage Server is affected by a vulnerability where an unprivileged user could execute commands as root ( CVE-2020-4273) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-serve… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: IBM Elastic Storage Server GUI is affected by verbose error messages being displayed. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-serve… ∗∗∗ Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache… ∗∗∗ Security Bulletin: Incorrect permissions on IBM Spectrum Protect Plus agent files (CVE-2020-4631) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-incorrect-permissions-on-… ∗∗∗ Security Bulletin: A vulnerability in an older version of a Batik plugin that is included in IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-an-old… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Elastic Storage Server GUI where an unauthorised user can execute commands (CVE-2020-4348) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.08.2020
by Daily end-of-shift report 17 Aug '20

17 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 14-08-2020 18:00 − Montag 17-08-2020 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Microsoft fixes actively exploited Windows bug reported 2 years ago ∗∗∗ --------------------------------------------- Microsoft fixed a Windows security vulnerability two years after it was reported. This articles provides greater detail about the bug and how it works.(CVE-2020-1464) --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-fixes-actively-exp… ∗∗∗ Potential Apache Struts 2 RCE flaw fixed, PoCs released ∗∗∗ --------------------------------------------- Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability (CVE-2019-0230) and PoC exploits for it have been published. --------------------------------------------- https://www.helpnetsecurity.com/2020/08/17/cve-2019-0230/ ∗∗∗ RevoLTE: Telefonanrufe ließen sich trotz Verschlüsselung abhören ∗∗∗ --------------------------------------------- Sicherheitsforscher zeigen grundlegendes Defizit auf – Mobilfunker haben angeblich bereits nachgebessert --------------------------------------------- https://www.derstandard.at/story/2000119401327/revolte-telefonanrufe-liesse… ∗∗∗ Goodbye EmoCrash - Schwachstelle in Emotet gefixed ∗∗∗ --------------------------------------------- Eine Schwachstelle im Code von Emotet ("EmoCrash" genannt) wurde seit geraumer Zeit in der Security Community als Präventionsmaßnahme gegenEmotet Infektionen verteilt. Die bisher einer breiten Öffentlichkeit nicht bekannte Schwachstelle in der Installationsroutine von Emotet konnte wirksamen Schutz vor einer Infektion bieten, in dem ein Buffer Overflow im Code dieser Routine ausgenutzt wurde um Emotet abstürzen zu lassen. --------------------------------------------- https://cert.at/de/aktuelles/2020/8/godbye-emocrash-schwachstelle-in-emotet… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (squid3), Fedora (lilypond and python3), openSUSE (xen), SUSE (libreoffice, libvirt, webkit2gtk3, xen, and xerces-c), and Ubuntu (apache2). --------------------------------------------- https://lwn.net/Articles/828811/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dovecot, htmlunit, jruby, libetpan, lucene-solr, net-snmp, and posgresql-9.6), Fedora (firefox, nss, qt, and thunderbird), Mageia (glib-networking, mumble, webkit2, and znc), openSUSE (balsa, chromium, firejail, hylafax+, libreoffice, libX11, perl-XML-Twig, thunderbird, wireshark, and xrdp), Red Hat (libvncserver), SUSE (libvirt and perl-PlRPC), and Ubuntu (dovecot and salt). --------------------------------------------- https://lwn.net/Articles/828945/ ∗∗∗ Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential information disclosure id 177835 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-man… ∗∗∗ Security Bulletin: LDAP vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ldap-vulnerability-affect… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.08.2020
by Daily end-of-shift report 14 Aug '20

14 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 13-08-2020 18:00 − Freitag 14-08-2020 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Definition of overkill - using 130 MB executable to hide 24 kB malware, (Fri, Aug 14th) ∗∗∗ --------------------------------------------- One of our readers, Lukas, shared an unusual malicious executable with us earlier this week - one that was 130 MB in size. Making executables extremely large is not an uncommon technique among malware authors[1], as it allows them to easily avoid detection by most AV solutions, since the size of files which AVs will check is usually fairly low (tens of megabytes at most). --------------------------------------------- https://isc.sans.edu/diary/rss/26464 ∗∗∗ XCSSET: Mac-Malware infiziert Xcode-Projekte ∗∗∗ --------------------------------------------- Der Schädling setzt auf 0-day-Exploits, um Nutzerdaten zu klauen. Manipulierte Xcode-Projekte finden über Github Verbreitung, warnt eine Sicherheitsfirma. --------------------------------------------- https://heise.de/-4870987 ∗∗∗ Chrome extensions that lie about their permissions ∗∗∗ --------------------------------------------- Users have learned to review the list of permissions Chrome extensions require before installing them from the webstore. But whats the use if they lie to you? --------------------------------------------- https://blog.malwarebytes.com/puppum/2020/08/chrome-extensions-that-lie-abo… ∗∗∗ Vorsicht vor Handwerks-Notdiensten mit der Telefonnummer 06608643901! ∗∗∗ --------------------------------------------- Bei einem Wasserrohrbruch, einem Gasgebrechen oder bei einem Stromausfall, muss meist schnell eine Expertin oder ein Experte her. Für die Überprüfung eines Installations- oder Elektrik-Notdienstes bleibt da oft keine Zeit mehr. Das nützen unseriöse Unternehmen aus: Sie bieten online einen Notdienst an, kommen auch tatsächlich, aber stellen im Nachhinein viel zu überhöhte Kosten in Rechnung. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-handwerks-notdiensten-m… ∗∗∗ Mekotio: These aren’t the security updates you’re looking for… ∗∗∗ --------------------------------------------- Another in our occasional series demystifying Latin American banking trojans The post Mekotio: These aren’t the security updates you’re looking for… appeared first on WeLiveSecurity --------------------------------------------- https://www.welivesecurity.com/2020/08/13/mekotio-these-arent-the-security-… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Microsofts Multi-Faktor-Authentifizierung umgangen ∗∗∗ --------------------------------------------- Eigentlich sollten Microsofts Onlinedienste mit Fido-Stick und PIN geschützt sein - doch zwei Entwickler konnten die PIN-Abfrage umgehen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-microsofts-multi-faktor-authent… ∗∗∗ Critical Vulnerabilities Patched in Quiz and Survey Master Plugin ∗∗∗ --------------------------------------------- On July 17, 2020, our Threat Intelligence team discovered two vulnerabilities in Quiz and Survey Master (QSM), a WordPress plugin installed on over 30,000 sites. These flaws made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution, as well as delete arbitrary files like a site’s wp-config.php file [...] --------------------------------------------- https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime may affect Tivoli Netcool Performance Manager for Wireless,Oracle January 2020 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: jackson-databind (Publicly disclosed vulnerability) found in Network Performance Insight (CVE-2020-8840) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-publicly… ∗∗∗ Security Bulletin: Netcool Operations Insight – Cloud Native Event Analytics is affected by a International Components for Unicode (ICU) for C/C++ vulnerability (CVE-2020-10531) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insigh… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio July 2020 CPU plus deferred CVE-2019-2590 and CVE-2020-2601 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A vulnerability exists in the Event Streams 10.0.0 schema registry that allows unauthorised access to create, edit and delete schemas (CVE-2020-4662) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4589) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Apache Struts: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0824 ∗∗∗ PostgreSQL: Mehrere Schwachstellen ermöglichen Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0825 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.08.2020
by Daily end-of-shift report 13 Aug '20

13 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 12-08-2020 18:00 − Donnerstag 13-08-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Avaddon: The Latest RaaS (Ransomware-as-a-Service) to Jump on the Extortion Bandwagon ∗∗∗ --------------------------------------------- As of August 8th, Avaddon ransomware authors launched an extortion site in an effort to further incentivize victims to pay the ransom. Tarik Saleh dissects this ransomware, analyzes victimology, and provides more details on the extortion site. --------------------------------------------- https://www.domaintools.com/resources/blog/avaddon-the-latest-raas-to-jump-… ∗∗∗ MMS Exploit Part 5: Defeating Android ASLR, Getting RCE ∗∗∗ --------------------------------------------- Posted by Mateusz Jurczyk, Project Zero. This post is the fifth and final of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-5-defeating… ∗∗∗ To the Brim at the Gates of Mordor Pt. 1, (Wed, Aug 12th) ∗∗∗ --------------------------------------------- Search & Analyze Mordor APT29 PCAPs with Brim --------------------------------------------- https://isc.sans.edu/diary/rss/26456 ∗∗∗ Color by numbers: inside a Dharma ransomware-as-a-service attack ∗∗∗ --------------------------------------------- Dharma, a family of ransomware first spotted in 2016, continues to be a threat to many organizations—especially small and medium-sized businesses. Part of the reason for its longevity is that its variants have become the basis for ransomware-as-a-service (RaaS) operations. --------------------------------------------- https://news.sophos.com/en-us/2020/08/12/color-by-numbers-inside-a-dharma-r… ∗∗∗ Attribution: A Puzzle ∗∗∗ --------------------------------------------- The attribution of cyber attacks is hard. It requires collecting diverse intelligence, analyzing it and deciding who is responsible. Rarely does the evidence available to researchers reach a level of proof that would be acceptable in a court of law. Nevertheless, the private sector rises to the challenge to attempt to associate cyber attacks to threat actors using the intelligence available to them. --------------------------------------------- https://blog.talosintelligence.com/2020/08/attribution-puzzle.html ∗∗∗ Kriminelle versuchen durch seriöse Programme Schadsoftware zu verbreiten! ∗∗∗ --------------------------------------------- Die meisten Menschen vertrauen bekannten Softwareherstellerinnen und -herstellern, wenn diese eine App, ein Programm oder ein anderes Produkt aktualisieren oder ein neues Produkt auf den Markt bringen. Doch genau dieses Vertrauen nutzen Kriminelle bei sogenannten „Supply-Chain-Angriffen“ aus. --------------------------------------------- https://www.watchlist-internet.at/news/kriminelle-versuchen-durch-serioese-… ===================== = Vulnerabilities = ===================== ∗∗∗ Amazon: Sicherheitslücke konnte Alexa-Sprachbefehle verraten ∗∗∗ --------------------------------------------- Mit einem präparierten Link konnte eine Sicherheitslücke in Amazons Infrastruktur ausgenutzt und auf fremde Alexa-Daten zugegriffen werden. --------------------------------------------- https://www.golem.de/news/amazon-sicherheitsluecke-konnte-alexa-sprachbefeh… ∗∗∗ Cybercriminals Are Infiltrating Netgear Routers with Ancient Attack Methods ∗∗∗ --------------------------------------------- It would be heartening to think that cybersecurity has advanced since the 1990s, but some things never change. Vulnerabilities that some of us first saw in 1996 are still with us. --------------------------------------------- https://www.tripwire.com/state-of-security/featured/cybercriminals-infiltra… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dovecot and roundcube), Fedora (python36), Gentoo (chromium), openSUSE (ark, firefox, go1.13, java-11-openjdk, libX11, wireshark, and xen), Red Hat (bind and kernel), SUSE (libreoffice and python36), and Ubuntu (dovecot and software-properties). --------------------------------------------- https://lwn.net/Articles/828683/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (linux-4.19, linux-latest-4.19, and openjdk-8) and Fedora (ark and hylafax+). --------------------------------------------- https://lwn.net/Articles/828744/ ∗∗∗ Security Advisory - Insufficient Authentication Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200812-… ∗∗∗ Security Advisory - Code Execution Vulnerability in Fastjson Affect Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200812-… ∗∗∗ Security Bulletin: Db2 vulnerabilities affect IBM Spectrum Protect Server (CVE-2020-4230, CVE-2020-4135, CVE-2020-4204, CVE-2020-4200) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-db2-vulnerabilities-affec… ∗∗∗ Security Bulletin: Security vulnerability has been identified in BigFix Platform shipped with IBM License Metric Tool. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-ha… ∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2020-9327) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlit… ∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2020-11655, CVE-2020-11656) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlit… ∗∗∗ Security Bulletin: Apache-Log4j (Publicly disclosed vulnerability) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-publicly-dis… ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server (CVE-2020-2593, CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to path traversal (CVE-2019-4582) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center and Client Management Service (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-webs… ∗∗∗ Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: A vulnerability in Faster-XML jackson databind affects IBM Operations Analytics Predictive Insights (CVE-2019-144892, CVE-2019-144893) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-faster… ∗∗∗ Sophos XG Firewall: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0823 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.08.2020
by Daily end-of-shift report 12 Aug '20

12 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 11-08-2020 18:00 − Mittwoch 12-08-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ CEO Fraud via WhatsApp und Sprachnachrichten ∗∗∗ --------------------------------------------- CEO Fraud läuft in den meisten bekannten Fällen via E-Mail ab: Kriminelle geben sich gegenüber MitarbeiterInnen mit Überweisungsrecht als CEO/CFO/etc. aus und verlangen, dass unverzüglich und ohne Rücksprache mit anderen eine hohe Summe auf ein Bankkonto (vorzugsweise im Ausland) transferiert werden muss, um einen extrem wichtigen Deal zu fixieren. --------------------------------------------- https://cert.at/de/aktuelles/2020/8/ceo-fraud-via-whatsapp-und-sprachnachri… ∗∗∗ Mobilfunk: LTE-Anrufe ließen sich trotz Verschlüsselung abhören ∗∗∗ --------------------------------------------- Je länger das Opfer in der Leitung bleibt, desto mehr lässt sich von vorherigen Gesprächen rekonstruieren. --------------------------------------------- https://www.golem.de/news/mobilfunk-lte-anrufe-liessen-sich-trotz-verschlue… ∗∗∗ Code Injection Schwachstelle in SAP Application Server ABAP – Solution Tools Plugin ST-PI ∗∗∗ --------------------------------------------- SAP ist einer der größten Anbieter für Unternehmenssoftware weltweit. Schwere Sicherheitslücken in SAP Produkten könnten sich gravierend auf die Sicherheit von Unternehmens-IT-Infrastrukturen auswirken. --------------------------------------------- https://sec-consult.com/blog/2020/08/code-injection-schwachstelle-in-sap-ap… ∗∗∗ FIDO2 for Microsoft Online Accounts / Azure AD ∗∗∗ --------------------------------------------- Nowadays a secure password doesnt necessarily mean your account is safe. --------------------------------------------- https://sec-consult.com/en/blog/2020/08/fido2-for-microsoft-online-accounts… ∗∗∗ Hunting for SQL injections (SQLis) and Cross-Site Request Forgeries (CSRFs) in WordPress Plugins ∗∗∗ --------------------------------------------- This is a detailed overview of the bugs found while reviewing the source code of WordPress plugins. I cover 3 reported vulnerabilities (CVE-2020–5766, CVE-2020–5767 and CVE-2020–5768) which can be exploited for information disclosure and sending forged emails. --------------------------------------------- https://medium.com/tenable-techblog/hunting-for-sql-injections-sqlis-and-cr… ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: Microsoft schließt aktiv ausgenutzte Windows- und Browser-Lücken ∗∗∗ --------------------------------------------- Zum Patch Tuesday hat Microsoft unter anderem zwei kritische Sicherheitslücken geschlossen, die bereits für Angriffe missbraucht wurden. --------------------------------------------- https://heise.de/-4868224 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firmware-nonfree, golang-github-seccomp-libseccomp-golang, and ruby-kramdown), Fedora (kernel, libmetalink, and nodejs), openSUSE (go1.13, perl-XML-Twig, and thunderbird), Oracle (kernel, libvncserver, and thunderbird), Red Hat (kernel-rt and python-paunch and openstack-tripleo-heat-templates), SUSE (dpdk, google-compute-engine, libX11, webkit2gtk3, xen, and xorg-x11-libX11), and Ubuntu (nss and samba). --------------------------------------------- https://lwn.net/Articles/828554/ ∗∗∗ QNX-2020-001 Vulnerability in slinger web server Impacts BlackBerry QNX Software Development Platform ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200812-… ∗∗∗ Security Advisory - Improper Interface Design Vulnerability in Huawei Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200812-… ∗∗∗ Security Advisory - Command Injection Vulnerability in FusionCompute ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200812-… ∗∗∗ Security Bulletin: Java vulnerabilities affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerabilities-affe… ∗∗∗ Security Bulletin: A vulnerability in jQuery affects IBM WIoTP MessageGateway (CVE-2020-7656) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-jquery… ∗∗∗ Security Bulletin: IBM i2 Analysts' Notebook and IBM i2 Analysts' Notebook Premium Memory vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analysts-notebook-… ∗∗∗ Security Bulletin: OpenSLP vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openslp-vulnerability-aff… ∗∗∗ Security Bulletin: Incorrect permissions on IBM Spectrum Protect Plus agent files (CVE-2020-4631) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-incorrect-permissions-on-… ∗∗∗ Security Bulletin: Vulnerabilities in Apache Camel's JMX, Apache Camel RabbitMQ and Apache Camel Netty affects IBM Operations Analytics Predictive Insights (CVE-2020-11971, CVE-2020-11972, CVE-2020-11973) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in jQuery affect IBM WIoTP MessageGateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Network Security (NSS) vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-network-security-nss-vuln… ∗∗∗ Security Bulletin: Vulnerabilities in Netty affect IBM Netcool Agile Service Manager (CVE-2020-7238) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in jQuery affect IBM WIoTP MessageGateway (CVE-2020-11023, CVE-2020-11022) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ IPAS: Security Advisories for August 2020 ∗∗∗ --------------------------------------------- https://blogs.intel.com/technology/2020/08/ipas-security-advisories-for-aug… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.08.2020
by Daily end-of-shift report 11 Aug '20

11 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Montag 10-08-2020 18:00 − Dienstag 11-08-2020 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Upgraded Agent Tesla malware steals passwords from browsers, VPNs ∗∗∗ --------------------------------------------- New variants of Agent Tesla remote access Trojan now come with modules dedicated to stealing credentials from applications including popular web browsers, VPN software, as well as FTP and email clients. --------------------------------------------- https://www.bleepingcomputer.com/news/security/upgraded-agent-tesla-malware… ∗∗∗ SBA phishing scams: from malware to advanced social engineering ∗∗∗ --------------------------------------------- SBA loan scams continue to make the rounds targeting small business owners, CEOS, and CFOs. --------------------------------------------- https://blog.malwarebytes.com/scams/2020/08/sba-phishing-scams-from-malware… ∗∗∗ Script-Based Malware: A New Attacker Trend on Internet Explorer ∗∗∗ --------------------------------------------- Script-based malware can be appealing for attackers who want the ability to quickly and easily develop new variants to evade detection. --------------------------------------------- https://unit42.paloaltonetworks.com/script-based-malware/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Acrobat and Reader (APSB20-48) and Adobe Lightroom (APSB20-51). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1908 ∗∗∗ vBulletin fixes ridiculously easy to exploit zero-day RCE bug ∗∗∗ --------------------------------------------- A simple one-line exploit has been published for a zero-day pre-authentication remote code execution (RCE) vulnerability in the vBulletin forum software. --------------------------------------------- https://www.bleepingcomputer.com/news/security/vbulletin-fixes-ridiculously… ∗∗∗ Kritische Updates für Citrix Endpoint Management ∗∗∗ --------------------------------------------- Insgesamt 5 Lücken schließt Citrix; wer eine eigene Installation betreibt, sollte schnell patchen. --------------------------------------------- https://heise.de/-4867952 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (pillow, ruby-kramdown, wpa, and xrdp), Fedora (ark and rpki-client), Gentoo (apache, ark, global, gthumb, and iproute2), openSUSE (chromium, grub2, java-11-openjdk, libX11, and opera), Red Hat (bind, chromium-browser, java-1.7.1-ibm, java-1.8.0-ibm, and libvncserver), SUSE (LibVNCServer, perl-XML-Twig, thunderbird, and xen), and Ubuntu (samba). --------------------------------------------- https://lwn.net/Articles/828476/ ∗∗∗ iCloud for Windows 11.3 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211294 ∗∗∗ iCloud for Windows 7.20 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211295 ∗∗∗ SSA-809841: Buffer Overflow Vulnerability in Third-Party Component pppd ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-809841.txt ∗∗∗ SSA-786743: Code Injection Vulnerability in Advanced Reporting for Desigo CC and ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-786743.txt ∗∗∗ SSA-712518: Information Disclosure Vulnerability (Kr00k) in Industrial Wi-Fi ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-712518.txt ∗∗∗ SSA-388646: Local Privilege Escalation in Automation License Manager ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-388646.txt ∗∗∗ SSA-370042: Cross-Site-Scripting (XSS) in SICAM A8000 RTUs ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-370042.txt ∗∗∗ Security Bulletin: IBM Event Streams is affected by multiple Java vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: IBM Event Streams affected by multiple vulnerabilities in OpenSSL package ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-affecte… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Bind affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: IBM Event Streams is affected by multiple Node.js vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: JQuery as used by IBM QRadar Network Packet Capture is vulnerable to Cross Site Scripting (XSS) (CVE-2020-11023, CVE-2020-11022) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-by-ibm-qra… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: IBM Event Streams is affected by a vulnerability in Apache Commons Compress (CVE-2019-12402) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: IBM Event Streams is affected by a Java vulnerability (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: Information disclosure in WebSphere Liberty (CVE-2020-4329) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Libreswan affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ SAP Patchday August 2020 ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0800 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.08.2020
by Daily end-of-shift report 10 Aug '20

10 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 07-08-2020 18:00 − Montag 10-08-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ DDoS attacks in Q2 2020 ∗∗∗ --------------------------------------------- The second quarter is normally calmer than the first, but this year is an exception. The long-term downward trend in DDoS-attacks has unfortunately been interrupted, and this time we are witnessing an increase. --------------------------------------------- https://securelist.com/ddos-attacks-in-q2-2020/98077/ ∗∗∗ Scanning Activity Include Netcat Listener, (Sat, Aug 8th) ∗∗∗ --------------------------------------------- This activity started on the 5 July 2020 and has been active to this day only scanning against TCP port 81. The GET command is always the same except for the Netcat IP which has changed a few times since it started. If you have a webserver or a honeypot listening on TCP 81, this activity might be contained in your logs. --------------------------------------------- https://isc.sans.edu/diary/rss/26442 ∗∗∗ Scoping web application and web service penetration tests, (Mon, Aug 10th) ∗∗∗ --------------------------------------------- Before starting any penetration test, the most important part is to correctly scope it - this will ensure that both the clients expectations are fulfilled and that enough time is allocated to make sure that the penetration test is correctly performed. --------------------------------------------- https://isc.sans.edu/diary/rss/26448 ∗∗∗ Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts ∗∗∗ --------------------------------------------- A series of ongoing business email compromise (BEC) campaigns that uses spear-phishing schemes on Office 365 accounts has been seen targeting business executives of over 1,000 companies across the world since March 2020. The recent campaigns target senior positions in the United States and Canada. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/water-nue-campa… ∗∗∗ DEF CON 28: Introduction to ACARS ∗∗∗ --------------------------------------------- This post is a companion to the DEF CON 28 video available here: https://www.youtube.com/watch?v=NFS6qNAi0B8 What is ACARS? ACARS (Aircraft Communications Addressing and Reporting System, pronounced ‘ay-cars’) [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/introduction-to-acars/ ∗∗∗ Small and medium‑sized businesses: Big targets for ransomware attacks ∗∗∗ --------------------------------------------- Why are SMBs a target for ransomware-wielding gangs and what can they do to protect themselves against cyber-extortion? --------------------------------------------- https://www.welivesecurity.com/2020/08/07/small-medium-sized-businesses-big… ===================== = Vulnerabilities = ===================== ∗∗∗ Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28 ∗∗∗ --------------------------------------------- Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware as a sub-process of a trusted application. --------------------------------------------- https://thehackernews.com/2020/08/zoom-software-vulnerabilities.html ∗∗∗ TeamViewer: Fernwartungstool wies gefährliche Schwachstelle auf ∗∗∗ --------------------------------------------- Wer TeamViewer unter Windows länger nicht aktualisiert hat, sollte dies zügig nachholen: Eine Schwachstelle erlaubt(e) unter Umständen unbefugte Fernzugriffe. --------------------------------------------- https://heise.de/-4866337 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox, java-1.8.0-openjdk, java-11-openjdk, libvncserver, postgresql-jdbc, and thunderbird), Debian (firejail and gupnp), Fedora (cutter-re, postgresql-jdbc, radare2, and webkit2gtk3), openSUSE (chromium, firefox, kernel, and python-rtslib-fb), Oracle (container-tools:ol8, kernel, and nss and nspr), Scientific Linux (thunderbird), and SUSE (firefox, kernel, postgresql10 and postgresql12, python-ipaddress, and xen). --------------------------------------------- https://lwn.net/Articles/828309/ ∗∗∗ Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2020-4541) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-af… ∗∗∗ Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential information disclosure id 177835 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-man… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server July 2020 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Security vulnerability affects the Lifecycle Query Engine that is shipped with Jazz Reporting Service (CVE-2020-4533) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-af… ∗∗∗ Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential information disclosure id 177835 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-man… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Check Services (CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Security vulnerability affects the Lifecycle Query Engine that is shipped with Jazz Reporting Service (CVE-2020-4539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-af… ∗∗∗ Security Bulletin: Version 10.19.0 of Node.js included in IBM Netcool Operations Insight 1.6.0.x has several security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-version-10-19-0-of-node-j… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.08.2020
by Daily end-of-shift report 07 Aug '20

07 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 06-08-2020 18:00 − Freitag 07-08-2020 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücken: Millionen Smartphones mit Snapdragon-Chip verwundbar ∗∗∗ --------------------------------------------- Der DSP-Prozessor in den weit verbreiteten Snapdragon-Chips von Qualcomm enthält hunderte Sicherheitslücken. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-millionen-smartphones-mit-snap… ∗∗∗ Exploiting Android Messengers with WebRTC: Part 3 ∗∗∗ --------------------------------------------- Posted by Natalie Silvanovich, Project ZeroThis is a three-part series on exploiting messenger applications using vulnerabilities in WebRTC. CVE-2020-6514 discussed in the blog post was fixed on July 14 with these CLs.This series highlights what can go wrong when applications dont apply WebRTC patches and when the communication and notification of security issues breaks down. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messenger… ∗∗∗ Spam and phishing in Q2 2020 ∗∗∗ --------------------------------------------- In Q2 2020, the largest share of spam (51.45 percent) was recorded in April. The average percentage of spam in global email traffic was 50,18%, down by 4.43 percentage points from the previous reporting period. --------------------------------------------- https://securelist.com/spam-and-phishing-in-q2-2020/97987/ ∗∗∗ TA551 (Shathak) Word docs push IcedID (Bokbot), (Fri, Aug 7th) ∗∗∗ --------------------------------------------- I've been tracking malicious Word documents from the TA551 (Shathak) campaign This year, we've seen a lot of Valak malware from TA551, but in recent weeks this campaign has been pushing IcedID malware tp English-speaking targets. --------------------------------------------- https://isc.sans.edu/diary/rss/26438 ∗∗∗ Making the Most Out of WLAN Event Log Artifacts ∗∗∗ --------------------------------------------- If you have taken FOR500 (Windows Forensic Analysis) or utilize the FOR500 "Evidence of..." poster, you are probably familiar with the WLAN Event Log listed under the Network Activity/Physical Location section of the poster. This Windows event log (Microsoft-Windows-WLAN-AutoConfig/Operational) records wireless networks that a system has associated with as well as captures network characteristics that can be used for geolocation. In recent testing involving this artifact, a discovery was made that may have implications for investigators. I will outline a scenario that illustrates the issue and present artifacts to help solve it. --------------------------------------------- https://www.sans.org/blog/making-the-most-out-of-wlan-event-log-artifacts/ ∗∗∗ Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach ∗∗∗ --------------------------------------------- The FireEye Front Line Applied Research & Expertise (FLARE) Team attempts to always stay on top of the most current and emerging threats. As a member of the FLARE Reverse Engineer team, I recently received a request to analyze a fairly new credential stealer identified as MassLogger. Despite the lack of novel functionalities and features, this sample employs a sophisticated technique that replaces the Microsoft Intermediate Language (MSIL) at run time to hinder static analysis. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/08/bypassing-masslogger-an… ∗∗∗ Stuxnet 2.0: Forscher erwecken alten Security-Alptraum zu neuem Leben ∗∗∗ --------------------------------------------- Auf der Blackhat USA 2020 wiesen Forscher unter anderem auf eine Zero-Day-Lücke im Windows Druckerspoolerdienst hin. Ein Patch von Microsoft soll bald folgen. --------------------------------------------- https://heise.de/-4865010 ∗∗∗ Inter skimming kit used in homoglyph attacks ∗∗∗ --------------------------------------------- Threat actors load credit card skimmers using a known phishing technique called homoglyph attacks. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2020/08/inter-skimming-kit-us… ∗∗∗ WordPress Auto-Updates: What do you have to lose? ∗∗∗ --------------------------------------------- A new feature that will allow automatic updating of plugins and themes will be available in WordPress version 5.5, which is scheduled to be released on August 11, 2020. In this core release of the world’s most popular content management system, site owners will have the option to turn auto-updates on for individual plugins and themes directly from the WordPress admin dashboard. --------------------------------------------- https://www.wordfence.com/blog/2020/08/wordpress-auto-updates-what-do-you-h… ∗∗∗ Security Awareness is as valuable today as ever ∗∗∗ --------------------------------------------- A while ago I saw a tweet that initially angered me for many reasons, but then I thought about it and wondered how much effort do companies put in to awareness and training. --------------------------------------------- https://www.pentestpartners.com/security-blog/security-awareness-is-as-valu… ∗∗∗ Zahlreiche Fake-Shops locken mit günstigen Pools, Griller & Terrassenmöbel ∗∗∗ --------------------------------------------- Egal ob im eigenen Pool schwimmen, den Griller anheizen, die Pflanzen pflegen oder einfach auf der Terrasse die Sonne genießen. Sommerzeit ist Gartenzeit. Das sehen auch BetrügerInnen so. Denn derzeit melden LeserInnen der Watchlist Internet zahlreiche Fake-Shops mit Produkten für einen schönen Sommer im Garten. Schauen Sie daher lieber genau auf vermeintliche Online-Shops, die Ihnen günstige Pools, Griller, Terrassenmöbel oder Rasenmäher verkaufen wollen! --------------------------------------------- https://www.watchlist-internet.at/news/zahlreiche-fake-shops-locken-mit-gue… ∗∗∗ Upgrade unseres Ticketsystems 2020-08-07 ∗∗∗ --------------------------------------------- Viele unserer Prozesse laufen über ein Ticketsystem, in unserem Fall ist das RTIR. Es ist jetzt Zeit geworden, hier eine radikalere Umstellung zu machen: Neue Version (Und natürlich wurde prompt während der Testphase eine radikal neue herausgegeben. Seufz.) --------------------------------------------- https://cert.at/de/blog/2020/8/upgrade-unseres-ticketsystem-20200807 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (clamav and json-c), Fedora (python2, python36, and python37), Red Hat (thunderbird), Scientific Linux (thunderbird), SUSE (java-11-openjdk, kernel, rubygem-actionview-4_2, wireshark, xen, and xrdp), and Ubuntu (openjdk-8 and ppp). --------------------------------------------- https://lwn.net/Articles/828209/ ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: WebSphere MQ Internet Pass-Thru – CVE-2020-2654 (deferred from Oracle Jan 2020 CPU) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-internet-pas… ∗∗∗ Security Bulletin: Embedded WebSphere Application Server is vulnerable to a command execution vulnerability affect Content Collector for Email ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-applic… ∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-we… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Content Collector for Email is affected by a embedded WebSphere Application Server is vulnerable to a Information Disclosure vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-ema… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.08.2020
by Daily end-of-shift report 06 Aug '20

06 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 05-08-2020 18:00 − Donnerstag 06-08-2020 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB20-48) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB20-48) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, August 11, 2020. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1906 ∗∗∗ Incident Response Analyst Report 2019 ∗∗∗ --------------------------------------------- As an incident response service provider, Kaspersky delivers a global service that results in a global visibility of adversaries’ cyber-incident tactics and techniques on the wild. In this report, we share our teams’ conclusions and analysis based on incident responses and statistics from 2019. --------------------------------------------- https://securelist.com/incident-response-analyst-report-2019/97974/ ∗∗∗ A Fork of the FTCode Powershell Ransomware, (Thu, Aug 6th) ∗∗∗ --------------------------------------------- Yesterday, I found a new malicious Powershell script that deserved to be analyzed due to the way it was dropped on the victims computer. As usual, the malware was delivered through a malicious Word document with a VBA macro. A first observation reveals that its a file less macro. The malicious Base64 code is stored in multiples environment variables that are concatenated then executed through an IEX command... --------------------------------------------- https://isc.sans.edu/diary/rss/26434 ∗∗∗ Ad Hoc Log-Management im Ernstfall (SEC Defence) ∗∗∗ --------------------------------------------- Viele Organisationen, welche kein eigenes Incident Response Team haben, verfügen über keine oder nur sehr mangelhafte Visibility im eigenen Unternehmensnetzwerk. Doch vor Allem für die Aufarbeitung und Behebung des Vorfalls ist es unerlässlich auf allen Systemen angemessene Sichtbarkeit sicherzustellen. --------------------------------------------- https://www.sec-consult.com/./blog/2020/07/ad-hoc-log-management-im-ernstfa… ∗∗∗ PHP Backdoor Obfuscated One Liner ∗∗∗ --------------------------------------------- In the past, I have explained how small one line PHP backdoors use obfuscation and strings of code in HTTP requests to pass attacker’s commands to backdoors. Today, I’ll highlight another similar injection example and describe some of the malicious behavior we’ve seen recently on compromised websites. --------------------------------------------- https://blog.sucuri.net/2020/08/php-backdoor-obfuscated-one-liner.html ∗∗∗ Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack ∗∗∗ --------------------------------------------- A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers. Amit Klein, VP of Security Research at SafeBreach who presented the findings today at the Black Hat security conference, said that the attacks highlight how web servers and HTTP proxy servers are still susceptible to HTTP request smuggling even after 15 years since they were first documented. --------------------------------------------- https://thehackernews.com/2020/08/http-request-smuggling.html ∗∗∗ Makro-Malware für macOS: Forscher warnt vor unterschätzter Gefahr ∗∗∗ --------------------------------------------- Ein "Office Drama" naht für macOS-User, fürchtet Patrick Wardle. Makro-Malware könnte Schutzmaßnahmen aushebeln, erläuterte der Forscher auf der Black Hat 2020. --------------------------------------------- https://heise.de/-4864148 ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- Cisco hat 19 Security Advisories veröffentlicht. Keine der Schwachstellen wird als kritisch eingestuft, vier als "High". --------------------------------------------- https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&first… ∗∗∗ Security Bulletin: IBM MQ could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. (CVE-2020-4375) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-an-att… ∗∗∗ Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i is affected by CVE-2020-2654 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java… ∗∗∗ Security Bulletin: IBM MQ is affected by a vulnerability within IBM WebSphere Liberty (CVE-2020-4329) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-v… ∗∗∗ Security Bulletin: CVE-2020-2601 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2601-may-affect-… ∗∗∗ Security Bulletin: IBM MQ is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code (CVE-2020-4465) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a… ∗∗∗ Security Bulletin: Vulnerability CVE-2019-2949 in IBM Java SDK and IBM Java Runtime affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2019-29… ∗∗∗ Security Bulletin: IBM MQ could allow an attacker to cause a denial of service caused by an error within the pubsub logic. (CVE-2020-4376) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-an-att… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: CVE-2020-2590 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2590-may-affect-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.08.2020
by Daily end-of-shift report 05 Aug '20

05 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 04-08-2020 18:00 − Mittwoch 05-08-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle ∗∗∗ --------------------------------------------- Posted by Mateusz Jurczyk, Project Zero. This post is the fourth of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-4-completin… ∗∗∗ Richtlinien gegen Sicherheitslücken in Legacy-Programmiersprachen veröffentlicht ∗∗∗ --------------------------------------------- Das Politecnico di Milano und Trend Micro haben einen Leitfaden für das Entwickeln mit Legacy-Programmiersprachen für Betriebstechnik in der Industrie erstellt. --------------------------------------------- https://heise.de/-4863229 ∗∗∗ Sophos: Ransomware WastedLocker trickst Sicherheitsanwendungen aus ∗∗∗ --------------------------------------------- Die Hintermänner haben offenbar sehr gute Kenntnisse über interne Funktionen von Windows. Sie nutzen diese, um Dateien im Windows-Cache statt direkt auf der Festplatte zu verschlüsseln. Damit vereiteln sie eine verhaltensbasierte Analyse ihrer Schadsoftware. --------------------------------------------- https://www.zdnet.de/88382004/sophos-ransomware-wastedlocker-trickst-sicher… ∗∗∗ Unseriöse Angebote werben mit ORF-Promis ∗∗∗ --------------------------------------------- Immer wieder werden Promis dazu genutzt, um unseriöse Angebote zu bewerben. Aktuell werden vor allem Bilder von ORF-Stars und von nachgemachten Nachrichten-Logos verwendet, um Menschen in die Falle zu locken. Die gefälschten Werbungen werden Ihnen dabei beim Handy-Spielen angezeigt und sollen Sie dazu bringen Apps für Spieleautomaten herunterzuladen. --------------------------------------------- https://www.watchlist-internet.at/news/unserioese-angebote-werben-mit-orf-p… ===================== = Vulnerabilities = ===================== ∗∗∗ Hackers can abuse Microsoft Teams updater to install malware ∗∗∗ --------------------------------------------- Microsoft Teams can still double as a Living off the Land binary (LoLBin) and help attackers retrieve and execute malware from a remote location. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-can-abuse-microsoft-… ∗∗∗ The Official Facebook Chat Plugin Created Vector for Social Engineering Attacks ∗∗∗ --------------------------------------------- On June 26, 2020, our Threat Intelligence team discovered a vulnerability in The Official Facebook Chat Plugin, a WordPress plugin installed on over 80,000 sites. --------------------------------------------- https://www.wordfence.com/blog/2020/08/the-official-facebook-chat-plugin-cr… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (net-snmp), Fedora (mingw-curl), openSUSE (firefox, ghostscript, and opera), Oracle (libvncserver and postgresql-jdbc), Scientific Linux (postgresql-jdbc), SUSE (firefox, kernel, libX11, xen, and xorg-x11-libX11), and Ubuntu (apport, grub2, grub2-signed, libssh, libvirt, mysql-8.0, ppp, tomcat8, and whoopsie). --------------------------------------------- https://lwn.net/Articles/828114/ ∗∗∗ BlackBerry Powered by Android Security Bulletin - July 2020 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ GRUB2 Arbitrary Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Information Leak Vulnerabilities in Huawei FusionCompute Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-… ∗∗∗ Security Advisory - Local Privilege Escalation Vulnerability in Huawei FusionCompute Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-… ∗∗∗ Security Advisory - Denial of Service Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-… ∗∗∗ Security Advisory - Protection Mechanism Failure Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-… ∗∗∗ Security Advisory - Elevation of Privilege Vulnerability in Some Microsoft Windows Systems ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-… ∗∗∗ Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows SMBv1 ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-… ∗∗∗ Security Bulletin: jackson-databind (Publicly disclosed vulnerability) found in Network Performance Insight (CVE-2019-14892, CVE-2019-14893) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-publicly… ∗∗∗ Security Bulletin: CVE-2014-3577 HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2014-3577-httpcompone… ∗∗∗ Security Bulletin: CVE-2020-4481 HTTP properties vulnerable to an XXE attack ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-4481-http-proper… ∗∗∗ Security Bulletin: vulnerabilities in in IBM® Runtime Environment Java™ Version 8 affect IBM WIoTP MessageGateway (CVE-2020-2805, CVE-2020-2803, CVE-2020-2781, CVE-2020-2755, CVE-2020-2754) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-in-ibm… ∗∗∗ Security Bulletin: CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2009-2625-cve-2012-08… ∗∗∗ Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js http-proxy module denial of service ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integra… ∗∗∗ Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-2949-may-affect-… ∗∗∗ Security Bulletin: CVE-2015-5254 Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2015-5254-apache-acti… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4243) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ IBM Spectrum Protect: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0785 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.08.2020
by Daily end-of-shift report 04 Aug '20

04 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Montag 03-08-2020 18:00 − Dienstag 04-08-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Exploiting Android Messengers with WebRTC: Part 1 ∗∗∗ --------------------------------------------- Posted by Natalie Silvanovich, Project Zero. This is a three-part series on exploiting messenger applications using vulnerabilities in WebRTC. This series highlights what can go wrong when applications dont apply WebRTC patches and when the communication and notification of security issues breaks down. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messenger… ∗∗∗ Network Design: Firewall, IDS/IPS ∗∗∗ --------------------------------------------- There are many different types of devices and mechanisms within the security environment to provide a layered approach of defense. This is so that if an attacker is able to bypass one layer, another layer stands in the way to protect the network. --------------------------------------------- https://resources.infosecinstitute.com/network-design-firewall-idsips/ ∗∗∗ Certificate Transparency: a birds-eye view ∗∗∗ --------------------------------------------- The goal of this post is to build up a high-level description of CT from scratch, explaining why all the pieces are the way they are and how they fit together. --------------------------------------------- https://emilymstark.com/2020/07/20/certificate-transparency-a-birds-eye-vie… ∗∗∗ goldscheideanstalt-solidus24.de & feingold-scheideanstalt.de fälschen Trusted Shops-Zertifikat ∗∗∗ --------------------------------------------- goldscheideanstalt-solidus24.de & feingold-scheideanstalt.de – durchaus ansprechende Webshops für Goldbarren und Goldmünzen. Das vollständige Impressum mit gültigen Angaben, sowie das Trusted Shops-Gütezeichen wirken vertrauensvoll. Doch Vorsicht: Diese Goldhändler sind Fake, Sie erhalten trotz Bezahlung keine Ware! --------------------------------------------- https://www.watchlist-internet.at/news/goldscheideanstalt-solidus24de-feing… ===================== = Vulnerabilities = ===================== ∗∗∗ NodeJS module downloaded 7M times lets hackers inject code ∗∗∗ --------------------------------------------- A Node.js module downloaded millions of times has a security flaw that can enable attackers to perform a denial-of-service (DoS) attack on a server or get full-fledged remote shell access. --------------------------------------------- https://www.bleepingcomputer.com/news/security/nodejs-module-downloaded-7m-… ∗∗∗ CVE-2020–9854: "Unauthd" ∗∗∗ --------------------------------------------- Security researcher Ilias Morad, describes an impressive exploit chain, combining three macOS logic bugs he uncovered in macOS. His exploit chain allowed a local user to elevate privileges all the way to ring-0 (kernel)! --------------------------------------------- https://objective-see.com/blog/blog_0x4D.html ∗∗∗ Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues , (Tue, Aug 4th) ∗∗∗ --------------------------------------------- Just a quick reminder: We are continuing to see small numbers of exploit attempts against CVE-2020-3452. Cisco patched this directory traversal vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. --------------------------------------------- https://isc.sans.edu/diary/rss/26426 ∗∗∗ Critical Vulnerability Exposes over 700,000 Sites Using Divi, Extra, and Divi Builder ∗∗∗ --------------------------------------------- On July 23, 2020, our Threat Intelligence team discovered a vulnerability present in two themes by Elegant Themes, Divi and Extra, as well as Divi Builder, a WordPress plugin. Combined, these products are installed on an estimated 700,000 sites. --------------------------------------------- https://www.wordfence.com/blog/2020/08/critical-vulnerability-exposes-over-… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libx11, webkit2gtk, and zabbix), Fedora (webkit2gtk3), openSUSE (claws-mail, ghostscript, and targetcli-fb), Red Hat (dbus, kpatch-patch, postgresql-jdbc, and python-pillow), Scientific Linux (libvncserver and postgresql-jdbc), SUSE (kernel and python-rtslib-fb), and Ubuntu (ghostscript, sqlite3, squid3, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/828015/ ∗∗∗ Security Bulletin: Vulnerability in Bash affects IBM Spectrum Protect Plus (CVE-2019-9924) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bash-aff… ∗∗∗ Security Bulletin: Possible denial of service attack affecting Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-possible-denial-of-servic… ∗∗∗ Security Bulletin: Incorrect file permissions allows authenticated users to recover IPMI user passwords ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-incorrect-file-permission… ∗∗∗ Security Bulletin: IBM API Connect is impacted by a denial of service vulnerability in MySQL (CVE-2020-2752) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impact… ∗∗∗ Security Bulletin: Vulnerability in GNU gettext affects IBM Spectrum Protect Plus (CVE-2018-18751) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-gnu-gett… ∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2020-4459) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A vulnerability in IBM® Runtime Environment Java™ Version 8.0 affects IBM CICS TX on Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ru… ∗∗∗ Security Bulletin: OpenSSH vulnerability affects IBM Spectrum Protect Plus (CVE-2020-15778) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssh-vulnerability-aff… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A vulnerability exists in IBM® Runtime Environment Java™ which affects TXSeries for Multiplatforms ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in… ∗∗∗ August 2020 ∗∗∗ --------------------------------------------- https://source.android.com/security/bulletin/2020-08-01 ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0781 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.08.2020
by Daily end-of-shift report 03 Aug '20

03 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 31-07-2020 18:00 − Montag 03-08-2020 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Warnung vor Sicherheitslücke in Abus-Alarmanlagen ∗∗∗ --------------------------------------------- Aufgrund einer neuen Sicherheitslücke ist es möglich, die Alarmanlage aus der Ferne zu deaktivieren. --------------------------------------------- https://futurezone.at/produkte/abus-alarmanlagen-warnung-vor-sicherheitslue… ∗∗∗ The core of Apple is PPL: Breaking the XNU kernels kernel ∗∗∗ --------------------------------------------- This bypass was reported as Project Zero issue 2035 and fixed in iOS 13.6; you can find a POC that demonstrates how to map arbitrary physical addresses into EL0 there. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/07/the-core-of-apple-is-ppl-bre… ∗∗∗ Emotet is back… and where are we? ∗∗∗ --------------------------------------------- A couple weeks ago, Emotet sprang back to life. The first new spam messages started flowing after a five month hiatus. --------------------------------------------- https://team-cymru.com/2020/07/31/emotet-is-back-and-where-are-we/ ∗∗∗ TCC-Absicherung in macOS "komplett geknackt" ∗∗∗ --------------------------------------------- Einem Sicherheitsexperten ist es gelungen, Apples eigentlich drakonische "Entitlement Checks" zu umgehen. Das Problem wurde gepatcht. --------------------------------------------- https://heise.de/-4860891 ∗∗∗ Meetup fixes security flaws which could have allowed hackers to take over groups ∗∗∗ --------------------------------------------- Researchers at Checkmarx detail "Holy Grail" of two vulnerabilities, now patched. --------------------------------------------- https://www.zdnet.com/article/meetup-fixes-security-flaws-which-could-have-… ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal: Group - Critical - Information Disclosure - SA-CONTRIB-2020-030 ∗∗∗ --------------------------------------------- Security risk: Critical 15∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:ALL This vulnerability is mitigated by the fact that the victim must have the GroupNode plugin installed on their website and have no other hook_node_grants() implementations on their website aside from the one that was recently removed by Group. If you do not use the GroupNode plugin or still have hook_node_grants() implementing modules enabled, your site may not be affected. Solution: Install the latest version --------------------------------------------- https://www.drupal.org/sa-contrib-2020-030 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (grub2 and mercurial), Fedora (chromium, firefox, and freerdp), Oracle (firefox and kernel), Red Hat (firefox), Scientific Linux (firefox, grub2, and kernel), and SUSE (ghostscript and targetcli-fb). --------------------------------------------- https://lwn.net/Articles/827697/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (ffmpeg, libjcat, mbedtls, tcpreplay, and wireshark-cli), Debian (ark, evolution-data-server, libjpeg-turbo, libopenmpt, libpam-radius-auth, libphp-phpmailer, libssh, ruby-zip, thunderbird, and transmission), Fedora (chromium, clamav, claws-mail, evolution-data-server, freerdp, glibc, java-latest-openjdk, nspr, and nss), Gentoo (libsndfile, pycrypto, python, snmptt, thunderbird, and webkit-gtk), Mageia (botan2, chocolate-doom, cloud-init, dnsmasq, freerdp/remmina, gssdp/gupnp java-1.8.0-openjdk, matio, microcode, nasm, openjpeg2, pcre2, php-phpmailer, redis, roundcubemail, ruby-rack, thunderbird, virtualbox, xerces-c), openSUSE (claws-mail, ldb, libraw), Oracle (firefox), Red Hat (bind, grub2, grub2, grub2, grub2, grub2, kernel-rt, libvncserver, nss, and, nspr, qemu-kvm-rhev), Scientific Linux (firefox), Slackware (thunderbird), SUSE (claws-mail, ldb, libraw, firefox, kernel, kernel, targetcli-fb). --------------------------------------------- https://lwn.net/Articles/827920/ ∗∗∗ Security Bulletin: Financial Transaction Manager for High Value Payments is affected by a potential Cross-Site Scripting (Reflected) vulnerability (CVE-2020-4560) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-man… ∗∗∗ Security Bulletin: Watson Machine Learning Service is impacted by security vulnerabilities in OpenJDK 11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-watson-machine-learning-s… ∗∗∗ Security Bulletin: IBM i2 Analysts' Notebook and IBM i2 Analysts' Notebook Premium Memory vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analysts-notebook-… ∗∗∗ Security Bulletin: Apr 2020 : Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apr-2020-multiple-vulnera… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4534) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Financial Transaction Manager for High Value Payments is affected by a potential SQL Injection CVE-2020-4328 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-man… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.07.2020
by Daily end-of-shift report 31 Jul '20

31 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 30-07-2020 18:00 − Freitag 31-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Office 365 phishing abuses Google Ads to bypass email filters ∗∗∗ --------------------------------------------- An Office 365 phishing campaign abused Google Ads to bypass secure email gateways (SEGs), redirecting employees of targeted organizations to phishing landing pages and stealing their Microsoft credentials. --------------------------------------------- https://www.bleepingcomputer.com/news/security/office-365-phishing-abuses-g… ∗∗∗ One Byte to rule them all ∗∗∗ --------------------------------------------- Posted by Brandon Azad, Project Zero. For the last several years, nearly all iOS kernel exploits have followed the same high-level flow: memory corruption and fake Mach ports are used to gain access to the kernel task port, which provides an ideal kernel read/write primitive to userspace. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/07/one-byte-to-rule-them-all.ht… ∗∗∗ WastedLocker: technical analysis ∗∗∗ --------------------------------------------- According to currently available information, in the attack on Garmin a targeted build of the Trojan WastedLocker was used. We have performed technical analysis of the Trojan sample. --------------------------------------------- https://securelist.com/wastedlocker-technical-analysis/97944/ ∗∗∗ Obscured by Clouds: Insights into Office 365 Attacks and How MandiantManaged Defense Investigates ∗∗∗ --------------------------------------------- With Business Email Compromises (BECs) showing no signs of slowing down, it is becoming increasingly important for security analysts to understand Office 365 (O365) breaches and how to properly investigate them. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/07/insights-into-office-36… ∗∗∗ Malspam campaign caught using GuLoader after service relaunch ∗∗∗ --------------------------------------------- We discovered a spam campaign distributing GuLoader in the aftermath of the services relaunch. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2020/07/malspam-campaign-caug… ∗∗∗ New infection chain of njRAT variant ∗∗∗ --------------------------------------------- Recently, 360 Security Center has detected that a variant of the remote access tool njRAT is active. --------------------------------------------- https://blog.360totalsecurity.com/en/new-infection-chain-of-njrat-variant/ ∗∗∗ Umfragen von appdoctor.me führen zu Geldwäsche in Ihrem Namen! ∗∗∗ --------------------------------------------- Es klingt so verlockend: Einfach kurz eine App testen und schon hat man 35 Euro verdient. Doch leider steckt hinter solchen Umfrageplattformen und Jobangeboten oftmals Betrug. So auch auf der Webseite appdoctor.me, auf der App-TesterInnen gesucht werden. Geld wird Ihnen hier jedoch nicht ausbezahlt. Stattdessen eröffnen die Kriminellen ein Konto in Ihrem Namen, um dort Geldwäsche zu betreiben. --------------------------------------------- https://www.watchlist-internet.at/news/umfragen-von-appdoctorme-fuehren-zu-… ===================== = Vulnerabilities = ===================== ∗∗∗ KDE archive tool flaw let hackers take over Linux accounts ∗∗∗ --------------------------------------------- A vulnerability exists in the default KDE extraction utility called ARK that allows attackers to overwrite files or execute code on victims computers simply by tricking them into downloading an archive and extracting it. --------------------------------------------- https://www.bleepingcomputer.com/news/security/kde-archive-tool-flaw-let-ha… ∗∗∗ If you own one of these 45 Netgear devices, replace it: Gear maker wont patch vulnerable gear despite live proof-of-concept code ∗∗∗ --------------------------------------------- Thats one way of speeding up the tech refresh cycle. Netgear has quietly decided not to patch more than 40 home routers to plug a remote code execution vulnerability – despite security researchers having published proof-of-concept exploit code. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2020/07/30/netgear_aban… ∗∗∗ Ripple20 impact onDistribution Automation products ∗∗∗ --------------------------------------------- On the 16th of June 2020, a series of vulnerabilities affecting a TCP/IP library from Treck Inc. were made public by JSOF Tech in Jerusalem, Israel. The products listed in this document have integrated this library and thus are affected by the vulnerabilities listed in this document. --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2NGA000473&Language… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (webkit2gtk), CentOS (GNOME, grub2, and kernel), Debian (firefox-esr, grub2, json-c, kdepim-runtime, libapache2-mod-auth-openidc, net-snmp, and xrdp), Gentoo (chromium and firefox), Mageia (podofo), openSUSE (knot and tomcat), Oracle (grub2, kernel, postgresql-jdbc, and python-pillow), Red Hat (firefox, grub2, kernel, and kernel-rt), SUSE (grub2), and Ubuntu (firefox, grub2, grub2-signed, and librsvg). --------------------------------------------- https://lwn.net/Articles/827572/ ∗∗∗ Forscher legt zwei Zero-Day-Lücken im Tor-Netzwerk und -Browser offen ∗∗∗ --------------------------------------------- Internet Service Provider können unter Umständen alle Verbindungen zum Tor-Netzwerk blockieren. Der Forscher wirft dem Tor Project vor, die von ihm gemeldeten Schwachstellen nicht zu beseitigen. Er kündigt zudem die Offenlegung weiterer Bugs an. --------------------------------------------- https://www.zdnet.de/88381926/forscher-legt-zwei-zero-day-luecken-im-tor-ne… ∗∗∗ iTunes 12.10.8 for Windows ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211293 ∗∗∗ Security Bulletin: IBM i2 Analysts' Notebook Memory vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analysts-notebook-… ∗∗∗ Security Bulletin: A security vulnerability has been identified in Apache CXF, which is shipped with IBM Tivoli Network Manager (CVE-2020-1954). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.07.2020
by Daily end-of-shift report 30 Jul '20

30 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 29-07-2020 18:00 − Donnerstag 30-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ TrickBots new Linux malware covertly infects Windows devices ∗∗∗ --------------------------------------------- TrickBots Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels. --------------------------------------------- https://www.bleepingcomputer.com/news/security/trickbots-new-linux-malware-… ∗∗∗ Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 ∗∗∗ --------------------------------------------- Posted by Maddie Stone, Project Zero. This blog post synthesizes many of our efforts and what we’ve seen over the last year. We provide a review of what we can learn from 0-day exploits detected as used in the wild in 2019. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/07/detection-deficit-year-in-re… ∗∗∗ Security controls for ICS/SCADA environments ∗∗∗ --------------------------------------------- Supervisory control and data acquisition systems (SCADA) are a subset of ICS. These systems are unique in comparison to traditional IT systems. This makes using standard security controls written with traditional systems in mind somewhat tricky. --------------------------------------------- https://resources.infosecinstitute.com/security-controls-for-ics-scada-envi… ∗∗∗ ESET Threat Report Q2 2020 ∗∗∗ --------------------------------------------- A view of the Q2 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. --------------------------------------------- https://www.welivesecurity.com/2020/07/29/eset-threat-report-q22020/ ∗∗∗ Researchers exploit HTTP/2, WPA3 protocols to stage highly efficient ‘timeless timing’ attacks ∗∗∗ --------------------------------------------- Presented at this year’s Usenix conference, the technique, named ‘Timeless Timing Attacks’, exploits the way network protocols handle concurrent requests to solve one of the endemic challenges of remote timing side-channel attacks. --------------------------------------------- https://portswigger.net/daily-swig/researchers-exploit-http-2-wpa3-protocol… ∗∗∗ Effective Threat Intelligence Through Vulnerability Analysis ∗∗∗ --------------------------------------------- The vulnerability ecosystem has matured considerably in the last few years. A significant amount of effort has been invested to capture, curate, taxonomize and communicate the vulnerabilities in terms of severity, impact and complexity of the associated exploit or attack. --------------------------------------------- https://www.tripwire.com/state-of-security/vulnerability-management/effecti… ===================== = Vulnerabilities = ===================== ∗∗∗ Grub 2: Boothole ermöglicht Umgehung von Secure Boot ∗∗∗ --------------------------------------------- Der Fehler in dem Bootloader Grub ermöglicht damit ein dauerhaftes Bootkit. Ein komplettes Update wird aber schwierig und dauert. (grub, Linux) --------------------------------------------- https://www.golem.de/news/grub-2-boothole-ermoeglicht-umgehung-von-secure-b… ∗∗∗ CVE-2020–9934: Bypassing TCC for Unauthorized Access ∗∗∗ --------------------------------------------- In this guest blog post, security researcher Matt Shockley describes a lovely security vulnerability he uncovered in macOS. --------------------------------------------- https://objective-see.com/blog/blog_0x4C.html ∗∗∗ Sicherheitsupdates: Gefährliche Lücken in Cisco SD-WAN und Data Center ∗∗∗ --------------------------------------------- Angreifer könnten durch Schwachstellen in Cisco-Software ganze Netzwerke übernehmen. --------------------------------------------- https://heise.de/-4858759 ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® Java™ SDK and IBM® Java™ Runtime that affect IBM® Intelligent Operations Center products (October 2019) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Security Vulnerabilities in OpenSSL affect IBM Netezza Analytics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Information exposure in HTML comments vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® Java™ SDK and IBM® Java™ Runtime that affect IBM® Intelligent Operations Center products (Apr 2020) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Use of Broken or Risky Cryptographic Algorithm vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2020, Apr 2020 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: Vulnerability in Open Source logback used in IBM Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-open-sou… ∗∗∗ Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM App Connect Enterprise V11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® Java™ SDK and IBM® Java™ Runtime that affect IBM® Intelligent Operations Center products (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Vulnerabilities fixed in Thunderbird 68.11 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/ ∗∗∗ Dell OpenManage Server Administrator: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0770 ∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0768 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.07.2020
by Daily end-of-shift report 29 Jul '20

29 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 28-07-2020 18:00 − Mittwoch 29-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ VermieterInnen aufgepasst: Besonders in der Urlaubszeit wollen BetrügerInnen an Ihr Geld! ∗∗∗ --------------------------------------------- Betrug im Internet zielt manchmal auf ganz bestimmte Personengruppen ab. Gerade jetzt in der Urlaubszeit sind auch Zimmer- oder Ferienwohnung-VermieterInnen sowie Hoteliers im Visier von BetrügerInnen. Die Kriminellen geben sich dabei als interessierte Gäste aus und versuchen durch Scheckbetrug an das Geld der VermieterInnen zu kommen. --------------------------------------------- https://www.watchlist-internet.at/news/vermieterinnen-aufgepasst-besonders-… ∗∗∗ Betrüger-Mails: Emotet klaut Dateianhänge für mehr Authentizität ∗∗∗ --------------------------------------------- Aufgepasst: Emotet hat dazu gelernt und versteckt sich nun in noch glaubhafteren Mails. --------------------------------------------- https://heise.de/-4857724 ∗∗∗ Netwalker malware: What it is, how it works and how to prevent it | Malware spotlight ∗∗∗ --------------------------------------------- Netwalker is a data encryption malware that represents an evolution of the well-known Kokoklock ransomware and has been active since September 2019. This article will detail the specific technical features of the Netwalker ransomware. --------------------------------------------- https://resources.infosecinstitute.com/netwalker-malware-what-it-is-how-it-… ∗∗∗ MMS Exploit Part 3: Constructing the Memory Corruption Primitives ∗∗∗ --------------------------------------------- Posted by Mateusz Jurczyk, Project Zero. This post is the third of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-3-construct… ===================== = Vulnerabilities = ===================== ∗∗∗ Magento gets security updates for severe code execution bugs ∗∗∗ --------------------------------------------- Adobe today released security updates to fix two code execution vulnerabilities affecting Magento Commerce and Magento Open Source, rated as important and critical severity. --------------------------------------------- https://www.bleepingcomputer.com/news/security/magento-gets-security-update… ∗∗∗ Critical Arbitrary File Upload Vulnerability Patched in wpDiscuz Plugin ∗∗∗ --------------------------------------------- On June 19th, our Threat Intelligence team discovered a vulnerability present in Comments – wpDiscuz, a WordPress plugin installed on over 80,000 sites. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. --------------------------------------------- https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulne… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, firefox-esr, luajit, and salt), Fedora (clamav, java-1.8.0-openjdk, and java-11-openjdk), Gentoo (claws-mail, dropbear, ffmpeg, libetpan, mujs, mutt, and rsync), openSUSE (qemu), Red Hat (openstack-tripleo-heat-templates), SUSE (freerdp, ldb, rubygem-puma, samba, and webkit2gtk3), and Ubuntu (mysql-5.7, mysql-8.0 and sympa). --------------------------------------------- https://lwn.net/Articles/827376/ ∗∗∗ Security Bulletin: Legacy Components of IBM Netcool Configuration Manager have been updated. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-legacy-components-of-ibm-… ∗∗∗ Security Bulletin: Apache CXF vulnerability identified in IBM Tivoli Application Dependency Discovery Manager (CVE-2020-1954) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-vulnerability-… ∗∗∗ Security Bulletin: IBM Planning Analytics has addressed multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-ha… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to Information Disclosure (CVE-2020-4463) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Security Key Lifecycle Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2019 – Includes Oracle Oct 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ IBM Informix: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0764 ∗∗∗ Stored Cross-Site Scripting (XSS) Vulnerability in Namirial SIGNificant SignAnyWhere ∗∗∗ --------------------------------------------- https://sec-consult.com/./en/blog/advisories/stored-cross-site-scripting-xs… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.07.2020
by Daily end-of-shift report 28 Jul '20

28 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Montag 27-07-2020 18:00 − Dienstag 28-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS Devices ∗∗∗ --------------------------------------------- Called QSnatch (or Derek), the data-stealing malware is said to have compromised 62,000 devices since reports emerged last October, with a high degree of infection in Western Europe and North America. ... "All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes," the US Cybersecurity and Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre (NCSC) said in the alert. --------------------------------------------- https://thehackernews.com/2020/07/qnap-nas-malware-attack.html ∗∗∗ Team Pangu demonstrated an unpatchable SEP vulnerability in iOS ∗∗∗ --------------------------------------------- Xu Hao a member of Team Pangu says they have found an “unpatchable” vulnerability on the Secure Enclave Processor (SEP) chip in iPhones. Hao presented his talk – Attack Secure Boot of SEP – on 24th July at MOSEC 2020 in Shanghai, China. --------------------------------------------- https://androidrookies.com/team-pangu-demonstrates-unpatchable-secure-encla… ∗∗∗ IT-Sicherheit: Public Cloud kann zum Einfallstor in Unternehmen werden ∗∗∗ --------------------------------------------- Schlecht gepflegte Workloads und Authentifizierungsschwächen in Cloud-Umgebungen untergraben die Sicherheit – von beidem gibt es reichlich, meint eine Studie. --------------------------------------------- https://heise.de/-4856561 ∗∗∗ Vorsicht: 500 Euro Amazon-Geschenkkarte führt in Abo-Falle ∗∗∗ --------------------------------------------- Freuen Sie sich nicht zu früh, wenn Sie eine 500 Euro Amazon-Geschenkkarte in Ihrem E-Mail-Posteingang finden. Sie werden in eine Abo-Falle gelockt, denn dieses E-Mail stammt nicht von Amazon! Klicken Sie nicht auf den Link und verschieben Sie das E-Mail in den Spam-Ordner. Haben Sie auf den Link geklickt und Kreditkartendaten angeführt, wird Ihnen Monat für Monat ein Betrag zwischen 50 und 90 Euro abgebucht! Lesen Sie hier, wie Sie dieses betrügerische Abo kündigen! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-500-euro-amazon-geschenkkar… ===================== = Vulnerabilities = ===================== ∗∗∗ Reverse String WooCommerce WordPress Credit Card Swiper ∗∗∗ --------------------------------------------- As 2020 continues to be the worst year in almost anybody’s lifetime, allow me to take this opportunity to stoke the fires of your existential dread even further. As a sequel to my last blog post earlier this year about the credit card swiper that I found on a WordPress ecommerce website using WooCommerce, today I found another very noteworthy infection of the same variety. --------------------------------------------- https://blog.sucuri.net/2020/07/reverse-string-woocommerce-wordpress-credit… ∗∗∗ TYPO3-CORE-SA-2020-008: Sensitive Information Disclosure ∗∗∗ --------------------------------------------- It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains .. --------------------------------------------- https://typo3.org/security/advisory/typo3-core-sa-2020-008 ∗∗∗ TYPO3-CORE-SA-2020-007: Potential Privilege Escalation ∗∗∗ --------------------------------------------- In case an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch typo3conf/LocalConfiguration.php which again contains the encryptionKey as well as credentials of the database management system being used. --------------------------------------------- https://typo3.org/security/advisory/typo3-core-sa-2020-007 ∗∗∗ TYPO3-PSA-2020-001: Critical vulnerability in legacy versions of TYPO3 CMS ∗∗∗ --------------------------------------------- It has been discovered that TYPO3 CMS is susceptible to sensitive information disclosure in previous TYPO3 versions which are not maintained by the community anymore. --------------------------------------------- https://typo3.org/security/advisory/typo3-psa-2020-001 ∗∗∗ TYPO3-EXT-SA-2020-014: Sensitive Information Disclosure in extension "Media Content Element" (mediace) ∗∗∗ --------------------------------------------- It has been discovered that the extension "Media Content Element" (mediace) is susceptible to Sensitive Information Disclosure. --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2020-014 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by openSUSE (cacti, cacti-spine, go1.13, SUSE Manager Client Tools, and tomcat), Red Hat (postgresql-jdbc and python-pillow), Slackware (mozilla), SUSE (python-Django and python-Pillow), and Ubuntu (clamav, librsvg, libslirp, linux-gke-5.0, linux-oem-osp1, linux-hwe, linux-azure-5.3, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-oracle-5.3, and sqlite3). --------------------------------------------- https://lwn.net/Articles/827232/ ∗∗∗ Security Vulnerabilities fixed in Thunderbird 78.1 ∗∗∗ --------------------------------------------- In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/ ∗∗∗ Security Vulnerabilities fixed in Firefox 79 ∗∗∗ --------------------------------------------- Severity: high - CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker - CVE-2020-6514: WebRTC data channel leaks internal address to peer - CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy - CVE-2020-15659: Memory safety bugs fixed in Firefox 79 --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/ ∗∗∗ JSA11041 - 2020-07 Security Bulletin: Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of large packets requiring fragmentation (CVE-2020-1655) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11041&actp=RSS ∗∗∗ JSA11036 - 2020-07 Security Bulletin:Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of small fragments requiring reassembly (CVE-2020-1649) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11036&actp=RSS ∗∗∗ Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service vulnerability (CVE-2020-4466) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulne… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: Pentest results for IBM Netcool Operations Insight found a security vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-pentest-results-for-ibm-n… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: XML parsing vulnerability in Apache Santuario might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2019-12400 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-xml-parsing-vulnerability… ∗∗∗ Security Bulletin: Security Bulletin: A Vulnerability in IBM® Java™ SDK and IBM® Java™ Runtime that affect IBM® Intelligent Operations Center products (CVE-2019-2949) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-a-vulne… ∗∗∗ Security Bulletin: SB0003782 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sb0003782/ ∗∗∗ Security Bulletin: Novalink is impacted by Swagger vulnerability affects WebSphere Application Server Liberty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-s… ∗∗∗ Security Bulletin: IBM Ingelligent Operations Center is Vulnerable to Stored Cross-Site Scripting (CVE-2020-4318) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-ingelligent-operation… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by multiple libxml2 vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.07.2020
by Daily end-of-shift report 27 Jul '20

27 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 24-07-2020 18:00 − Montag 27-07-2020 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ No More Ransom turns 4: Saves $632 million in ransomware payments ∗∗∗ --------------------------------------------- The No More Ransom Project celebrates its fourth anniversary today after helping over 4.2 million visitors recover from a ransomware infection and saving an estimated $632 million in ransom payments. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/no-more-ransom-turns-4-saves… ∗∗∗ ProLock ransomware – new report reveals the evolution of a threat ∗∗∗ --------------------------------------------- Ransomware crooks keep adjusting their approach to make their demands more compelling, even against companies that say theyd never pay up. --------------------------------------------- https://nakedsecurity.sophos.com/2020/07/27/prolock-ransomware-new-report-r… ∗∗∗ Cracking Maldoc VBA Project Passwords, (Sun, Jul 26th) ∗∗∗ --------------------------------------------- In diary entry "VBA Project Passwords" I explained that VBA project passwords in malicious documents don't hinder analysis: you can just extract the macros without knowing the password. It's only when you would perform a dynamic analysis with the step-by-step debugger of the VBA IDE, that the password would prevent you from doing this. But there are simple methods to remove the password, and then you can go ahead with your debugging. --------------------------------------------- https://isc.sans.edu/diary/rss/26390 ∗∗∗ Analyzing Metasploit ASP .NET Payloads, (Mon, Jul 27th) ∗∗∗ --------------------------------------------- I recently helped a friend with the analysis of a Metasploit ASP .NET payload. --------------------------------------------- https://isc.sans.edu/diary/rss/26392 ∗∗∗ Ensiko: A Webshell With Ransomware Capabilities ∗∗∗ --------------------------------------------- Ensiko is a PHP web shell with ransomware capabilities that targets various platforms such as Linux, Windows, macOS, or any other platform that has PHP installed. The malware has the capability to remotely control the system and accept commands to perform malicious activities on the infected machine. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/ensiko-a-webshe… ∗∗∗ Jetzt patchen! Angreifer attackieren BIG-IP Appliances von F5 ∗∗∗ --------------------------------------------- Derzeit haben Angreifer eine kritische Sicherheitslücke in verschiedenen BIG-IP Appliances im Visier. Sicherheitsupdates sind verfügbar. --------------------------------------------- https://heise.de/-4852900 ∗∗∗ Evolution of Valak, from Its Beginnings to Mass Distribution ∗∗∗ --------------------------------------------- Valak is an information stealer and malware loader that has become increasingly common in our threat landscape and is being mass distributed by an actor known as Shathak/TA551.The post Evolution of Valak, from Its Beginnings to Mass Distribution appeared first on Unit42. --------------------------------------------- https://unit42.paloaltonetworks.com/valak-evolution/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (e2fsprogs, ffmpeg, milkytracker, mupdf, openjdk-11, and qemu), Fedora (bashtop), Gentoo (ant, arpwatch, awstats, cacti, chromium, curl, dbus, djvu, filezilla, firefox, freexl, fuseiso, fwupd, glib-networking, haml, hylafaxplus, icinga, jhead, lha, libexif, libreswan, netqmail, nss, ntfs3g, ntp, ocaml, okular, ossec-hids, qtgui, qtnetwork, re2c, reportlab, samba, sarg, sqlite, thunderbird, transmission, tre, twisted, webkit-gtk, wireshark, and xen), --------------------------------------------- https://lwn.net/Articles/827153/ ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by an information disclosure vulnerability (CVE-2020-4498) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by an information disclosure vulnerability (CVE-2018-20852) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-18066) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a buffer overflow vulnerability (CVE-2015-2716) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2019-13232) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM MQ Appliance (CVE-2020-4025 and CVE-2020-4203) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Security vulnerabilities have been identified in BigFix Platform shipped with IBM License Metric Tool. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: Security vulnerability has been identified in BigFix Platform shipped with IBM License Metric Tool. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-ha… ∗∗∗ Security Bulletin: IBM MQ Appliance affected by an OpenSSL vulnerability (CVE-2019-1551) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-affected… ∗∗∗ Security Bulletin: Udaya testing on production 12345 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-udaya-testing-on-producti… ∗∗∗ Security Bulletin: Dev team testing on production 123 456 789 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-dev-team-testing-on-produ… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.07.2020
by Daily end-of-shift report 24 Jul '20

24 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-07-2020 18:00 − Freitag 24-07-2020 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ 5 severe D-Link router vulnerabilities disclosed, patch now ∗∗∗ --------------------------------------------- 5 severe D-Link vulnerabilities have been disclosed that could allow an attacker to take complete control over a router without needing to login. --------------------------------------------- https://www.bleepingcomputer.com/news/security/5-severe-d-link-router-vulne… ∗∗∗ Sicherheitslücke: Wenn das Youtube-Tutorial die Cloud-Zugangsdaten leakt ∗∗∗ --------------------------------------------- Sicherheitsforscher haben Hunderte Youtube-Tutorials ausgewertet und immer wieder Zugangsdaten entdeckt - mit diesen konnten sie sich auf AWS einloggen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-wenn-das-youtube-tutorial-die-c… ∗∗∗ MMS Exploit Part 2: Effective Fuzzing of the Qmage Codec ∗∗∗ --------------------------------------------- This post is the second of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-2-effective… ∗∗∗ Compromized Desktop Applications by Web Technologies, (Fri, Jul 24th) ∗∗∗ --------------------------------------------- For a long time now, it has been said that "the new operating system is the browser". Today, we do everything in our browsers, we connect to the office, we process emails, documents, we chat, we perform our system maintenances, ... But many popular web applications provide also desktop client: Twitter, Facebook, Slack are good examples. Such applications just replace the classic browser and use the API [...] --------------------------------------------- https://isc.sans.edu/diary/rss/26384 ∗∗∗ Garmin Connect: Ausfall offenbar nach Ransomware-Attacke ∗∗∗ --------------------------------------------- Eine Ransomware-Attacke hat Server von Garmin lahmgelegt. Fitnesstracker und Sportuhren lassen sich nicht synchronisieren. Der Ausfall dauert wohl mehrere Tage. --------------------------------------------- https://heise.de/-4851576 ∗∗∗ New variant of Phobos ransomware is coming ∗∗∗ --------------------------------------------- In recent years, the spread of ransomware has become increasingly severe, thousands of servers and databases around the world have been invaded and destroyed. --------------------------------------------- https://blog.360totalsecurity.com/en/new-variant-of-phobos-ransomware-is-co… ∗∗∗ „Letzte Mahnung“: Ignorieren Sie diese betrügerische BAWAG-Mail! ∗∗∗ --------------------------------------------- BetrügerInnen senden derzeit vermehrt E-Mails im Namen der Bank „BAWAG P.S.K.“. Darin werden Sie aufgefordert einen neuen Dienst zu aktivieren, indem Sie Ihre Bankdaten auf einer gefälschten BAWAG-Seite eingeben sollen. Achtung, diese Daten landen direkt in den Händen der Kriminelle! --------------------------------------------- https://www.watchlist-internet.at/news/letzte-mahnung-ignorieren-sie-diese-… ===================== = Vulnerabilities = ===================== ∗∗∗ Easy Breadcrumb - Moderately critical - Cross site scripting - SA-CONTRIB-2020-027 ∗∗∗ --------------------------------------------- Project: Easy BreadcrumbVersion: 8.x-1.128.x-1.10Date: 2020-July-22Security risk: Moderately critical 13∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross site scriptingDescription: This module enables you to use the current URL (path alias) and the current pages title to automatically extract the breadcrumbs segments and its respective links then show them as breadcrumbs on your website.The module doesnt sufficiently sanitize editor input in certain --------------------------------------------- https://www.drupal.org/sa-contrib-2020-027 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (qemu), Fedora (java-11-openjdk, mod_authnz_pam, podofo, and python27), openSUSE (cni-plugins, tomcat, and xmlgraphics-batik), Oracle (dbus and thunderbird), SUSE (freerdp, kernel, libraw, perl-YAML-LibYAML, and samba), and Ubuntu (libvncserver and openjdk-lts). --------------------------------------------- https://lwn.net/Articles/826965/ ∗∗∗ Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Verify Gateway does not sufficiently guard against unauthorized API calls (PSIRT-ADV0022379) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-does-n… ∗∗∗ Security Bulletin: IBM QRadar Advisor with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input (CVE-2020-4408) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-advisor-with-w… ∗∗∗ Security Bulletin: IBM Verify Gateway PAM components do not set restricted access permission for debug logs (CVE-2020-4405) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-pam-co… ∗∗∗ Privilege Escalation Vulnerability in SteelCentral Aternity Agent ∗∗∗ --------------------------------------------- https://sec-consult.com/./en/blog/advisories/privilege-escalation-vulnerabi… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.07.2020
by Daily end-of-shift report 23 Jul '20

23 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-07-2020 18:00 − Donnerstag 23-07-2020 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Popular Chinese-Made Drone Is Found To Have Security Weakness ∗∗∗ --------------------------------------------- Cybersecurity researchers revealed on Thursday a newfound vulnerability in an app that controls the worlds most popular consumer drones, threatening to intensify the growing tensions between China and the United States. From a report: In two reports, the researchers contended that an app on Googles Android operating system that powers drones made by China-based Da Jiang Innovations, or DJI, collects large amounts of personal information that could be exploited .. --------------------------------------------- https://it.slashdot.org/story/20/07/23/1437214/ ∗∗∗ Skimmers in Images & GitHub Repos ∗∗∗ --------------------------------------------- MalwareBytes recently shared some information about web skimmers that store malicious code inside real .ico files. During a routine investigation, we detected a similar issue. Instead of targeting .ico files, however, attackers chose to inject content into real .png files — both on compromised sites and in booby trapped Magento repos on GitHub. Googletagmanager.png Our security analyst Keith Petkus found this piece of malware injected on a compromised Magento 2.x site. --------------------------------------------- https://blog.sucuri.net/2020/07/skimmers-in-images-github-repos.html ∗∗∗ Towards native security defenses for the web ecosystem ∗∗∗ --------------------------------------------- With the recent launch of Chrome 83, and the upcoming release of Mozilla Firefox 79, web developers are gaining powerful new security mechanisms to protect their applications from common web vulnerabilities. In this post we share how our Information Security Engineering team is deploying Trusted Types, Content Security Policy, Fetch Metadata Request Headers and the Cross-Origin Opener Policy across Google to help guide and inspire other developers to similarly adopt these features to protect their applications. --------------------------------------------- https://security.googleblog.com/2020/07/towards-native-security-defenses-fo… ∗∗∗ Forensoftware vBulletin: Schlecht programmiertes Testskript als mögliche Gefahr ∗∗∗ --------------------------------------------- Wer das Skript vb_test.php zum Test von vBulletin-Installationsvoraussetzungen nutzt, sollte es danach wegen gefährlicher Lücken sofort vom Server löschen. --------------------------------------------- https://heise.de/-4851012 ===================== = Vulnerabilities = ===================== ∗∗∗ ASUS Router Vulnerable to Fake Updates and XSS ∗∗∗ --------------------------------------------- Recently ASUS patched two issues I discovered in the RT-AC1900P router firmware update functionality. These vulnerabilities could allow for complete compromise of the router and all traffic that traverses it. Finding 1: Update Accepts Forged Server Certificates (CVE-2020-15498) Finding 2: XSS in Release Notes Dialog Window (CVE-2020-15499) --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/asus-router… ∗∗∗ Drupal: Modal Form - Critical - Access bypass - SA-CONTRIB-2020-029 ∗∗∗ --------------------------------------------- Project: Modal Form Version: 8.x-1.x-dev Date: 2020-July-22 Security risk: Critical 16∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All Vulnerability: Access bypass Description: The Modal form module is a toolset for quick start of using forms in modal windows.Any form is available for view and submit when the modal_form module is installed. The only requirement is to know the forms fully-qualified class name. Solution: Upgrade to modal_form-8.x-1.2. --------------------------------------------- https://www.drupal.org/sa-contrib-2020-029 ∗∗∗ Sicherheitsupdate: Netzwerk-Schützer von Cisco sind löchrig ∗∗∗ --------------------------------------------- Admins, die Netzwerke mit Hard- und Software von Cisco schützen, sollten aus Sicherheitsgründen die aktuellen Versionen von Adaptive Security Appliance (ASA) und Firepower Threat Defense (FTD) installieren. ... Ein entfernter und unangemeldeter Angreifer könnte mittels präparierter HTTP-Anfragen auf das Web-Services-Dateisystem von anvisierten Geräten zugreifen (Directory-Traversal-Attacke). Dieses Dateisystem ist aber nur verfügbar, wenn Any-Connect- oder WebVPN-Features aktiviert sind. Davon sind alle Geräte mit verwundbaren ASA- und FTD-Versionen betroffen. (CVE-2020-3452) --------------------------------------------- https://heise.de/-4850949 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (poppler and tomcat8), Fedora (cacti, cacti-spine, java-1.8.0-openjdk, mbedtls, mingw-python3, singularity, and xen), openSUSE (firefox, redis, and singularity), Red Hat (samba), SUSE (java-11-openjdk, qemu, and vino), and Ubuntu (ffmpeg and pillow). --------------------------------------------- https://lwn.net/Articles/826841/ ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Z Development and Test Environment – April 2020 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Novalink is impacted by Denial of service vulnerability in WebSphere Application Server Liberty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-d… ∗∗∗ Security Bulletin: Websphere Application Server Liberty vulnerabilities used by IBM Streams ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Java vulnerability CVE-2019-2949 affecting IBM Streams ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerability-cve-20… ∗∗∗ Security Bulletin: IBM WebSphere Application Server Network Deployment security vulnerabilities in IBM Content Foundation on Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application… ∗∗∗ Security Bulletin: Vulnerability exists in Watson Explorer (CVE-2020-4329) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-exists-in-w… ∗∗∗ Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2020-1967) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affects-wat… ∗∗∗ Security Bulletin: WebSphere security vulnerability in IBM Content Foundation on Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-security-vulner… ∗∗∗ Security Bulletin: Java vulnerabilities affecting IBM Streams ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerabilities-affe… ∗∗∗ Security Bulletin: Cross Site Scripting security vulnerabilities in FileNet Content Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-secu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.07.2020
by Daily end-of-shift report 22 Jul '20

22 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-07-2020 18:00 − Mittwoch 22-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Cybercrime: Der Kampf um die Router ∗∗∗ --------------------------------------------- Router sind für Cyber-Kriminelle eine wichtige Ressource. Das rechtfertigt auch außergewöhnliche Maßnahmen. --------------------------------------------- https://heise.de/-4848764 ∗∗∗ Arbeiterkammer warnt: Bewertungen können zur Falle werden! ∗∗∗ --------------------------------------------- Gesucht: italienische Pizzeria. Gefunden: Pizzeria mit top Bewertungen! Vorsicht! Auch bei Online-Bewertungen gibt es Betrug. So kaufen Unternehmen Fake-Bewertungen, die die Unternehmen besser dastehen lassen sollen als sie sind. Gleichzeitig müssen auch Sie bei Bewertungen darauf achten, was Sie schreiben. Ansonsten könnte eine Klage drohen. Arbeiterkammer (AK) und Internet Ombudsmann haben rechtliche Fragen bei Bewertungsplattformen unter die Lupe genommen. --------------------------------------------- https://www.watchlist-internet.at/news/arbeiterkammer-warnt-bewertungen-koe… ∗∗∗ Phishing-Kampagne nutzt Googles Cloud-Dienste zum Diebstahl von Office-365-Anmeldedaten ∗∗∗ --------------------------------------------- Die Hacker hosten auf Google Drive eine speziell gestaltete PDF-Datei. Die Google Cloud stellt für den Angriff auch eine Phishing-Website bereit. Ähnliche Attacken missbrauchen auch Cloud-Dienste anderer Anbieter wie Microsoft Azur. --------------------------------------------- https://www.zdnet.de/88381697/phishing-kampagne-nutzt-googles-cloud-dienste… ∗∗∗ Emotet botnet is now heavily spreading QakBot malware ∗∗∗ --------------------------------------------- Researchers tracking Emotet botnet noticed that the malware started to push QakBot banking trojan at an unusually high rate, replacing the longtime TrickBot payload. --------------------------------------------- https://www.bleepingcomputer.com/news/security/emotet-botnet-is-now-heavily… ∗∗∗ Format String Vulnerabilities ∗∗∗ --------------------------------------------- C++ and strings The C++ programming language has a couple of different variable types designed to manage text data. These include C strings, which are defined as arrays of characters, and the C++ string data type. These types of variables can be used for a variety of different purposes. The most visible is printing messages [...] --------------------------------------------- https://resources.infosecinstitute.com/format-string-vulnerabilities/ ∗∗∗ Command Injection Vulnerabilities ∗∗∗ --------------------------------------------- What is a command injection vulnerability? Many applications are not designed to be wholly self-contained. They often access external systems as well, including databases, application programming interfaces (APIs) and others. Some applications are designed to run commands within the terminal of the system that they are running on. For example, a program may wish to [...] --------------------------------------------- https://resources.infosecinstitute.com/command-injection-vulnerabilities/ ∗∗∗ How to configure Internet Options for Local Group Policy ∗∗∗ --------------------------------------------- Does this sound familiar? “Welcome to Monopoly!” “All right, now we’re going to go with auctions if you don’t buy.” “Why? That’s so annoying!” “Because if we don’t, it takes forever.” “All right, fine, but I want money if I land on Free Parking.” “Fine, if that’s what it takes. But I want ‘even [...] --------------------------------------------- https://resources.infosecinstitute.com/how-to-configure-internet-options-fo… ∗∗∗ MATA: Multi-platform targeted malware framework ∗∗∗ --------------------------------------------- The MATA malware framework possesses several components, such as loader, orchestrator and plugins. The framework is able to target Windows, Linux and macOS operating systems. --------------------------------------------- https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/ ∗∗∗ A few IoCs related to CVE-2020-5092, (Wed, Jul 22nd) ∗∗∗ --------------------------------------------- I know I am a bit late to the game, but a couple of weeks ago I responded to an incident resulting from an F5 compromise related to CVE-2020-5092. As I responded I captured a number if indicators of compromise. While I have not had a lot of time to dig into them, hopefully they will be of use to somebody. --------------------------------------------- https://isc.sans.edu/diary/rss/26378 ∗∗∗ Malicious Magento User Creator ∗∗∗ --------------------------------------------- We recently found a simple malicious script leveraging Magento’s internal functions to create a new admin user with the admin role “Inchoo” ⁠— probably referring to a Croatian Magento consulting company. The script is simple but very effective and can easily be overlooked as another Magento file without closer inspection. It’s based on a sample that has been circulating the Internet since 2012 and provides a boilerplate for attackers to easily specify user [...] --------------------------------------------- https://blog.sucuri.net/2020/07/malicious-magento-user-creator.html ===================== = Vulnerabilities = ===================== ∗∗∗ Shadow Attacks: Forscher hebeln PDF-Signaturprüfung erneut aus ∗∗∗ --------------------------------------------- 2019 umgingen Forscher von der Ruhr-Universität Bochum die Signatur-Überprüfung von PDF-Software. Nun entwickelten sie erfolgreich drei neue Angriffe. --------------------------------------------- https://heise.de/-4849183 ∗∗∗ Jetzt updaten: Exploit-Code für Patchday-Lücke in SharePoint Server verfügbar ∗∗∗ --------------------------------------------- Gegen eine kritische Lücke in SharePoint Server, Visual Studio und dem .NET Framework gibt es seit dem MS-Patchday Updates. Die Gefahr eines Angriffs steigt. --------------------------------------------- https://heise.de/-4849584 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (librsvg and squid), Fedora (mailman, mingw-LibRaw, php-horde-kronolith, and targetcli), openSUSE (openconnect), Red Hat (cloud-init, container-tools:rhel8, dbus, java-1.8.0-openjdk, java-11-openjdk, jbig2dec, kernel, kpatch-patch, mod_auth_openidc:2.3, nodejs:10, openstack-keystone, rh-nodejs10-nodejs, sane-backends, thunderbird, and virt:rhel), SUSE (webkit2gtk3 and xrdp), and Ubuntu (evolution-data-server, linux, linux-aws, linux-aws-hwe, [...] --------------------------------------------- https://lwn.net/Articles/826713/ ∗∗∗ Raining SYSTEM Shells with Citrix Workspace app ∗∗∗ --------------------------------------------- TL;DR Citrix Workspace is vulnerable to a remote command execution attack running under the context of the SYSTEM account. By sending a crafted message over a named pipe and spoofing [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/raining-system-shells-with-ci… ∗∗∗ Security Advisory - fastjson Injection Vulnerability in Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200722-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in jackson-databind shipped with IBM Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Verify Gateway does not hide a cryptographic key in one of its binary files (CVE-2020-4385) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-does-n… ∗∗∗ Security Bulletin: IBM WebSphere Application Server Network Deployment security vulnerability in IBM Content Foundation on Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application… ∗∗∗ Security Bulletin: WebSphere network security vulnerability in IBM Content Foundation on Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-network-securit… ∗∗∗ Security Bulletin: SB0003748 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sb0003748/ ∗∗∗ Security Bulletin: SB0003749 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sb0003749/ ∗∗∗ Security Bulletin: WebSphere Application Server security vulnerability in FileNet Content Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Verify Gateway does not hide client secrets when debug tracing is active (CVE-2020-4372) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-does-n… ∗∗∗ Security Bulletin: IBM Verify Gateway PAM components default to cleartext storage of client secret (CVE-2020-4369) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-pam-co… ∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0746 ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0745 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.07.2020
by Daily end-of-shift report 21 Jul '20

21 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Montag 20-07-2020 18:00 − Dienstag 21-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Microsoft will disable insecure TLS in Office 365 on Oct 15 ∗∗∗ --------------------------------------------- Microsoft has set the official retirement date for the insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols in Office 365 starting with October 15, 2020, after temporarily halting deprecation enforcement for commercial customers due to COVID-19. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-will-disable-inse… ∗∗∗ Sextortion Update: The Final Final Chapter, (Mon, Jul 20th) ∗∗∗ --------------------------------------------- Even though the Sextortion emails which began in the July of 2018 are old news, and old hat, I am still tracking the BTC Addresses that were holding the money from the successful transactions. --------------------------------------------- https://isc.sans.edu/diary/rss/26334 ∗∗∗ Couple of interesting Covid-19 related stats, (Tue, Jul 21st) ∗∗∗ --------------------------------------------- It is nothing new that Covid-19 forced many organizations around the world to quickly adopt the "work from home" model, which in turn resulted in an increased number of machines offering remote access services and protocols accessible from the internet. --------------------------------------------- https://isc.sans.edu/diary/rss/26374 ∗∗∗ Understanding the Benefits of the Capability Maturity Model Integration (CMMI) ∗∗∗ --------------------------------------------- “Cybersecurity is the leading corporate governance challenge today, yet 87% of C-suite professionals and board members lack confidence in their company’s cybersecurity capabilities. Many CISOs and CSOs focus on implementing standards and frameworks, but what good is compliance if it does not improve your overall cybersecurity resilience? --------------------------------------------- https://www.tripwire.com/state-of-security/featured/understanding-benefits-… ∗∗∗ Kleinanzeigenbetrug: Das können Opfer tun ∗∗∗ --------------------------------------------- Sie haben auf einer Kleinanzeigenplattform, wie ebay, willhaben und Co ein Produkt an einen Kriminellen verkauft? Sie haben den Betrug zu spät erkannt – das Paket wurde bereits aufgegeben? Mit ein wenig Glück, viele Recherche, Kommunikation und Hartnäckigkeit können Sie das Paket möglicherweise stoppen und wieder zurückbekommen! --------------------------------------------- https://www.watchlist-internet.at/news/kleinanzeigenbetrug-das-koennen-opfe… ===================== = Vulnerabilities = ===================== ∗∗∗ Citrix Workspace app for Windows Security Update ∗∗∗ --------------------------------------------- A vulnerability has been identified in the automatic update service of Citrix Workspace app for Windows that could result in: A local user escalating their privilege level to that of an administrator on the computer running Citrix Workspace app for Windows. A remote compromise of the computer running Citrix Workspace app when Windows file sharing (SMB) is enabled. --------------------------------------------- https://support.citrix.com/article/CTX277662 ∗∗∗ Notfallpatches: Adobe stopft kritische Lücken in Bridge, Prelude und Photoshop ∗∗∗ --------------------------------------------- Der Softwarehersteller Adobe hat Sicherheitsupdates außer der Reihe für Android- und Windows-Anwendungen veröffentlicht. --------------------------------------------- https://heise.de/-4849092 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ksh), openSUSE (ant, chromium, ldb, samba, and LibVNCServer), Red Hat (dbus, kernel, kernel-rt, and NetworkManager), and SUSE (cni-plugins, firefox, openexr, Salt, salt, SUSE Manager Client Tools, and tomcat). --------------------------------------------- https://lwn.net/Articles/826603/ ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Oct 2019 CPU ( CVE-2019-2949) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: WML CE: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-sqlite-through-3-3… ∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (July 2020v1) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: SB003732 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sb003732/ ∗∗∗ Security Bulletin: WML CE: TensorFlow: In SQLite before 3.32.3, select.c mishandles query-flattener optimization ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-tensorflow-in-sqli… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect B2B API of IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht XXE ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0740 ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0741 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.07.2020
by Daily end-of-shift report 20 Jul '20

20 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 17-07-2020 18:00 − Montag 20-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Emotet: Erste Angriffswelle nach fünfmonatiger Pause ∗∗∗ --------------------------------------------- Nach mehrmonatiger Pause haben Forscher eine neue Emotet-Angriffswelle beobachtet. Die Ziele lagen vor allem in den USA sowie im Vereinigten Königreich. --------------------------------------------- https://heise.de/-4847070 ∗∗∗ How to use Windows 10 File History to make secure backups ∗∗∗ --------------------------------------------- With File History feature on Windows, you can back up copies of files that are in the Documents, Music, Pictures, Videos, and Desktop folders. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/how-to-use-windows-10-file-… ∗∗∗ Zone.Identifier: A Coupe Of Observations, (Sat, Jul 18th) ∗∗∗ --------------------------------------------- In diary entry "Sysmon and Alternate Data Streams", we reported that Sysmon records the content of small Alternate Data Streams (containing text) in the event log. This is useful for the Zone.Identifier ADS, a stream that is added by many browsers to mark a file as orginating from the Internet. Modern browsers will include extra information in Zone.Identifier, like the URL: [...] --------------------------------------------- https://isc.sans.edu/diary/rss/26366 ∗∗∗ Online-Shop-Software: Zwei-Faktor-Authentifizierung für Magento-Shops verfügbar ∗∗∗ --------------------------------------------- Admins können Online-Shops auf Magento-Basis nun effektiver gegen feindliche Übernahmen absichern. --------------------------------------------- https://heise.de/-4847660 ===================== = Vulnerabilities = ===================== ∗∗∗ Windows 10 Store wsreset tool lets attackers bypass antivirus ∗∗∗ --------------------------------------------- A technique that exploits Windows 10 Microsoft Store called wsreset.exe can delete files to bypass antivirus protection on a host without being detected. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-10-store-wsreset-too… ∗∗∗ Scanning Activity for ZeroShell Unauthenticated Access, (Sun, Jul 19th) ∗∗∗ --------------------------------------------- In the past 36 hours, an increase in scanning activity to exploit and compromise ZeroShell Linux router began. This router software had several unauthenticated remote code execution released in the past several years, the last one was CVE-2019-12725. The router latest software version can be dowloaded here. --------------------------------------------- https://isc.sans.edu/diary/rss/26368 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libopenmpt, nginx, nss, qemu, rails, redis, ruby-sanitize, and tomcat9), Fedora (glibc, libldb, nspr, nss, samba, and webkit2gtk3), openSUSE (cairo, firefox, google-compute-engine, LibVNCServer, mumble, ntp, openconnect, openexr, openldap2, pdns-recursor, python-ipaddress, rubygem-puma, samba, singularity, slirp4netns, thunderbird, xen, and xrdp), and Oracle (.NET Core, .NET Core 3.1, java-1.8.0-openjdk, java-11-openjdk, kernel, and thunderbird). --------------------------------------------- https://lwn.net/Articles/826537/ ∗∗∗ 3 Vulnerabilities Found on AvertX IP Cameras ∗∗∗ --------------------------------------------- Security cameras make up 5% of enterprise IoT devices but account for 33% of all security issues. We found three vulnerabilities in AvertX IP cameras. --------------------------------------------- https://unit42.paloaltonetworks.com/avertx-ip-cameras-vulnerabilities/ ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: WML CE: Pillow before 7.1.0 has multiple out-of-bounds reads ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-pillow-before-7-1-… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2020 – Includes Oracle Jan 2020 CPU affect IBM Content Classification ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-wo… ∗∗∗ Security Bulletin: WML CE: In Pillow before 7.1.0, there is a Buffer Overflow ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-in-pillow-before-7… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: WML CE: libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-libjpeg-turbo-2-0-… ∗∗∗ Security Bulletin: WML CE: SQLite through 3.32.2 has has a use-after-free problem. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-sqlite-through-3-3… ∗∗∗ Security Bulletin: A vulnerability in Jackson Databind affects IBM Operations Analytics Predictive Insights (CVE-2020-8840) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-jackso… ∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Rails ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.07.2020
by Daily end-of-shift report 17 Jul '20

17 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 16-07-2020 18:00 − Freitag 17-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ MMS Exploit Part 1: Introduction to the Samsung Qmage Codec and Remote Attack Surface ∗∗∗ --------------------------------------------- This post is the first of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. New posts will be published as they are completed and will be linked here when complete. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-1-introduct… ∗∗∗ Zoom Addresses Vanity URL Zero-Day ∗∗∗ --------------------------------------------- A previously undisclosed bug in Zoom’s customizable URL feature has been addressed that could have offered a hacker a perfect social-engineering avenue for stealing credentials or sensitive information. --------------------------------------------- https://threatpost.com/zoom-vanity-url-zero-day/157510/ ∗∗∗ Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors ∗∗∗ --------------------------------------------- Fake WordPress plugins appear to be trending as an effective way of establishing a foothold on compromised websites. During a recent investigation, we discovered a fake component which was masquerading as a legitimate plugin. Named SiteSpeed, it contained a lot of interesting malicious capabilities. --------------------------------------------- https://blog.sucuri.net/2020/07/fake-wordpress-plugin-sitespeed-malware-bac… ∗∗∗ capa: Automatically Identify Malware Capabilities ∗∗∗ --------------------------------------------- capa is the FLARE team’s newest open-source tool for analyzing malicious programs. Our tool provides a framework for the community to encode, recognize, and share behaviors that we’ve seen in malware. Regardless of your background, when you use capa, you invoke decades of cumulative reverse engineering experience to figure out what a program does. In this post you will learn how capa works, how to install and use the tool, and why you should integrate it into your triage workflow [...] --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/07/capa-automatically-iden… ∗∗∗ Threat modelling and IoT hubs ∗∗∗ --------------------------------------------- IoT hubs are increasingly being used to provide a single point of access to the myriad of smart devices in the home. One ring to rule them all, if rather [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/threat-modelling-and-iot-hubs/ ∗∗∗ Diese Betrugsmaschen sollten GamerInnen kennen (Teil 2) ∗∗∗ --------------------------------------------- Ob Phishing-Versuche oder Fake-Shops: Die Betrugsmaschen im Gaming-Bereich unterscheiden sich teilweise kaum von anderen Betrügereien im Internet. Wir sammeln die häufigsten Betrugsmaschen und erklären, wie Sie diese erkennen und dagegen vorgehen können. Im zweiten Teil zeigen wir Ihnen Betrugsmaschen rund um Schadsoftware, Fake-Shops und betrügerische Apps. --------------------------------------------- https://www.watchlist-internet.at/news/diese-betrugsmaschen-sollten-gamerin… ∗∗∗ Diebold Nixdorf warns of a new class of ATM black box attacks across Europe ∗∗∗ --------------------------------------------- New ATM black box (jackpotting) attacks have been spotted in Belgium. --------------------------------------------- https://www.zdnet.com/article/diebold-nixdorf-warns-of-a-new-class-of-atm-b… ∗∗∗ Mac cryptocurrency trading application rebranded, bundled with malware ∗∗∗ --------------------------------------------- ESET researchers lure GMERA malware operators to remotely control their Mac honeypots --------------------------------------------- https://www.welivesecurity.com/2020/07/16/mac-cryptocurrency-trading-applic… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (bashtop and python39), openSUSE (openexr), Red Hat (java-1.8.0-openjdk), and Scientific Linux (thunderbird). --------------------------------------------- https://lwn.net/Articles/826367/ ∗∗∗ Security Bulletin: Vulnerabilities in Dojo affect IBM Spectrum Protect for Virtual Environments (CVE-2020-5259, CVE-2020-5258) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-dojo-a… ∗∗∗ Security Bulletin: IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments are vulnerabile to Logjam (CVE-2015-4000) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-back… ∗∗∗ Security Bulletin: IBM Spectrum Protect Snapshot for VMware is vulnerable to Logjam (CVE-2015-4000) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-snap… ∗∗∗ Security Bulletin: Vulnerabilities in Dojo affect IBM Spectrum Protect Snapshot for VMware (CVE-2020-5259, CVE-2020-5258) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-dojo-a… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java JRE, 8.0-1.1 affect IBM Netezza Platform Software clients. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Addressing the Sqlite Vulnerability CVE-2020-11656, CVE-2020-11655 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-addressing-the-sqlite-vul… ∗∗∗ Security Bulletin: IBM Java Runtime Vulnerability affects IBM Spectrum Protect Snapshot for VMware (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerab… ∗∗∗ Security Bulletin: IBM WebSphere Application Server Liberty XSS Vulnerabilities Affect IBM Control Center (CVE-2020-4303, CVE-2020-4304) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application… ∗∗∗ Security Bulletin: Apache CXF XSS Vulnerability Affects IBM Control Center (CVE-2019-17573) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-xss-vulnerabil… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.07.2020
by Daily end-of-shift report 16 Jul '20

16 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 15-07-2020 18:00 − Donnerstag 16-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ BlackRock - the Trojan that wanted to get them all ∗∗∗ --------------------------------------------- Around May 2020 ThreatFabric analysts have uncovered a new strain of banking malware dubbed BlackRock that looked pretty familiar. After investigation, it became clear that this newcomer is derived from the code of the Xerxes banking malware, which itself is a strain of the LokiBot Android banking Trojan. The source code of the Xerxes malware was made public by its author around May 2019, which means that it is accessible to any threat actor. --------------------------------------------- https://www.threatfabric.com/blogs/blackrock_the_trojan_that_wanted_to_get_… ∗∗∗ Windows Server Containers Are Open, and Here’s How You Can Break Out ∗∗∗ --------------------------------------------- We demonstrate a complete technique to escalate privileges and escape Windows Server Containers.The post Windows Server Containers Are Open, and Here’s How You Can Break Out appeared first on Unit42. --------------------------------------------- https://unit42.paloaltonetworks.com/windows-server-containers-vulnerabiliti… ===================== = Vulnerabilities = ===================== ∗∗∗ Xen Security Advisory XSA-329 - Linux ioperm bitmap context switching issues ∗∗∗ --------------------------------------------- IO port permissions dont get rescinded when context switching to an unprivileged task. Therefore, all userspace can use the IO ports granted to the most recently scheduled task with IO port permissions. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-329.html ∗∗∗ Schadcode-Lücken gefährden Router von Cisco ∗∗∗ --------------------------------------------- Der Netzwerkausrüster Cisco holt zum Rundumschlag aus und veröffentlicht quer durch die eigenen Produktreihen Sicherheitsupdates. --------------------------------------------- https://heise.de/-4845109 https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&first… ∗∗∗ 2 Million Users Affected by Vulnerability in All in One SEO Pack ∗∗∗ --------------------------------------------- On July 10, 2020, our Threat Intelligence team discovered a vulnerability in All In One SEO Pack, a WordPress plugin installed on over 2 million sites. This flaw allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim accessed the wp-admin panel's [...] --------------------------------------------- https://www.wordfence.com/blog/2020/07/2-million-users-affected-by-vulnerab… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (evolution-data-server and webkit2gtk), Fedora (kernel, snapd, and xen), openSUSE (thunderbird and xen), Oracle (dbus and thunderbird), Red Hat (java-1.8.0-openjdk, java-11-openjdk, jbig2dec, sane-backends, and thunderbird), Scientific Linux (kernel), SUSE (cairo, containerd, docker, docker-runc, golang-github-docker-libnetwork, google-compute-engine, mailman, mercurial, openconnect, openexr, and xrdp), and Ubuntu (libvpx and snapd). --------------------------------------------- https://lwn.net/Articles/826288/ ∗∗∗ Synology-SA-20:18 DSM ∗∗∗ --------------------------------------------- Multiple vulnerabilities allow remote attackers to conduct man-in-the-middle attacks via a susceptible version of Synology DiskStation Manager (DSM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_18 ∗∗∗ Trend Micro Internet Security: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0724 ∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0721 ∗∗∗ macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211289 ∗∗∗ iOS 13.6 and iPadOS 13.6 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211288 ∗∗∗ tvOS 13.4.8 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211290 ∗∗∗ watchOS 6.2.8 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211291 ∗∗∗ Security Advisory - Windows DNS Server Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200716-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Oct 2019 CPU (CVE-2019-2949) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: XML External Entity Injection (XXE) Vulnerability Affects IBM Secure External Authentication Server (CVE-2020-4462) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-xml-external-entity-injec… ∗∗∗ Security Bulletin: Cross-site Scripting and Vulnerable library – JQuery v1.11.1 affects IBM Engineering Workflow Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-and-… ∗∗∗ Security Bulletin: Missing Cookie Attribute Vulnerability Affects IBM Secure Proxy ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-missing-cookie-attribute-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Jan 2020 CPU (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Java Runtime Vulnerability Affects IBM Secure External Authentication Server (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerab… ∗∗∗ Security Bulletin: : HTTP Header Weakness Affects IBM Secure External Authentication Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-http-header-weakness-affe… ∗∗∗ Security Bulletin: Cross-site scripting vulnerability affects IBM Jazz Foundation and IBM Engineering products. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Jan 2020 CPU (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.07.2020
by Daily end-of-shift report 15 Jul '20

15 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 14-07-2020 18:00 − Mittwoch 15-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Windows Server: Sigred ist eine wurmartige kritische Lücke in Windows DNS ∗∗∗ --------------------------------------------- Der Bug betrifft alle Maschinen mit Windows Server 2003 bis 2019. Microsoft rät zum Patch, da sich Malware darüber selbst ausbreiten kann. --------------------------------------------- https://www.golem.de/news/windows-server-sigred-ist-eine-wurmartige-kritisc… ∗∗∗ Spamdexing (SEO spam malware) ∗∗∗ --------------------------------------------- Introduction: About SEO spam - is my website a target? You’ve spent time and energy in positioning your website high in search engine rankings through good SEO practices. You realize, however, that someone has hijacked your site by inserting their own spam. You are a victim of SEO spam, otherwise known as spamdexing, web spam, [...] --------------------------------------------- https://resources.infosecinstitute.com/spamdexing-seo-spam-malware/ ∗∗∗ Word docs with macros for IcedID (Bokbot), (Wed, Jul 15th) ∗∗∗ --------------------------------------------- Today's diary reviews Microsoft Word documents with macros to infect vulnerable Windows hosts with IcedID malware (also known as Bokbot) on Tuesday 2020-07-14. This campaign has previously pushed Valak or Ursnif, often with IcedID as the follow-up malware to these previous infections. --------------------------------------------- https://isc.sans.edu/diary/rss/26352 ∗∗∗ Simple DGA Spotted in a Malicious PowerShell ∗∗∗ --------------------------------------------- DGA (“Domain Generation Algorithm“) is a technique implemented in some malware families to defeat defenders and to make the generation of IOC’s (and their usage – example to implement black lists) more difficult. When a piece of malware has to contact a C2 server, it uses domain names or IP [...] --------------------------------------------- https://blog.rootshell.be/2020/07/14/simple-dga-spotted-in-a-malicious-powe… ∗∗∗ Website misconfigurations and other errors to avoid ∗∗∗ --------------------------------------------- Website misconfigurations can lead to hacking, malfunction, and worse. We take a look at recent mishaps and advise site owners on how to lock down their platforms. --------------------------------------------- https://blog.malwarebytes.com/how-tos-2/2020/07/website-misconfigurations-a… ∗∗∗ Diese Betrugsmaschen sollten GamerInnen kennen (Teil 1) ∗∗∗ --------------------------------------------- Ob Phishing-Versuche oder Fake-Shops: Die Betrugsmaschen im Gaming-Bereich unterscheiden sich teilweise kaum von anderen Betrügereien im Internet. Wir sammeln die häufigsten Betrugsmaschen und erklären, wie Sie diese erkennen und dagegen vorgehen können. Im ersten Teil zeigen wir Ihnen die betrügerischen Tricks rund um Phishing und Accountdiebstahl. --------------------------------------------- https://www.watchlist-internet.at/news/diese-betrugsmaschen-sollten-gamerin… ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft July 2020 Patch Tuesday - Patch Now!, (Tue, Jul 14th) ∗∗∗ --------------------------------------------- This month we got patches for 123 vulnerabilities. Of these, 17 are critical and 2 were previously disclosed. --------------------------------------------- https://isc.sans.edu/diary/rss/26350 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (dbus), Debian (python3.5), Fedora (podofo and roundcubemail), Oracle (dbus, dovecot, jbig2dec, kernel, nodejs:10, nodejs:12, sane-backends, and thunderbird), Red Hat (.NET Core and kernel), SUSE (ansible, ansible1, ardana-ansible, ardana-cluster, ardana-freezer, ardana-input-model, ardana-logging, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, [...] --------------------------------------------- https://lwn.net/Articles/826181/ ∗∗∗ Security Advisory - Two Vulnerabilities in SaltStack Salt ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200715-… ∗∗∗ Security Advisory - Apache Tomcat File Inclusion Vulnerability ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200715-… ∗∗∗ Security Bulletin: IBM has released a Unified Extensible Firmware Interface (UEFI) fix in response to an Intel escalation of information disclosure vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-released-a-unifie… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Apr 2020 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerabilities in Java affect the IBM FlashSystem 900 (CVE-2019-2989 and CVE-2019-2964) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-a… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Apr 2020 CPU (CVE-2020-2805, CVE-2020-2803, CVE-2020-2757, CVE-2020-2756) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM eDiscovery Analyzer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Apache Tomcat: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0717 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.07.2020
by Daily end-of-shift report 14 Jul '20

14 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Montag 13-07-2020 18:00 − Dienstag 14-07-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ SCANdalous! (External Detection Using Network Scan Data and Automation) ∗∗∗ --------------------------------------------- Real Quick In case you’re thrown by that fantastic title, our lawyers made us change the name of this project so we wouldn’t get sued. SCANdalous—a.k.a. Scannah Montana a.k.a. Scanny McScanface a.k.a. “Scan I Kick It? (Yes You Scan)”—had another name before today that, for legal reasons, we’re keeping to ourselves. A special thanks to our legal team who is always looking out for us, this blog post would be a lot less fun without them. Strap in folks. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/07/scandalous-external-det… ∗∗∗ Vorsicht vor betrügerischer Werbung auf Facebook ∗∗∗ --------------------------------------------- Facebook und Instagram, durchaus lukrative Werbekanäle. Dass haben auch Kriminelle erkannt. Mit der Botschaft, dass die Shops luvpatient.com, liebesfreund.de und colorootd.com die Corona-Krise angeblich nicht überstanden haben, werden Produkte zu sehr günstigen Preisen im Feed oder zwischen den Stories beworben. Doch Vorsicht: Die bestellte Ware kommt nicht oder nur in minderwertiger Qualität an! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-betruegerischer-werbung… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Creative Cloud Desktop Application (APSB20-33), Adobe Media Encoder (APSB20-36), Adobe Genuine Service (APSB20-37), Adobe ColdFusion (APSB20-43) and Adobe Download Manager (APSB20-49). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1893 ∗∗∗ SAP Patchday Juli 2020 ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in mehreren SAP Produkten ausnutzen, um die Kontrolle über SAP Anwendungen zu übernehmen, um Informationen offenzulegen, um einen Cross-Site Scripting Angriff durchzuführen und um weitere, nicht spezifizierte Auswirkungen zu erreichen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0690 ∗∗∗ SSA-305120 (Last Update: 2020-07-14): Vulnerabilities in SICAM MMU, SICAM T and SICAM SGU ∗∗∗ --------------------------------------------- SICAM MMU, SICAM T and the discontinued SICAM SGU devices are affected by multiple security vulnerabilities which could allow an attacker to perform a variety of attacks. This may include unauthenticated firmware installation, remote code execution and leakage of confidential data like passwords. Siemens has released updates to introduce authentication to the web application. It is still recommended to implement further mitigations, as most of the vulnerabilities might not be sufficiently [...] --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-305120.txt ∗∗∗ SSA-364335 (Last Update: 2020-07-14): Clear Text Transmission Vulnerability on SIMATIC HMI Panels ∗∗∗ --------------------------------------------- A clear text transmission vulnerability in SIMATIC HMI panels could allow an attacker to access sensitive information under certain circumstances.Siemens recommends specific countermeasures to mitigate this vulnerability. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-364335.txt ∗∗∗ SSA-573753 (Last Update: 2020-07-14): Remote Code Execution in Siemens LOGO! Web Server ∗∗∗ --------------------------------------------- The latest update for LOGO! 8 BM devices fixes a vulnerability that could allow remote code execution in the web server functionality.Siemens provides a firmware update for the latest versions of LOGO! BM. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-573753.txt ∗∗∗ SSA-589181 (Last Update: 2020-07-14): Denial-Of-Service in SIMATIC S7-200 SMART CPU Family Devices ∗∗∗ --------------------------------------------- The latest update for SIMATIC S7-200 SMART fixes a vulnerability that could allow an attacker to cause a permanent Denial-of-Service of an affected device by sending a large number of crafted packets.Siemens has released an update for the SIMATIC S7-200 SMART CPU family and recommends that customers update to the latest version. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-589181.txt ∗∗∗ SSA-604937 (Last Update: 2020-07-14): Multiple Web Server Vulnerabilities in Opcenter Execution Core ∗∗∗ --------------------------------------------- The latest update of Opcenter Execution Core fixes multiple vulnerabilities where the most severe could allow an attacker to perform a cross-site scripting (XSS) attack under certain conditions.Siemens has released an update for the Opcenter Execution Core and recommends that customers update to the latest version. Siemens recommends specific countermeasures as there are currently no further fixes available. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-604937.txt ∗∗∗ SSA-631949 (Last Update: 2020-07-14): Ripple20 and Intel SPS Vulnerabilities in SPPA-T3000 Solutions ∗∗∗ --------------------------------------------- SPPA-T3000 solutions are affected by vulnerabilities that were recently dislosed by JSOF research lab (“Ripple20”) for the TCP/IP stack used in APC UPS systems, and by Intel for the Server Platform Services (SPS) used in SPPA-T3000 Application Server and Terminal Server hardware.The advisory provides information to what amount SPAA-T3000 solutions are affected. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-631949.txt ∗∗∗ SSA-841348 (Last Update: 2020-07-14): Multiple Vulnerabilities in the UMC Stack ∗∗∗ --------------------------------------------- The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative privileges to execute code with SYSTEM level privileges. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-841348.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (mingw-podofo and python-rsa), openSUSE (LibVNCServer, mozilla-nss, nasm, openldap2, and permissions), Red Hat (dovecot, sane-backends, and thunderbird), Scientific Linux (dbus), and SUSE (firefox and thunderbird). --------------------------------------------- https://lwn.net/Articles/826113/ ∗∗∗ [20200706] - Core - System Information screen could expose redis or proxy credentials ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/823-20200706-core-system-i… ∗∗∗ [20200705] - Core - Escape mod_random_image link ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/822-20200705-core-escape-m… ∗∗∗ [20200704] - Core - Variable tampering via user table class ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/821-20200704-core-variable… ∗∗∗ [20200703] - Core - CSRF in com_privacy remove-request feature ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/820-20200703-core-csrf-in-… ∗∗∗ [20200702] - Core - Missing checks can lead to a broken usergroups table record ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/819-20200702-core-missing-… ∗∗∗ [20200701] - Core - CSRF in com_installer ajax_install endpoint ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/818-20200701-core-csrf-in-… ∗∗∗ Security Bulletin: Apache Tika as used by IBM QRadar SIEM is vulnerable to a denial of service (CVE-2020-1951, CVE-2020-1950) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-tika-as-used-by-ib… ∗∗∗ Security Bulletin: IBM QRadar is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2020-4510) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-is-vulnerable-… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (CVE-2020-4513) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: Vulnerabilities in Java affect the IBM FlashSystem 900 (CVE-2019-2989 and CVE-2019-2964) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-a… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to denial of service (CVE-2020-4511) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to command injection (CVE-2020-4512) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (CVE-2020-4364) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.07.2020
by Daily end-of-shift report 13 Jul '20

13 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 10-07-2020 18:00 − Montag 13-07-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Malware adds online sandbox detection to evade analysis ∗∗∗ --------------------------------------------- Malware developers are now checking if their malware is running in the Any.Run malware analysis service to prevent their malware from being easily analyzed by researchers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malware-adds-anyrun-sandbox-… ∗∗∗ Hidden Miners ∗∗∗ --------------------------------------------- It is always a good idea to have multiple options when it comes to making a profit. This is especially true for criminals. Having a backdoor is nice, but having the backdoored system directly make money is even better. --------------------------------------------- https://www.gdatasoftware.com/blog/2020/07/36122-hidden-miners ∗∗∗ Scanning Home Internet Facing Devices to Exploit, (Sat, Jul 11th) ∗∗∗ --------------------------------------------- In the past 45 days, I noticed a surge of activity in my honeypot logs for home router exploitation. This is a summary of the various hosts and IP addresses with potential exploit packages available for download. What is also interesting is the fact that most URL were only IP based, no hostname associated with them. --------------------------------------------- https://isc.sans.edu/diary/rss/26340 ∗∗∗ Injecting Magecart into Magento Global Config ∗∗∗ --------------------------------------------- At the beginning of June 2020, we were contacted about a Magento website breach that caused a leak of credit card numbers. A thorough analysis of the website identified the webpage’s footer had malicious code added to it. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/injecting-m… ∗∗∗ Introducing Winbindex - the Windows Binaries Index ∗∗∗ --------------------------------------------- I indexed all Windows files which appear in Windows update packages, and created a website which allows to quickly view information about the files and download some of them from Microsoft servers. The files that can be downloaded are executable files (currently exe, dll and sys files). --------------------------------------------- https://m417z.com/Introducing-Winbindex-the-Windows-Binaries-Index/ ∗∗∗ Threat spotlight: WastedLocker, customized ransomware ∗∗∗ --------------------------------------------- WastedLocker ransomware, attributed to the Russian Evil Corp gang, is such a targeted threat, you might call it a custom-built ransomware family. --------------------------------------------- https://blog.malwarebytes.com/threat-spotlight/2020/07/threat-spotlight-was… ∗∗∗ TrickBot Malware Warning Victims of Infection by Mistake ∗∗∗ --------------------------------------------- Security researchers observed some variants of the TrickBot malware family mistakenly warning victims that they had suffered an infection. Advanced Intel’s Vitali Kremez traced the mistake to “password-stealing grabber.dll.” This module is responsible for stealing browser credentials and cookies from Google Chrome, Microsoft Edge and other web browsers that are stored on a victim’s machine. --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/trickbo… ∗∗∗ TrickBots new API-Hammering explained ∗∗∗ --------------------------------------------- As usual, at Joe Security, we keep a close eye on evasive malware. Some days ago we detected an interesting sample, MD5: b32d28ebab62e99cd2d46aca8b2ffb81. It turned out to be a new TrickBot sample using API hammering to bypass analysis. In this blog post, we will outline the evasion and explain how it works. --------------------------------------------- http://blog.joesecurity.org/2020/07/trickbots-new-api-hammering-explained.h… ∗∗∗ Researchers create magstripe versions from EMV and contactless cards ∗∗∗ --------------------------------------------- Banking industry loophole reported more than a decade ago still remains open and ripe for exploitation today. --------------------------------------------- https://www.zdnet.com/article/researchers-create-magstripe-versions-of-emv-… ∗∗∗ This botnet has surged back into action spreading a new ransomware campaign via phishing emails ∗∗∗ --------------------------------------------- Theres been a big jump in Phorpiex botnet activity - but its a trojan malware attack that was the most common malware campaign in June. --------------------------------------------- https://www.zdnet.com/article/this-botnet-has-surged-back-into-action-sprea… ===================== = Vulnerabilities = ===================== ∗∗∗ Popular TP-Link Family of Kasa Security Cams Vulnerable to Attack ∗∗∗ --------------------------------------------- Researcher warns the highly-rated Kasa family of security cameras have bugs that gives hackers access to private video feeds and settings. --------------------------------------------- https://threatpost.com/popular-tp-link-family-of-kasa-security-cams-vulnera… ∗∗∗ macOS-Sicherheitslücke: Komplettes Dateisystem ohne Zugriffsrechte auslesbar ∗∗∗ --------------------------------------------- In mount_apfs steckte ein Bug, der Apples Systemschutz zumindest read-only aushebeln konnte. Ein Fix ist da, doch der ist eher ungewöhnlich. --------------------------------------------- https://heise.de/-4841670 ∗∗∗ Remote Code Execution Vulnerability in Zoom Client for Windows (0day) ∗∗∗ --------------------------------------------- [Update 7/13/2020: Zoom only took one (!) day to issue a new version of Client for Windows that fixes this vulnerability, which is remarkable. We have reviewed their fix and can confirm that it efficiently resolves the vulnerability. --------------------------------------------- https://blog.0patch.com/2020/07/remote-code-execution-vulnerability-in.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, mailman, openjpeg2, ruby-rack, squid3, tomcat8, and xen), Fedora (botan2, kernel, LibRaw, mingw-OpenEXR, mingw-podofo, podofo, seamonkey, squid, and webkit2gtk3), Mageia (ffmpeg, mbedtls, mediawiki, and xpdf), Oracle (kernel), Red Hat (bind, dbus, jbig2dec, and rh-nodejs12-nodejs), and SUSE (graphviz and xen). --------------------------------------------- https://lwn.net/Articles/826038/ ∗∗∗ Sophos XG Firewall: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0686 ∗∗∗ Atlassian Jira Software: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0688 ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0687 ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.8 ESR) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.1.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Addressing the Sqlite Vulnerability CVE-2020-11656, CVE-2020-11655 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-addressing-the-sqlite-vul… ∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM StoredIQ InstaScan ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM StoredIQ InstaScan (CVE-2019-17495) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM StoredIQ InstaScan ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability identified in Apache ActiveMQ used in Cloud Pak System (CVE-2020-1941) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-identified-… ∗∗∗ Security Bulletin: IBM StoredIQ is affected by a vulnerability in NGINX (CVE-2019-20372) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-storediq-is-affected-… ∗∗∗ Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM StoredIQ (CVE-2019-17495) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.07.2020
by Daily end-of-shift report 10 Jul '20

10 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 09-07-2020 18:00 − Freitag 10-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ tag2domain - a system for labeling DNS domains ∗∗∗ --------------------------------------------- Tag2domain - doing proper statistics on domain names In the course of nic.at’s Connecting Europe Facilities (CEF) project CEF-TC-2018-3 we were able to focus on some long overdue but relevant research: a tagging / labeling database of domain names. --------------------------------------------- https://cert.at/en/blog/2020/7/tag2domain ∗∗∗ Conti ransomware shows signs of being a Ryuk successor ∗∗∗ --------------------------------------------- The Conti Ransomware is an upcoming threat targeting corporate networks with new features that allow it to perform quicker and more targeted attacks. There are also indications that this ransomware shares the same malware code as Ryuk, who has slowly been fading away, while Contis distribution is increasing. --------------------------------------------- https://www.bleepingcomputer.com/news/security/conti-ransomware-shows-signs… ∗∗∗ How to unc0ver a 0-day in 4 hours or less ∗∗∗ --------------------------------------------- By Brandon Azad, Project Zero. At 3 PM PDT on May 23, 2020, the unc0ver jailbreak was released for iOS 13.5 (the latest signed version at the time of release) using a zero-day vulnerability and heavy obfuscation. By 7 PM, I had identified the vulnerability and informed Apple. By 1 AM, I had sent Apple a POC and my analysis. This post takes you along that journey. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/07/how-to-unc0ver-0-day-in-4-ho… ∗∗∗ Report: Most Popular Home Routers Have ‘Critical’ Flaws ∗∗∗ --------------------------------------------- Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates don’t fix. --------------------------------------------- https://threatpost.com/report-most-popular-home-routers-have-critical-flaws… ∗∗∗ Excel spreasheet macro kicks off Formbook infection, (Fri, Jul 10th) ∗∗∗ --------------------------------------------- Today's diary covers a Formbook infection from Thursday, June 9th 2020. --------------------------------------------- https://isc.sans.edu/diary/rss/26332 ∗∗∗ Fintechs im Visier – Analyse der Evilnum‑Malware ∗∗∗ --------------------------------------------- Bei der Analyse der Angriffe auf Fintech-Unternehmen fanden ESET Forscher selbstentwickelte Tools und interessante Parallelen zu anderen APT-Gruppen. --------------------------------------------- https://www.welivesecurity.com/deutsch/2020/07/08/fintechs-im-visier-analys… ===================== = Vulnerabilities = ===================== ∗∗∗ Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data ∗∗∗ --------------------------------------------- The backdoor accounts grant access to a secret Telnet admin account running on the devices external WAN interface. --------------------------------------------- https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devic… ∗∗∗ VMSA-2020-0017 ∗∗∗ --------------------------------------------- A privilege escalation vulnerability in VMware Fusion, VMRC for Mac and Horizon Client for Mac was privately reported to VMware. Updates are available to address this vulnerability. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0017.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (curl, LibRaw, python-pillow, and python36), Mageia (coturn, samba, and vino), openSUSE (opera), and Ubuntu (openssl). --------------------------------------------- https://lwn.net/Articles/825850/ ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2020 – Includes Oracle Jan 2020 CPU affect IBM Content Classification ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java™ Technology Edition for IBM Content Classification ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-2949-may-affect-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.07.2020
by Daily end-of-shift report 09 Jul '20

09 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 08-07-2020 18:00 − Donnerstag 09-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Active Exploit Attempts Targeting Recent Citrix ADC Vulnerabilities CTX276688 , (Thu, Jul 9th) ∗∗∗ --------------------------------------------- I just can't get away from vulnerabilities in perimeter security devices. In the last couple of days, I spent a lot of time with our F5 BigIP honeypot. But looks like I have to revive the Citrix honeypot again. As of today, my F5 honeypot is getting hit by attempts to exploit two of the Citrix vulnerabilities disclosed this week [1]. Details with proof of concept code snippets were released yesterday [2]. --------------------------------------------- https://isc.sans.edu/diary/rss/26330 ∗∗∗ Citrix provides context on Security Bulletin CTX276688 ∗∗∗ --------------------------------------------- [...] Standard procedure for most software companies in advising customers of vulnerabilities is limited to the publication of the bulletin and related CVEs. In this case, however, to avoid confusion and limit the potential for misinterpretation in the industry and our customer set, I am using this space to provide brief additional context. --------------------------------------------- https://www.citrix.com/blogs/2020/07/07/citrix-provides-context-on-security… ∗∗∗ Protecting your remote workforce from application-based attacks like consent phishing ∗∗∗ --------------------------------------------- [...] Today developers are building apps by integrating user and organizational data from cloud platforms to enhance and personalize their experiences. These cloud platforms are rich in data but in turn have attracted malicious actors seeking to gain unwarranted access to this data. One such attack is consent phishing, where attackers trick users into granting a malicious app access to sensitive data or other resources. --------------------------------------------- https://www.microsoft.com/security/blog/?p=91507 ∗∗∗ Unerwartete Kreditkartenabbuchung von shockdeals247.com? ∗∗∗ --------------------------------------------- Wurde von Ihrer Kreditkarte unerwartet Geld von shockdeals247.com abgebucht obwohl Sie dort keine Mitgliedschaft abgeschlossen haben? Können Sie sich nicht erklären, warum dieses Unternehmen Monat für Monat einen Betrag von Ihrem Konto abbucht? Sie sind höchstwahrscheinlich in eine Abo-Falle getappt! Hier erfahren Sie, wie Sie das Problem lösen können. --------------------------------------------- https://www.watchlist-internet.at/news/unerwartete-kreditkartenabbuchung-vo… ===================== = Vulnerabilities = ===================== ∗∗∗ Palo-Alto-Firewalls: Root-Lücke lässt Schadcode passieren ∗∗∗ --------------------------------------------- Es gibt erneut wichtige Sicherheitsupdates für das Betriebssystem von Palo-Alto-Firewalls. Derzeit soll es noch keine Attacken geben. --------------------------------------------- https://heise.de/-4839716 ∗∗∗ Remote Code Execution Vulnerability in Zoom Client for Windows (0day) ∗∗∗ --------------------------------------------- [...] We analyzed the issue and determined it to be only exploitable on Windows 7 and older Windows systems. While Microsoft's official support for Windows 7 has ended this January, there are still millions of home and corporate users out there prolonging its life with Microsoft's Extended Security Updates or with 0patch. --------------------------------------------- https://blog.0patch.com/2020/07/remote-code-execution-vulnerability-in.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (ffmpeg, fwupd, ruby2.5, and shiro), Fedora (freerdp, gssdp, gupnp, mingw-pcre2, remmina, and xrdp), openSUSE (chocolate-doom), Oracle (firefox and kernel), and Ubuntu (linux, linux-lts-xenial, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon and thunderbird). --------------------------------------------- https://lwn.net/Articles/825723/ ∗∗∗ Citrix Hypervisor Security Update ∗∗∗ --------------------------------------------- Two issues have been identified in Citrix Hypervisor that may, if exploited, allow privileged code in an HVM guest VM to compromise or crash the host. These issues only apply in specific configurations; furthermore, Citrix believes that there would be [...] --------------------------------------------- https://support.citrix.com/article/CTX277456 ∗∗∗ Security advisory 2020-07-08 ∗∗∗ --------------------------------------------- OpenPGP application Resetting Code bug --------------------------------------------- https://www.yubico.com/support/security-advisories/ysa-2020-05/ ∗∗∗ Security advisory 2020-07-08 ∗∗∗ --------------------------------------------- Access code not checked for NDEF updates --------------------------------------------- https://www.yubico.com/support/security-advisories/ysa-2020-04/ ∗∗∗ Security advisory 2020-07-08 ∗∗∗ --------------------------------------------- Out of bounds read in libykpiv --------------------------------------------- https://www.yubico.com/support/security-advisories/ysa-2020-02/ ∗∗∗ Security Bulletin: Missing or insecure "Content-Security-Policy" header affecting Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-missing-or-insecure-conte… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by a remote code execution vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio… ∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins… ∗∗∗ JSA11024 - 2020-07 Security Bulletin: Junos OS: Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash. (CVE-2020-1640) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11024&actp=RSS ∗∗∗ JSA11023 - 2020-07 Security Advisory: Junos Space and Junos Space Security Director: Multiple vulnerabilities resolved in 20.1R1 release ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11023&actp=RSS ∗∗∗ JSA11025 - 2020-07 Security Bulletin: Junos OS and Junos OS Evolved: OpenSSL Security Advisory [20 Dec 2019] ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11025&actp=RSS ∗∗∗ JSA11027 - 2020-07 Security Bulletin: Junos OS: A race condition on receipt of crafted LLDP packets leads to a memory leak and an LLDP crash. (CVE-2020-1641) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11027&actp=RSS ∗∗∗ JSA11026 - 2020-07 Security Bulletin: Junos OS: NFX150: Multiple vulnerabilities in BIOS firmware (INTEL-SA-00241) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11026&actp=RSS ∗∗∗ JSA11028 - 2020-07 Security Bulletin: Junos OS: MX Series: Services card might restart when DNS filtering is enabled (CVE-2020-1645) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11028&actp=RSS ∗∗∗ JSA11030 - 2020-07 Security Bulletin: Junos OS: RPD crash when executing specific "show ospf interface" commands from the CLI with OSPF authentication configured (CVE-2020-1643) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11030&actp=RSS ∗∗∗ JSA11031 - 2020-07 Security Bulletin: Junos OS: SRX Series: processing a malformed HTTP message when ICAP redirect service is enabled may can lead to flowd process crash or remote code execution (CVE-2020-1654) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11031&actp=RSS ∗∗∗ JSA11033 - 2020-07 Security Bulletin: Junos OS and Junos OS Evolved: RPD crash while processing a specific BGP update information. (CVE-2020-1646) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11033&actp=RSS ∗∗∗ JSA11032 - 2020-07 Security Bulletin: Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets (CVE-2020-1644) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11032&actp=RSS ∗∗∗ JSA11023 - 2020-07 Security Bulletin: Junos Space and Junos Space Security Director: Multiple vulnerabilities resolved in 20.1R1 release ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11023&actp=RSS -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.07.2020
by Daily end-of-shift report 08 Jul '20

08 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 07-07-2020 18:00 − Mittwoch 08-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ „Ihre Site wurde gehackt“: Unternehmen werden per Mail erpresst ∗∗∗ --------------------------------------------- Zahlen Sie 3.000 USD in Form von Bitcoins oder der Ruf Ihres Unternehmens wird geschädigt. Damit drohen BetrügerInnen in einer aktuellen Welle von Erpressungsmails. Anstatt zu bezahlen, sollten Sie diese Mails einfach ignorieren! --------------------------------------------- https://www.watchlist-internet.at/news/ihre-site-wurde-gehackt-unternehmen-… ∗∗∗ Redirect auction ∗∗∗ --------------------------------------------- Weve already looked at links under old YouTube videos or in Wikipedia articles which at some point turned bad and began pointing to partner program pages, phishing sites, or even malware. It was as if the attackers were purposely buying up domains, but such a scenario always seemed to us too complicated. --------------------------------------------- https://securelist.com/redirect-auction/96944/ ∗∗∗ F5 BigIP vulnerability exploitation followed by a backdoor implant attempt, (Tue, Jul 7th) ∗∗∗ --------------------------------------------- While monitoring SANS Storm Center's honeypots today, I came across the second F5 BIGIP CVE-2020-5902 vulnerability exploitation followed by a backdoor deployment attempt. The first one was seen by Johannes yesterday [1]. --------------------------------------------- https://isc.sans.edu/diary/rss/26322 ∗∗∗ Configuring a Windows Domain to Dynamically Analyze an ObfuscatedLateral Movement Tool ∗∗∗ --------------------------------------------- We recently encountered a large obfuscated malware sample that offered several interesting analysis challenges. It used virtualization that prevented us from producing a fully-deobfuscated memory dump for static analysis. Statically analyzing a large virtualized sample can take anywhere from several days to several weeks. Bypassing this time-consuming step presented an opportunity for collaboration between the FLARE reverse engineering team and [...] --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/07/configuring-windows-dom… ∗∗∗ Mac ThiefQuest malware may not be ransomware after all ∗∗∗ --------------------------------------------- We discovered a new Mac malware, ThiefQuest, that appeared to be ransomware at first glance. However, once we dug in deeper, we found out its true identity—and intention. --------------------------------------------- https://blog.malwarebytes.com/mac/2020/07/mac-thiefquest-malware-may-not-be… ∗∗∗ Ransomware Characteristics and Attack Chains – What you Need to Know about Recent Campaigns ∗∗∗ --------------------------------------------- Ransomware has been around for decades going back all the way to 1989. Since then it has only magnified in scope and complexity. Now at a time when working remotely is becoming more universal and the world is trying to overcome the Covid-19 pandemic, ransomware has never been more prominent. --------------------------------------------- https://www.tripwire.com/state-of-security/featured/ransomware-characterist… ===================== = Vulnerabilities = ===================== ∗∗∗ Mitigating critical F5 BIG-IP RCE flaw not enough, bypass found ∗∗∗ --------------------------------------------- F5 BIG-IP customers who only applied recommended mitigations and havent yet patched their devices against the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability are now advised to update them against a recently found bypass. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mitigating-critical-f5-big-i… ∗∗∗ VMSA-2020-0016 ∗∗∗ --------------------------------------------- VMware SD-WAN by VeloCloud updates address SQL-injection vulnerability (CVE-2020-3973) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0016.html ∗∗∗ Multiple Critical Vulnerabilities in Multiple Rittal Products Based on Same Software ∗∗∗ --------------------------------------------- Several devices from the manufacturer Rittal are vulnerable to Privilege Escalation, Least Privilege or Command Injection vulnerabilities. In addition, root backdoors and incorrectly configured system files are present on the devices. --------------------------------------------- https://sec-consult.com/./en/blog/advisories/multiple-critical-vulnerabilit… ∗∗∗ Critical Vulnerabilities Patched in Adning Advertising Plugin ∗∗∗ --------------------------------------------- On June 24, 2020, our Threat Intelligence team was made aware of a possible vulnerability in the Adning Advertising plugin, a premium plugin with over 8,000 customers. We eventually discovered 2 vulnerabilities, one of which was a critical vulnerability that allowed an unauthenticated attacker to upload arbitrary files, leading to Remote Code Execution(RCE), which could [...] --------------------------------------------- https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (roundcube), Fedora (chromium, firefox, and ngircd), Oracle (firefox and thunderbird), Scientific Linux (firefox), Slackware (seamonkey), SUSE (djvulibre, ffmpeg, firefox, freetds, gd, gstreamer-plugins-base, icu, java-11-openjdk, libEMF, libexif, librsvg, LibVNCServer, libvpx, Mesa, nasm, nmap, opencv, osc, perl, php7, python-ecdsa, SDL2, texlive-filesystem, and thunderbird), and Ubuntu (cinder, python-os-brick). --------------------------------------------- https://lwn.net/Articles/825587/ ∗∗∗ Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Contract Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-ser… ∗∗∗ Security Bulletin: Third party vulnerable library Jackson-Databind affects IBM Engineering Lifecycle Optimization – Publishing ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-third-party-vulnerable-li… ∗∗∗ Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Program Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-ser… ∗∗∗ Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-ser… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Open Source used in IBM Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in OpenSSL library affect OS Pattern Kit used in IBM Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-… ∗∗∗ Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-ser… ∗∗∗ Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-ser… ∗∗∗ Security Bulletin: Carbon Black Response application add on to IBM QRadar SIEM is vulnerable to cross site scripting (CVE-2020-4275) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-carbon-black-response-app… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.07.2020
by Daily end-of-shift report 07 Jul '20

07 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Montag 06-07-2020 18:00 − Dienstag 07-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ HTTPS/TLS: Zwischenzertifikate von Tausenden Webseiten fehlerhaft ∗∗∗ --------------------------------------------- Viele Webseiten müssen ihre Zertifikate tauschen, da sie von Zwischenzertifikaten ausgestellt wurden, die ein Sicherheitsrisiko darstellen. --------------------------------------------- https://www.golem.de/news/https-tls-zwischenzertifikate-von-tausenden-webse… ∗∗∗ Company web names hijacked via outdated cloud DNS records ∗∗∗ --------------------------------------------- Why hack into a server when you can just send vistors to a fake alternative instead? --------------------------------------------- https://nakedsecurity.sophos.com/2020/07/07/company-web-names-hijacked-via-… ∗∗∗ Summary of CVE-2020-5902 F5 BIG-IP RCE Vulnerability Exploits, (Mon, Jul 6th) ∗∗∗ --------------------------------------------- Our honeypots have been busy collecting exploit attempts for CVE-2020-5902, the F5 Networks Bit IP vulnerability patched last week. Most of the exploits can be considered recognizance. We only saw one working exploit installing a backdoor. Badpackets reported seeing a DDoS bot being installed. --------------------------------------------- https://isc.sans.edu/diary/rss/26316 ∗∗∗ Vulnerability Management Maturity Model ∗∗∗ --------------------------------------------- I get it. You dread going into the office sometimes. It isn’t that you don’t like the people or the location. It’s that beast, waiting for you when you arrive, and it never seems to go away. You work hard at it, but you never seem to get ahead. You are responsible for the vulnerability management program within your organization. Either as part of a formal program or on an ad-hoc basis, it’s your baby. Except that it isn’t a baby, it is more of an untameable monster, a minotaur in the labyrinth, waiting to surprise you as you turn the corner. --------------------------------------------- https://www.sans.org/blog/vulnerability-management-maturity-model ∗∗∗ Vulnerabilities Digest: June 2020 ∗∗∗ --------------------------------------------- Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and issues surrounding user input data sanitization. Massive local file inclusion (LFI) attempts have been discovered attempting to harvest WordPress and Magento credentials. Attackers continue to target old plugins with known vulnerabilities in an ongoing malware campaign targeting WordPress websites. --------------------------------------------- https://blog.sucuri.net/2020/07/vulnerabilities-digest-june-2020.html ∗∗∗ Passwortmanager gegen die Vergesslichkeit ∗∗∗ --------------------------------------------- Die Kennwortvorgaben von Webdiensten machen es fast unmöglich, alle Kennwörter im Kopf zu behalten. Passwortmanager machen das Leben leichter. --------------------------------------------- https://heise.de/-4798284 ∗∗∗ Credit card skimmer targets ASP.NET sites ∗∗∗ --------------------------------------------- This unusual web skimmer campaign goes after sites running Microsofts IIS servers with an outdated version of the ASP.NET framework. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2020/07/credit-card-skimmer-t… ∗∗∗ Free Microsoft Service Looks at OS Memory Snapshots to Find Malware ∗∗∗ --------------------------------------------- Microsoft on Monday unveiled Project Freta, a free service that allows users to find rootkits and other sophisticated malware in operating system memory snapshots. --------------------------------------------- https://www.securityweek.com/free-microsoft-service-looks-os-memory-snapsho… ∗∗∗ Purple Fox Exploit Kit Targets Vulnerabilities Linked to DarkHotel Group ∗∗∗ --------------------------------------------- The developers of the Purple Fox exploit kit (EK) have added two new exploits to their arsenal, including one for a vulnerability addressed in February this year. --------------------------------------------- https://www.securityweek.com/purple-fox-exploit-kit-targets-vulnerabilities… ∗∗∗ Pwning smart garage door openers ∗∗∗ --------------------------------------------- TL;DR We reversed a smart garage door opener, which appeared pretty secure at first: The firmware was encrypted, debug access was restricted, the web server wasn’t running as root, it [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/pwning-smart-garage-door-open… ∗∗∗ Vorsicht vor knuth-kredit.online: Vorschussbetrug statt Kreditvergabe ∗∗∗ --------------------------------------------- Die Watchlist Internet erreichen Meldungen verzweifelter KonsumentInnen, die auf ihre Kreditauszahlungen warten. Während die Beantragung eines Kredites auf knuth-kredit.online noch äußerst einfach abläuft, werden anschließend unzählige Gebühren vorab in Rechnung gestellt. So fallen beispielsweise Versicherungs-, Aktivierungs- und Anwaltsgebühren, Kautionen oder sonstige Kosten an. Ein Kredit wird nie ausbezahlt und alle Zahlungen sind verloren. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-knuth-kreditonline-vors… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (php7.3), Fedora (gst), Mageia (libvirt, mariadb, pdns-recursor, and ruby), openSUSE (chocolate-doom, coturn, kernel, live555, ntp, python3, and rust, rust-cbindgen), Oracle (virt:ol), Red Hat (file, firefox, gettext, kdelibs, kernel, kernel-alt, microcode_ctl, nghttp2, nodejs:10, nodejs:12, php, qemu-kvm, ruby, and tomcat), SUSE (libjpeg-turbo, mozilla-nspr, mozilla-nss, mozilla-nss, nasm, openldap2, and permissions), and Ubuntu (coturn, glibc, nss, [...] --------------------------------------------- https://lwn.net/Articles/825504/ ∗∗∗ Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update ∗∗∗ --------------------------------------------- Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could result in a number of security issues including: [...] --------------------------------------------- https://support.citrix.com/article/CTX276688 ∗∗∗ Android/Pixel Patchday Juli ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0671 ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: BIND for IBM i is affected by CVE-2020-8616 and CVE-2020-8617 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-bind-for-ibm-i-is-affecte… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for ACH Services (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4387) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: An Information Disclosure vulnerability in IBM Websphere Libtery affects IBM License Key Server Administration & Reporting Tool and Administration Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-an-information-disclosure… ∗∗∗ XSA-328 - non-atomic modification of live EPT PTE ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-328.html ∗∗∗ XSA-327 - Missing alignment check in VCPUOP_register_vcpu_info ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-327.html ∗∗∗ XSA-321 - insufficient cache write-back under VT-d ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-321.html ∗∗∗ XSA-319 - inverted code paths in x86 dirty VRAM tracking ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-319.html ∗∗∗ XSA-317 - Incorrect error handling in event channel port allocation ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-317.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.07.2020
by Daily end-of-shift report 06 Jul '20

06 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 03-07-2020 18:00 − Montag 06-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Neue Welle an betrügerischen Spam-Anrufen in Österreich ∗∗∗ --------------------------------------------- Die Zahl an ungewollten Anrufen ist aktuell wieder am Steigen, auch Robocalls werden mittlerweile in Österreich verzeichnet. --------------------------------------------- https://futurezone.at/digital-life/neue-welle-an-betruegerischen-spam-anruf… ∗∗∗ Pig in a poke: smartphone adware ∗∗∗ --------------------------------------------- Our support team continues to receive more and more requests from users complaining about intrusive ads on their smartphones from unknown sources. --------------------------------------------- https://securelist.com/pig-in-a-poke-smartphone-adware/97607/ ∗∗∗ The Gafgyt variant vbot seen in its 31 campaigns ∗∗∗ --------------------------------------------- Gafgyt botnets have a long history of infecting Linux devices to launch DDoS attacks. While dozens of variants have been detected, new variants are constantly emerging with changes in terms of register message, exploits, and attacking methods. --------------------------------------------- https://blog.netlab.360.com/the-gafgyt-variant-vbot-and-its-31-campaigns/ ∗∗∗ Intel Owl 1.0.0 released ∗∗∗ --------------------------------------------- Intel Owl is an Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale. It integrates a number of analyzers available online and is for everyone who needs a single point to query for info about a specific file or observable. --------------------------------------------- https://www.honeynet.org/2020/07/05/intel-owl-release-v1-0-0/ ∗∗∗ Sicherheitsupdates F5 BIG-IP: Schadcode-Lücke im Konfigurationstool ∗∗∗ --------------------------------------------- BIG-IP Appliances von F5 sind über mehrere Lücken attackierbar. Darunter findet sich eine kritische Schwachstelle mit Höchstwertung, die Angreifer ausnutzen. --------------------------------------------- https://heise.de/-4836220 ∗∗∗ Let Me Out of Your Net - Egress Testing ∗∗∗ --------------------------------------------- Use-cases:IT Admin, Firewall Admin, or Security staff at a company and want to confirm what ports and protocols are allowed of your network.Pentester that intends to identify ports and protocols that can be used for a pentest to gain C2 outbound.Purple Team testing ports and protocol detection for C2.Egress testing is an exciting problem due to the uniqueness of most networks. You may find fully open networks like those found in many Silicon Valley companies or companies attempting to move to a [...] --------------------------------------------- https://malicious.link/post/2020/lmo-egress-testing/ ∗∗∗ Patchless AMSI bypass using SharpBlock ∗∗∗ --------------------------------------------- Introduction For those that followed my personal blog posts on Creating an EDR and Bypassing It, I developed a new tool called SharpBlock. The tool implements a Windows debugger to [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/patchless-amsi-bypass-using-s… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates: Samba-Software für DoS-Attacken anfällig ∗∗∗ --------------------------------------------- In bestimmten Situationen könnten Angreifer Computer mit Samba-Software lahmlegen. --------------------------------------------- https://heise.de/-4836294 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, php7.0, and thunderbird), Fedora (ceph, gssdp, gupnp, libfilezilla, libldb, mediawiki, python-pillow, python36, samba, and xpdf), Mageia (curl, docker, firefox, libexif, libupnp, libvncserver, libxml2, mailman, ntp, perl-YAML, python-httplib2, tcpreplay, tomcat, and vlc), openSUSE (chocolate-doom, python3, and Virtualbox), Slackware (libvorbis), and SUSE (mozilla-nspr, mozilla-nss, systemd, tomcat, and zstd). --------------------------------------------- https://lwn.net/Articles/825412/ ∗∗∗ Security Bulletin: Security Vulnerabilities in IBM® Java SDK April 2020 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.07.2020
by Daily end-of-shift report 03 Jul '20

03 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 02-07-2020 18:00 − Freitag 03-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Unternehmen aufgepasst: Versand gefährlicher Mails im Namen des Bundeskanzleramts ∗∗∗ --------------------------------------------- „Die Entscheidung, Ihr Unternehmen aufgrund von Covid-19 zu schließen“ – unter diesem Betreff werden derzeit betrügerische Mails verschickt, die sich gezielt an Unternehmerinnen und Unternehmer richten. Die Kriminellen, die hinter dieser E-Mail stehen, geben sich dabei als Bundeskanzleramt aus und verschicken Schadsoftware. Öffnen Sie daher auf keinen Fall den Anhang! --------------------------------------------- https://www.watchlist-internet.at/news/unternehmen-aufgepasst-versand-gefae… ∗∗∗ Ransomware EKANS nimmt Industriekontrollsysteme ins Visier ∗∗∗ --------------------------------------------- Die Schadsoftware funktioniert trotz zahlreicher Programmierfehler. Eine neue Variante verschlüsselt nicht nur Dateien, sie verändert auch die Einstellungen von Industriekontrollsystemen. EKANS ist zudem auf bestimmte Ziele ausgerichtet und greift Opfer nicht wahllos an. --------------------------------------------- https://www.zdnet.de/88381196/ransomware-ekans-nimmt-industriekontrollsyste… ∗∗∗ Still Scanning IP Addresses? You’re Doing it Wrong ∗∗∗ --------------------------------------------- The traditional approach to a vulnerability scan or penetration test is to find the IP addresses that you want tested, throw them in and kick things off. But doing a test based purely on IP addresses is a bad idea and can often miss things. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/still-scann… ∗∗∗ GoldenSpy Chapter 3: New and Improved Uninstaller ∗∗∗ --------------------------------------------- This blog shows our analysis of a new binary, now being distributed by Intelligent Tax software, that is identical in operations to the original GoldenSpy Uninstallers, but specifically designed to evade detection by the YARA rule provided in our blog. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-c… ∗∗∗ Dangerous Website Backups ∗∗∗ --------------------------------------------- It’s a well-known fact that website backups are important for mitigating a plethora of site issues. They can help restore a site after a compromise or even facilitate the investigative process by providing a clean code base to compare the current site state to. However, if a backup is not set up correctly, it can have the opposite effect — and may instead impose a security threat to your website. --------------------------------------------- https://blog.sucuri.net/2020/07/dangerous-website-backups.html ∗∗∗ Living Off Windows Land – A New Native File "downldr" ∗∗∗ --------------------------------------------- There are only a couple of default system-signed executables that let you download a file from a Web Server, and every security product and threat hunter specifically looks for them for signs of misuse or abuse by threat actors. --------------------------------------------- https://labs.sentinelone.com/living-off-windows-land-a-new-native-file-down… ∗∗∗ Try2Cry: Ransomware tries to worm ∗∗∗ --------------------------------------------- Try2Cry ransomware adopts USB flash drive spreading using LNK files. The last ransomware that did the same was the infamous Spora. The code of Try2Cry looks oddly familiar, though. --------------------------------------------- https://www.gdatasoftware.com/blog/2020/07/36200-ransomware-tries-to-worm ===================== = Vulnerabilities = ===================== ∗∗∗ Would you like some RCE with your Guacamole? ∗∗∗ --------------------------------------------- [...] Apache Guacamole is a popular infrastructure for remote work, with more than 10 Million docker downloads worldwide. In our research, we discovered that Apache Guacamole is vulnerable to several critical Reverse RDP Vulnerabilities, and is also impacted by a few new vulnerabilities found in FreeRDP. In short, these vulnerabilities allow an attacker, who has already successfully compromised a computer inside the organization, to launch an attack on the Guacamole gateway when an unsuspecting [...] --------------------------------------------- https://research.checkpoint.com/2020/apache-guacamole-rce/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (docker.io and imagemagick), Fedora (alpine, firefox, hostapd, and mutt), openSUSE (opera), Red Hat (rh-nginx116-nginx), SUSE (ntp, python3, and systemd), and Ubuntu (firefox, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-gcp, linux-kvm, linux-oracle, linux-riscv, linux, linux-azure, linux-gcp, linux-gcp-5.3, linux-hwe, [...] --------------------------------------------- https://lwn.net/Articles/825212/ ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.7 ESR ) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.1.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.6.1 ESR) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.1.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.6.1 ESR + CVE-2020-6820) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.1.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Content Navigator is vulnerable to a Prototype Pollution vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-… ∗∗∗ Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-… ∗∗∗ Atlassian Jira Software: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0664 ∗∗∗ Red Hat JBoss Enterprise Application Platform: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0666 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.07.2020
by Daily end-of-shift report 02 Jul '20

02 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 01-07-2020 18:00 − Donnerstag 02-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ TrickBot malware now checks screen resolution to evade analysis ∗∗∗ --------------------------------------------- The infamous TrickBot trojan has started to check the screen resolutions of victims to detect whether the malware is running in a virtual machine. --------------------------------------------- https://www.bleepingcomputer.com/news/security/trickbot-malware-now-checks-… ∗∗∗ GoldenSpy backdoor installed by tax software gets remotely removed ∗∗∗ --------------------------------------------- As soon as security researchers uncovered the activity of GoldenSpy backdoor, the actor behind it fell back and delivered an uninstall tool to remove all traces of the malware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/goldenspy-backdoor-installed… ∗∗∗ FakeSpy Android Malware Spread Via ‘Postal-Service’ Apps ∗∗∗ --------------------------------------------- New ‘smishing’ campaigns from the Roaming Mantis threat group infect Android users with the FakeSpy infostealer. --------------------------------------------- https://threatpost.com/fakespy-android-malware-spread-via-postal-service-ap… ∗∗∗ Setting up the Dshield honeypot and tcp-honeypot.py, (Wed, Jul 1st) ∗∗∗ --------------------------------------------- After Johannes did his Tech Tuesday presentation last week on setting up Dshield honeypots, I thought I'd walk you through how I setup my honeypots. --------------------------------------------- https://isc.sans.edu/diary/rss/26302 ∗∗∗ PhishINvite with Malicious ICS Files ∗∗∗ --------------------------------------------- Employing a popular type of file as an attachment to malicious emails is a common trick by cybercriminals to boost the success rate of their cyber-attacks. As iCalendars files are not included in the list of automatically blocked attachments by email clients like Outlook, the possibility of the maliciously crafted iCalendar falling to the targets’ mailbox is increased. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishinvite… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium and firefox-esr), Fedora (chromium and ntp), SUSE (ntp and unbound), and Ubuntu (libvncserver). --------------------------------------------- https://lwn.net/Articles/825070/ ∗∗∗ Cisco AnyConnect Secure Mobility Client for Mac OS File Corruption Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business Smart and Managed Switches Session Management Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business RV042 and RV042G Routers Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Digital Network Architecture Center Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Customer Voice Portal Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Products Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business Smart and Managed Switches Session Management Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects Rational Asset Analyzer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-aff… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Asset Analyzer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-aff… ∗∗∗ Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-aff… ∗∗∗ Security Bulletin: Asset Analyzer (RAA) is affected by two WebSphere Application Server vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-aff… ∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Netcool Impact (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-r… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect Rational Asset Analyzer. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.07.2020
by Daily end-of-shift report 01 Jul '20

01 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 30-06-2020 18:00 − Mittwoch 01-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC) ∗∗∗ --------------------------------------------- In this blog post we will revisit CVE-2019-19781, a Remote Code Execution vulnerability affecting Citrix NetScaler / ADC. We will explore how this issue has been widely abused by various actors and how a hacker turf war led to some actors "adversary patching" the vulnerability in order to prevent secondary compromise by competing adversaries – hiding the true number of vulnerable and compromised devices in the wild. --------------------------------------------- https://blog.fox-it.com/2020/07/01/a-second-look-at-cve-2019-19781-citrix-n… ∗∗∗ Massive Sicherheitsprobleme durch offene Git-Repositorys ∗∗∗ --------------------------------------------- In Deutschland sind Git-Repositorys auf tausenden Servern ungeschützt per Webbrowser zugänglich und Angreifer haben leichtes Spiel beim Abgreifen der Daten. --------------------------------------------- https://heise.de/-4795181 ∗∗∗ Vorsicht beim E-Bike-Kauf: Fake-Shop ebike-quadrat.com bietet günstige E-Bikes an! ∗∗∗ --------------------------------------------- Sommerzeit ist Fahrradzeit. Das denken sich wohl auch BetrügerInnen. Zum Beispiel die unseriösen BetreiberInnen des Fake-Shops ebike-quadrat.com. Auch wenn der Online-Shop auf den ersten Blick vertrauenswürdig wirkt, sollten Sie hier lieber nichts bestellen. Die angegebenen Kontaktdaten existieren genauso wenig wie die Firma selbst. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-beim-e-bike-kauf-fake-shop-… ∗∗∗ EvilQuest: Neue Ransomware für macOS im Umlauf ∗∗∗ --------------------------------------------- Es ist erst die dritte Erpressersoftware, die exklusiv für Macs entwickelt wurde. Die Lösegeldforderung fällt mit 50 Dollar recht moderat aus. Dafür hinterlässt EvilQuest zusätzlich einen Keylogger und eine Reverse Shell. --------------------------------------------- https://www.zdnet.de/88381156/evilquest-neue-ransomware-fuer-macos-im-umlau… https://blog.malwarebytes.com/mac/2020/06/new-mac-ransomware-spreading-thro… ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft verteilt wichtige Updates für Remote-Lücken in Windows 10 und Server ∗∗∗ --------------------------------------------- Außerplanmäßige, über den Microsoft Store verteilte Updates beseitigen zwei aus der Ferne ausnutzbare Sicherheitslücken in der Windows Codecs Library. --------------------------------------------- https://heise.de/-4800675 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (bind, chromium, freerdp, imagemagick, sqlite, and tomcat8), Debian (coturn, imagemagick, jackson-databind, libmatio, mutt, nss, and wordpress), Fedora (libEMF, lynis, and php-PHPMailer), Red Hat (httpd24-nghttp2), and SUSE (ntp, openconnect, squid, and transfig). --------------------------------------------- https://lwn.net/Articles/824955/ ∗∗∗ PHOENIX CONTACT: Two Vulnerabilities in Automation Worx Suite ∗∗∗ --------------------------------------------- PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-023 ∗∗∗ Cellebrite EPR Decryption Hardcoded AES Key Material ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2020070003 ∗∗∗ Reflected Cross-site scripting (XSS) in EQDKP Plus CMS ∗∗∗ --------------------------------------------- https://sec-consult.com/./en/blog/advisories/reflected-cross-site-scripting… ∗∗∗ F5 BIG-IP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0647 ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-… ∗∗∗ Security Advisory - Race Condition Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-… ∗∗∗ Security Advisory - Type Confusion Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-… ∗∗∗ Security Advisory - Use After Free Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-… ∗∗∗ Security Advisory - Use After Free Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-… ∗∗∗ Security Advisory - CallStranger Vulnerability in UPnP Protocol ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200415-… ∗∗∗ Security Bulletin: Rational Asset Analyzer is affected by a vulnerability in Websphere Application Server. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-i… ∗∗∗ Security Bulletin: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: IBM MQ for HPE NonStop Server is affected by vulnerability CVE-2020-4376 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-se… ∗∗∗ Security Bulletin: Potential vulnerability (SSRF) in Apache Solr affect IBM Operations Analytics – Log Analysis (CVE-2017-3164) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-s… ∗∗∗ Security Bulletin: Host Header Injection vulnerability in IBM Operations Analytics – Log Analysis (pre-login scenario) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-host-header-injection-vul… ∗∗∗ Security Bulletin: A security vulnerabilities has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 . ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerabilitie… ∗∗∗ Security Bulletin: Insecure Path Attribute in IBM Operations Analytics – Log Analysis (CSRFToken , LtpaToken2) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-insecure-path-attribute-i… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure and denial of service (CVE-2020-4414) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.06.2020
by Daily end-of-shift report 30 Jun '20

30 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Montag 29-06-2020 18:00 − Dienstag 30-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sysmon and Alternate Data Streams, (Mon, Jun 29th) ∗∗∗ --------------------------------------------- Sysmon version 11.10, released a couple of days ago, adds support for capturing content of Alternate Data Streams. --------------------------------------------- https://isc.sans.edu/diary/rss/26292 ∗∗∗ Adventures in ATM Hacking ∗∗∗ --------------------------------------------- Previously, I had some experience with PoS (Point of Sale) devices and entertained myself with kiosks at hacking conferences, but never had touched an ATM before. My companion on this saga had already some fun hacking with these devices and had some precious insights to guide us during our engagement. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/adventures-… ∗∗∗ Enigmail warnt Nutzer vor manuellem Update auf Thunderbird 78 ∗∗∗ --------------------------------------------- Enigmail-Nutzer sollen mit dem Erscheinen von Thunderbird 78 nicht manuell auf diese Version aktualisieren – die E-Mail-Verschlüsselung ist noch nicht fertig. --------------------------------------------- https://heise.de/-4799240 ∗∗∗ BSI aktualisiert den Mindeststandard für Web-Browser ∗∗∗ --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat am 30. Juni 2020 den Mindeststandard für Web-Browser aktualisiert. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Webbrowser_300620… ∗∗∗ Vorsicht, wenn Ihr Tinder-Match über lukrative Investitionsmöglichkeiten spricht ∗∗∗ --------------------------------------------- Der Watchlist Internet sind schon sehr viele Fälle bekannt, wo Menschen auf unseriösen Investment-Plattformen sehr viel Geld verloren haben. Aufmerksam wird man auf derartige Plattformen durch gefälschte Zeitungsbeiträge oder E-Mail-Angebote. Kriminelle bewerben ihre Plattformen aber auch vermehrt über Tinder-NutzerInnen, die von sehr gewinnbringenden Investitionsmöglichkeiten schwärmen und zu Zahlungen animieren. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-wenn-ihr-tinder-match-ueber… ∗∗∗ A hacker gang is wiping Lenovo NAS devices and asking for ransoms ∗∗∗ --------------------------------------------- Ransom notes signed by Cl0ud SecuritY hacker group are being found on old LenovoEMC NAS devices. --------------------------------------------- https://www.zdnet.com/article/a-hacker-gang-is-wiping-lenovo-nas-devices-an… ∗∗∗ Detecting adversarial behaviour by applying NLP techniques to command lines ∗∗∗ --------------------------------------------- [...] Methodology designed to automatically detect whether a system has been compromised needs to be able to tell the difference between benign and malicious command line operations. In order to build mechanisms capable of classifying command lines in this way, we first need to understand what they do – in other words, we need to be able to parse them in a similar way to how we parse natural languages. This article describes the process we’ve been using to develop methodology capable of parsing and categorizing command lines at F-Secure. --------------------------------------------- https://blog.f-secure.com/command-lines/ ===================== = Vulnerabilities = ===================== ∗∗∗ CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication ∗∗∗ --------------------------------------------- When Security Assertion Markup Language (SAML) authentication is enabled and the Validate Identity Provider Certificate option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability. --------------------------------------------- https://security.paloaltonetworks.com/CVE-2020-2021 ∗∗∗ Sicherheitsupdates sind da: Jetzt Root-Lücke in Netgear-Routern patchen ∗∗∗ --------------------------------------------- Angreifer könnten Router von Netgear attackieren und Schadcode ausführen. Abgesicherte Firmware-Versionen sind verfügbar. --------------------------------------------- https://heise.de/-4799957 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (coturn, drupal7, libvncserver, mailman, php5, and qemu), openSUSE (curl, graphviz, mutt, squid, tomcat, and unbound), Red Hat (chromium-browser, file, kernel, microcode_ctl, ruby, and virt:rhel), Slackware (firefox), and SUSE (mariadb-100, mutt, unzip, and xmlgraphics-batik). --------------------------------------------- https://lwn.net/Articles/824822/ ∗∗∗ Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4557 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: Security vulnerability in Java SE affects Rational Build Forge (CVE-2019-2949) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in… ∗∗∗ Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4557 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM API Connect is impacted by vulnerabilities in PHP (CVE-2020-7066, CVE-2020-7065, CVE-2020-7064) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impact… ∗∗∗ Security Bulletin: A vulnerability in OpenSSL affects IBM Rational ClearQuest (CVE-2019-1551) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-openss… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Rational Build Forge. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Agile Lifecycle Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11 (CVE-2019-2949) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearQuest (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-the-ib… ∗∗∗ OpenJPEG: Schwachstelle ermöglicht nicht spezifizierten Angriff ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0645 ∗∗∗ Squid: Schwachstelle ermöglicht Darstellen falscher Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0644 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.06.2020
by Daily end-of-shift report 29 Jun '20

29 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 26-06-2020 18:00 − Montag 29-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Laravel/Telescope: Die Sicherheitslücke bei einer Bank, die es nicht gibt ∗∗∗ --------------------------------------------- Ein Leser hat uns auf eine Sicherheitslücke auf der Webseite einer Onlinebank hingewiesen. Die Lücke war echt und betrifft auch andere Seiten - die Bank jedoch scheint es nie gegeben zu haben. --------------------------------------------- https://www.golem.de/news/laravel-telescope-die-sicherheitsluecke-bei-einer… ∗∗∗ Active Directory series: Unconstrained delegation ∗∗∗ --------------------------------------------- In this article series, we will look into the most famous ways that can be used to attack Active Directory and achieve persistence. Note: Attacks discussed in this series have already been publicly disclosed on different forums. This series is for educational purposes only. --------------------------------------------- https://resources.infosecinstitute.com/active-directory-series-unconstraine… ∗∗∗ Beware "secure DNS" scam targeting website owners and bloggers ∗∗∗ --------------------------------------------- If you run a website or a blog, watch out for emails promising "DNSSEC upgrades" - these scammers are after your whole site. --------------------------------------------- https://nakedsecurity.sophos.com/2020/06/29/beware-secure-dns-scam-targetin… ∗∗∗ The face of tomorrow's cybercrime: Deepfake ransomware explained ∗∗∗ --------------------------------------------- Deepfake ransomware is a mighty combination that several security experts fear would happen soon. But what is it exactly? Is it deepfake with a ransomware twist? Or ransomware with a sprinkling of deepfake tech? --------------------------------------------- https://blog.malwarebytes.com/ransomware/2020/06/the-face-of-tomorrows-cybe… ∗∗∗ Passwort‑Manager: nützliches Alltags‑Tool ∗∗∗ --------------------------------------------- In diesem Artikel erklären wir, was einen Passwort-Manager ausmacht und warum dieser als nützliches Tool in den Alltag integriert werden sollte. --------------------------------------------- https://www.welivesecurity.com/deutsch/2020/06/26/passwort-manager-im-allta… ∗∗∗ ebay-HändlerInnen aufgepasst: gezielte Phishing-Attacken ∗∗∗ --------------------------------------------- Wenn Sie Waren auf ebay verkaufen, dann nehmen Sie sich vor betrügerischen Nachrichten in Acht, in denen man Ihnen vorspielt, dass Kundschaft von einem Kauf zurücktreten möchte. Die Nachrichten werden im ebay-Design verschickt und fordern zur Antwort auf die entsprechende Anfrage auf. Der Link führt Sie auf eine gefälschte ebay-Website, auf der Ihre Daten direkt in den Händen Krimineller landen. --------------------------------------------- https://www.watchlist-internet.at/news/ebay-haendlerinnen-aufgepasst-geziel… ∗∗∗ Adobe, Mastercard, Visa warn online store owners of Magento 1.x EOL ∗∗∗ --------------------------------------------- Almost 110,000 online stores are still running the soon-to-be-outdated Magento 1.x CMS. --------------------------------------------- https://www.zdnet.com/article/adobe-mastercard-visa-warn-online-store-owner… ===================== = Vulnerabilities = ===================== ∗∗∗ Keine Überraschung nach Fraunhofer-Test: Viele Home-Router unsicher ∗∗∗ --------------------------------------------- Sicherheitsforscher des FKIE haben 127 verschiedene Home-Router untersucht und vermuten gravierende Sicherheitsmängel. Überraschen kann das niemanden mehr. --------------------------------------------- https://heise.de/-4798342 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libtasn1-6, libtirpc, mcabber, picocom, pngquant, trafficserver, and zziplib), Fedora (curl and xen), openSUSE (bluez, ceph, chromium, curl, grafana, grafana-piechart-panel,, graphviz, mariadb, and mercurial), Oracle (nghttp2), Red Hat (microcode_ctl), SUSE (mutt, python3-requests, and tomcat), and Ubuntu (glib-networking and mailman). --------------------------------------------- https://lwn.net/Articles/824717/ ∗∗∗ Security Advisory - Denial of Service Vulnerability in Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200624-… ∗∗∗ Security Advisory - Information Disclosure Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200624-… ∗∗∗ Security Bulletin: IBM TNPM for Wireline is vulnarable to Cross Site Request Forgery(CSRF) and Cross Site Scripting(CSS) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tnpm-for-wireline-is-… ∗∗∗ Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-speech-to-text-text-to-sp… ∗∗∗ Security Bulletin: IBM API Connect is vulnerable to cross-site scripting (XSS) in Drupal (sa-contrib-2020-025) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulner… ∗∗∗ Security Bulletin: IBM MQ is vulnerable to a denial of service attack due to an error within the Data Conversion logic. (CVE-2020-4310) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a… ∗∗∗ Security Bulletin: IBM API Connect V 2018 (ova) is impacted by weak cryptographic algorithms (CVE-2020-4452) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v-2018-ov… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Integration Bus affected by multiple Apache Tomcat vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-affec… ∗∗∗ Security Bulletin: IBM API Connect is vulnerable to arbitrary code execution and security bypass in Drupal (CVE-2020-13664, CVE-2020-13665) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulner… ∗∗∗ Security Bulletin: A security vulnerability in Node.js affects IBM Integration Bus & IBM App Connect Enterprise V11 (CVE-2019-17592) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM API Connect is vulnerable to cross-site request forgery (CSRF) (CVE-2020-13663) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulner… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.06.2020
by Daily end-of-shift report 26 Jun '20

26 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 25-06-2020 18:00 − Freitag 26-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Golang Worm Widens Scope to Windows, Adds Payload Capacity ∗∗∗ --------------------------------------------- A first-stage malware loader spotted in active campaigns has added additional exploits and a new backdoor capability. --------------------------------------------- https://threatpost.com/worm-golang-malware-windows-payloads/156924/ ∗∗∗ Browser-Hersteller verkürzen Zertifikats-Lebensdauer auf ein Jahr ∗∗∗ --------------------------------------------- Ab September dürfen HTTPS-Zertifikate nur noch auf maximal ein Jahr ausgestellt werden. --------------------------------------------- https://heise.de/-4796599 ∗∗∗ Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files ∗∗∗ --------------------------------------------- This credit card skimmer hides in plain sight, quite literally, as it resides inside the metadata of image files. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-wit… ∗∗∗ Achtung: Auf Instagram kursieren betrügerische Nachrichten ∗∗∗ --------------------------------------------- Seit kurzem melden uns Instagram-NutzerInnen, betrügerische Nachrichten, in denen sie aufgefordert werden, einem Link zu folgen. Achtung: Kriminelle, die diese Privatnachrichten zahlreich und willkürlich versenden, wollen nur an Ihre Zugangsdaten kommen! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-auf-instagram-kursieren-betr… ∗∗∗ Angebliche E-Mail der Bundesregierung enthält Ransomware ∗∗∗ --------------------------------------------- Die Serie von Ransomware-Angriffen auf deutsche Unternehmen setzt sich fort. Eine neue Ransomware-Kampagne in Deutschland nutzt als Köder eine gefälschte E-Mail im Namen der Bundesregierung. --------------------------------------------- https://www.zdnet.de/88381006/angebliche-e-mail-der-bundesregierung-enthael… ===================== = Vulnerabilities = ===================== ∗∗∗ Micropatch is Available for Windows LNK Remote Code Execution Vulnerability (CVE-2020-1299) ∗∗∗ --------------------------------------------- Windows 7 and Server 2008 R2 users without Extended Security Updates have just received a micropatch for CVE-2020-1299, another "Stuxnet-like" critical LNK remote code execution issue that can get code executed on users computer just by viewing a folder with Windows Explorer.This vulnerability was patched by Microsoft with June 2020 Updates, but Windows 7 and Server 2008 users without Extended Security Updates remained vulnerable. --------------------------------------------- https://blog.0patch.com/2020/06/micropatch-is-available-for-windows-lnk.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (alpine), Fedora (fwupd, microcode_ctl, mingw-libjpeg-turbo, mingw-sane-backends, suricata, and thunderbird), openSUSE (uftpd), Red Hat (nghttp2), SUSE (ceph, curl, mutt, squid, tigervnc, and unbound), and Ubuntu (linux kernel and nvidia-graphics-drivers-390, nvidia-graphics-drivers-440). --------------------------------------------- https://lwn.net/Articles/824579/ ∗∗∗ Security Bulletin: Multiple vulnurabilities discovered in IBM® SDK, Java™ can affect Rational Software Architect Design Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnurabilities-… ∗∗∗ Security Bulletin: Information Disclosure in IBM Spectrum Protect Plus (CVE-2020-4565) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in… ∗∗∗ Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearCase (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-the-ib… ∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2019-1551) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-… ∗∗∗ Security Bulletin: NVIDIA Windows GPU Display Driver has resolved several security vulnerabilities as described below. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-nvidia-windows-gpu-displa… ∗∗∗ Security Bulletin: NVIDIA Windows GPU Display driver is vulnerable to several security vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-nvidia-windows-gpu-displa… ∗∗∗ Security Bulletin: A security vulnerability in Node.js affects IBM Integration Bus & IBM App Connect Enterprise V11 (CVE-2019-10744) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.06.2020
by Daily end-of-shift report 25 Jun '20

25 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 24-06-2020 18:00 − Donnerstag 25-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ European bank suffers biggest PPS DDoS attack, new botnet suspected ∗∗∗ --------------------------------------------- A bank in Europe was the target of a huge distributed denial-of-service (DDoS) attack that sent to its networking gear a flood of 809 million packets per second (PPS). --------------------------------------------- https://www.bleepingcomputer.com/news/security/european-bank-suffers-bigges… ∗∗∗ Defending Exchange servers under attack ∗∗∗ --------------------------------------------- Exchange servers are high-value targets. If compromised, Exchange servers provide a unique environment that could allow attackers to perform various tasks using the same built-in tools or scripts that admins use. Keeping these servers safe from these advanced attacks is of utmost importance. --------------------------------------------- https://www.microsoft.com/security/blog/2020/06/24/defending-exchange-serve… ∗∗∗ The Golden Tax Department and the Emergence of GoldenSpy Malware ∗∗∗ --------------------------------------------- Trustwave SpiderLabs has discovered a new malware family, dubbed GoldenSpy, embedded in tax payment software that a Chinese bank requires corporations to install to conduct business operations in China. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-golden-… ∗∗∗ Maersk, me & notPetya ∗∗∗ --------------------------------------------- [...] Establishing the exact content and format of this post has been difficult. It hasn’t been clear where to start. [...] I’ve tried to focus on the main timeline and the lessons. So this isn’t everything. But the experience we had at Maersk, or at least significant elements of it, could happen to any organisation. In fact, it does happen, to all kinds of organisations, all of the time, [...] --------------------------------------------- https://gvnshtn.com/maersk-me-notpetya/ ∗∗∗ Extending Drupal 7s End-of-Life - PSA-2020-06-24 ∗∗∗ --------------------------------------------- Previously, Drupal 7s end-of-life was scheduled for November 2021. Given the impact of COVID-19 on budgets and businesses, we will be extending the end of life until November 28, 2022. The Drupal Security Team will continue to follow the Security Team processes for Drupal 7 core and contributed projects. --------------------------------------------- https://www.drupal.org/psa-2020-06-24 ∗∗∗ Attackers Cryptojacking Docker Images to Mine for Monero ∗∗∗ --------------------------------------------- We identified a malicious Docker Hub account named "azurenql" that contained 8 repositories, hosting 6 malicious Monero mining images. --------------------------------------------- https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-… ===================== = Vulnerabilities = ===================== ∗∗∗ Telnet Vulnerability Affecting Cisco Products: June 2020 ∗∗∗ --------------------------------------------- On February 28, 2020, APPGATE published a blog post regarding CVE-ID CVE-2020-10188, which is a vulnerability in Telnet servers (telnetd). For more information about this vulnerability, see the Details section. Cisco will release software updates that address this vulnerability. There are workarounds that address this vulnerability. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple vulnerabilities in Danish company Mobile Industrial Robot s products ∗∗∗ --------------------------------------------- More than 10 different robot types are affected and operate from industrial spaces to public environments, such as airports and hospitals. --------------------------------------------- https://news.aliasrobotics.com/the-week-of-mobile-industrial-robots-bugs/ ∗∗∗ Mehrere Sicherheitslücken in Grafikkarten-Treiber von Nvidia gestopft ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für Software und Treiber von Nvidia. Neben Windows ist auch Linux bedroht. --------------------------------------------- https://heise.de/-4794975 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (libexif, php-horde-horde, and tcpreplay), openSUSE (rubygem-bundler), Oracle (docker-cli docker-engine, kernel, and ntp), Slackware (curl and libjpeg), and Ubuntu (mutt). --------------------------------------------- https://lwn.net/Articles/824474/ ∗∗∗ Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-speech-to-text-text-to-sp… ∗∗∗ Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-speech-to-text-text-to-sp… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to SQL injection (CVE-2019-4650) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-speech-to-text-text-to-sp… ∗∗∗ Security Bulletin: ICP Speech to Text, Text to Speech Oracle Java Vulnerability Fix ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-icp-speech-to-text-text-t… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2020-4223) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by a vulnerability in cURL (CVE-2019-5482) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bootable-media-creato… ∗∗∗ Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-securi… ∗∗∗ Security Bulletin: ICP Speech to Text, Text to Speech – OpenSSL vulnerability fix. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-icp-speech-to-text-text-t… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.06.2020
by Daily end-of-shift report 24 Jun '20

24 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 23-06-2020 18:00 − Mittwoch 24-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ IT-Sicherheit: Etwa 80.000 Drucker sind im Internet offen ansteuerbar ∗∗∗ --------------------------------------------- Die Security-Organisation Shadowserver hat einen globalen IPP-Scan durchgeführt und viele Drucker gefunden, die offen Informationen teilen. --------------------------------------------- https://www.golem.de/news/it-sicherheit-etwa-80-000-drucker-sind-im-interne… ∗∗∗ What is DNS Poisoning and to Protect Your Enterprise Against it ∗∗∗ --------------------------------------------- Modern enterprise cybersecurity has evolved – that’s a true statement. If we were to travel back in time – say, 10 or 20 years – ago, we would have discovered, much to our stupefaction, that cybersecurity was nothing more than an auxiliary attribution, bestowed upon the (un)fortunate soul who had the (dubious privilege) of fulfilling [...] --------------------------------------------- https://heimdalsecurity.com/blog/what-is-dns-poisoning/ ∗∗∗ Magnitude exploit kit – evolution ∗∗∗ --------------------------------------------- Exploit kits still play a role in today’s threat landscape and continue to evolve. For this blogpost I studied and analyzed the evolution of one of the most sophisticated exploit kits out there – Magnitude EK – for a whole year. --------------------------------------------- https://securelist.com/magnitude-exploit-kit-evolution/97436/ ∗∗∗ Sodinokibi Ransomware Now Scans Networks For PoS Systems ∗∗∗ --------------------------------------------- Attackers are compromising large companies with the Cobalt Strike malware, and then deploying the Sodinokibi ransomware. --------------------------------------------- https://threatpost.com/sodinokibi-ransomware-now-scans-networks-for-pos-sys… ∗∗∗ Hakbit Ransomware Attack Uses GuLoader, Malicious Microsoft Excel Attachments ∗∗∗ --------------------------------------------- Recent spearphishing emails spread the Hakbit ransomware using malicious Microsoft Excel attachments and the GuLoader dropper. --------------------------------------------- https://threatpost.com/hackbit-ransomware-attack-uses-guloader-malicious-mi… ∗∗∗ Using Shell Links as zero-touch downloaders and to initiate network connections, (Wed, Jun 24th) ∗∗∗ --------------------------------------------- Probably anyone who has used any modern version of Windows is aware of their file-based shortcuts, also known as LNKs or Shell Link files. Although they were intended as a simple feature to make Windows a bit more user-friendly, over the years, a significant number[1] of vulnerabilities were identified in handling of LNKs. Many of these vulnerabilities lead to remote code execution and one (CVE-2010-2568) was even used in creation of the Stuxnet worm. --------------------------------------------- https://isc.sans.edu/diary/rss/26276 ∗∗∗ Three words you do not want to hear regarding a secure browser called SafePay... Remote. Code. Execution ∗∗∗ --------------------------------------------- How Bitdefenders security software was caught napping by ad-block bod Folks running Bitdefenders Total Security 2020 package should check they have the latest version installed following the disclosure of a remote code execution bug. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2020/06/24/bitdefender_… ∗∗∗ WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group ∗∗∗ --------------------------------------------- WastedLocker is a new ransomware locker we’ve detected being used since May 2020. We believe it has been in development for a number of months prior to this and was started in conjunction with a number of other changes we have seen originate from the Evil Corp group in 2020. Evil Corp were previously associated to the Dridex malware and BitPaymer ransomware, the latter came to prominence in the first half of 2017. Recently Evil Corp has changed a number of TTPs related to their operations further described in this article. --------------------------------------------- https://blog.fox-it.com/2020/06/23/wastedlocker-a-new-ransomware-variant-de… ∗∗∗ Gefälschte PayLife-Mails im Umlauf ∗∗∗ --------------------------------------------- Unter verschiedenen Vorwänden versuchen BetrügerInnen derzeit an Zugangs- und Kreditkartendaten von PayLife-KundInnen zu kommen. Kommt man den Aufforderungen in diesen Mails nicht nach, wird mit einer Sperre der Karte oder anderen Einschränkungen gedroht. Folgen Sie dem Link in diesen Mails nicht und laden Sie auch keine „Kartensicherheits-App“ herunter! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-paylife-mails-im-umlauf/ ∗∗∗ Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices ∗∗∗ --------------------------------------------- A new hybrid malware capable of cryptojacking and launching DDoS was discovered in the wild, which weve named "Lucifer." --------------------------------------------- https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybr… ∗∗∗ This sneaky malware goes to unusual lengths to cover its tracks ∗∗∗ --------------------------------------------- Glupteba creates a backdoor into infected Windows systems - and researchers think itll be offered to cyber criminals as an easy means of distributing other malware. --------------------------------------------- https://www.zdnet.com/article/this-sneaky-malware-goes-to-unusual-lengths-t… ===================== = Vulnerabilities = ===================== ∗∗∗ Kritische Sicherheitslücke bedroht Magento-Shops ∗∗∗ --------------------------------------------- Angreifer könnten Onlineshops auf Magento-Basis attackieren und im schlimmsten Fall komplett übernehmen. --------------------------------------------- https://heise.de/-4793608 ∗∗∗ Kritische Lücke: Helpdesk-App auf Qnap-NAS lädt Angreifer ein ∗∗∗ --------------------------------------------- Qnap hat eine wichtige Aktualisierung für die Support-App Helpdesk veröffentlicht. --------------------------------------------- https://heise.de/-4794415 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel, ntp, and unbound), Fedora (php-horde-horde and tcpreplay), openSUSE (chromium, java-1_8_0-openj9, mozilla-nspr, mozilla-nss, and opera), Oracle (gnutls, grafana, thunderbird, and unbound), Red Hat (candlepin and satellite, docker, microcode_ctl, openstack-keystone, openstack-manila and openstack-manila, and qemu-kvm-rhev), Scientific Linux (kernel and ntp), Slackware (ntp), SUSE (curl, libreoffice, libssh2_org, and php5), and Ubuntu (curl). --------------------------------------------- https://lwn.net/Articles/824378/ ∗∗∗ VMware Produkte: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0622 ∗∗∗ Security Bulletin: IBM Security Guardium is affected by Use of Hard-Coded Credentials vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Multiple vulnerabilities have been identified in IBM Tivoli Netcool/OMNIbus Probe for Network Node Manager i (CVE-2009-3555) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OS Command Injection vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Speech to Text, Text to Speech ICP WebSphere Application Server Liberty Fix ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-speech-to-text-text-to-sp… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.06.2020
by Daily end-of-shift report 23 Jun '20

23 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Montag 22-06-2020 18:00 − Dienstag 23-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Comparing Office Documents with WinMerge, (Mon, Jun 22nd) ∗∗∗ --------------------------------------------- Sometimes I have to compare the internals of Office documents (OOXML files, e.g. ZIP container with XML files, ...). Since they are ZIP containers, I have to compare the files within. I used to do this with with zipdump.py tool, but recently, I started to use WinMerge because of its graphical user interface. --------------------------------------------- https://isc.sans.edu/diary/rss/26268 ∗∗∗ HTTP Request Smuggling: Abusing Reverse Proxies ∗∗∗ --------------------------------------------- SANS Penetration Testing blog about exploiting differences between web servers and their reverse proxies --------------------------------------------- https://www.sans.org/blog/http-request-smuggling-abusing-reverse-proxies?ms… ∗∗∗ XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers ∗∗∗ --------------------------------------------- We have recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers; these are XORDDoS malware and Kaiji DDoS malware. While the XORDDoS attack infiltrated the Docker server to infect all the containers hosted on it, the Kaiji attack deploys its own container that will contain its DDoS malware. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/xorddos-kaiji-b… ∗∗∗ Vorschussbetrug: Ein Opfer berichtet… ∗∗∗ --------------------------------------------- Vorschussbetrug funktioniert immer ähnlich: Ihnen wird per E-Mail mitgeteilt, dass Sie auserwählt wurden, einen sehr hohen Geldbetrag zu erhalten. Jedoch müssen Sie vorab eine Geldsumme überweisen – angeblich für Zertifikate, Spesen, die Abwicklung der Überweisung oder Ähnliches. Erst dann kann der Betrag an Sie übermittelt werden. Achtung: Den angeblichen Geldbetrag erhalten Sie nie und das vorab überwiesene Geld ist weg! --------------------------------------------- https://www.watchlist-internet.at/news/vorschussbetrug-ein-opfer-berichtet/ ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdate Bitdefender: Websites könnten Schadcode auf PCs schleusen ∗∗∗ --------------------------------------------- In einer aktualisierten Version von Bitdefender Internet Security haben die Entwickler eine Sicherheitslücke geschlossen. Das Angriffsrisiko gilt als hoch. --------------------------------------------- https://heise.de/-4792200 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (thunderbird), Debian (wordpress), Fedora (ca-certificates, kernel, libexif, and tomcat), openSUSE (chromium, containerd, docker, docker-runc, golang-github-docker-libnetwork, fwupd, osc, perl, php7, and xmlgraphics-batik), Oracle (unbound), Red Hat (containernetworking-plugins, dpdk, grafana, kernel, kernel-rt, kpatch-patch, libexif, microcode_ctl, ntp, pcs, and skopeo), Scientific Linux (unbound), SUSE (kernel, mariadb, mercurial, and xawtv), and Ubuntu (mutt, nfs-utils). --------------------------------------------- https://lwn.net/Articles/824264/ ∗∗∗ Atlassian Jira Software: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann eine Schwachstelle in Atlassian Jira Software ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0617 ∗∗∗ Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020 ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM API Connect V2018 (ova) is vulnerable to denial of service (CVE-2020-8551, CVE-2020-8552) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v2018-ova… ∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2020-4323) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: PowerVC is impacted by an Openstack Nova vulnerability which could leak consoleauth tokens into log files (CVE-2015-9543) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-powervc-is-impacted-by-an… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OS Command Injection vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Hard-coded passwords vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2020-4327) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2020-4413) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ KLCERT-20-014: Session token exposed in Honeywell ControlEdge PLC and RTU ∗∗∗ --------------------------------------------- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/06/23/klce… ∗∗∗ KLCERT-20-013: Unencypted password transmission in Honeywell ControlEdge PLC and RTU ∗∗∗ --------------------------------------------- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/06/23/klce… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.06.2020
by Daily end-of-shift report 22 Jun '20

22 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 19-06-2020 18:00 − Montag 22-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Top 8 tips for office security when employees are working from home ∗∗∗ --------------------------------------------- Who’s minding the store? Cybersecurity has become even more high profile during the current COVID-19 pandemic. A recent warning from the UK National Cyber Security Centre and the US Department of Homeland Security talks of state-backed hackers targeting healthcare organizations. Many other examples of pandemic-focused cyberattacks have popped up since the coronavirus appeared. --------------------------------------------- https://resources.infosecinstitute.com/top-8-tips-for-office-security-when-… ∗∗∗ Web skimming with Google Analytics ∗∗∗ --------------------------------------------- Recently, we identified several cases where Google Analytics was misused: attackers injected malicious code into sites, which collected all the data entered by users, and then sent it via Analytics. --------------------------------------------- https://securelist.com/web-skimming-with-google-analytics/97414/ ∗∗∗ Pi Zero HoneyPot , (Sat, Jun 20th) ∗∗∗ --------------------------------------------- The ISC has had a Pi honeypot(1) for the last couple of years, but I haven't had much time to try it on the Pi zero. Recently, I've had a chance to try it out, and it works great. --------------------------------------------- https://isc.sans.edu/diary/rss/26260 ∗∗∗ Hijacking DLLs in Windows ∗∗∗ --------------------------------------------- DLL Hijacking is a popular technique for executing malicious payloads. This post lists nearly 300 executables vulnerable to relative path DLL Hijacking on Windows 10 (1909), and shows how with a few lines of VBScript some of the DLL hijacks can be executed with elevated privileges, bypassing UAC. --------------------------------------------- https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows ∗∗∗ Turn on MFA Before Crooks Do It For You ∗∗∗ --------------------------------------------- Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who dont take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Heres the story of one such incident. --------------------------------------------- https://krebsonsecurity.com/2020/06/turn-on-mfa-before-crooks-do-it-for-you/ ∗∗∗ Achtung vor gefährlicher "BawagPSK" Phishing-SMS ∗∗∗ --------------------------------------------- BetrügerInnen senden derzeit eine SMS-Nachricht im Namen der BAWAG P.S.K. aus. Als Absender wird keine Telefonnummer, sondern „BawagPSK“ angegeben. Laut der Nachricht müssen Sie einem Link folgen, um eine Anfrage zu Ihrem mobilen Banking zu bestätigen. Folgen Sie dem Link nicht! Er führt auf eine gefälschte Website und eingegebene Daten landen direkt in den Händen der Kriminellen. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-gefaehrlicher-bawagpsk-p… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdate: Firmware-Bug gefährdet XG Firewalls von Sophos ∗∗∗ --------------------------------------------- Angreifer könnten über ein Schlupfloch in Sophos XG Firewalls Schadcode in Netzwerken ausführen. --------------------------------------------- https://heise.de/-4790793 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (lynis, mutt, neomutt, ngircd, and rails), Mageia (gnutls), Oracle (thunderbird), Red Hat (chromium-browser, gnutls, grafana, thunderbird, and unbound), Scientific Linux (thunderbird and unbound), and SUSE (bind, java-1_8_0-openjdk, kernel, libgxps, and osc). --------------------------------------------- https://lwn.net/Articles/824113/ ∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Elastic Elasticsearch ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-… ∗∗∗ Security Bulletin: OpenSSL for IBM i is affected by CVE-2020-1967 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affe… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Potential vulnerability with FasterXML jackson-databind ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-w… ∗∗∗ Security Bulletin: Multiple potential vulnerabilities in Node.js ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-potential-vulner… ∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-… ∗∗∗ Security Bulletin: Apache Commons FileUpload (Publicly disclosed vulnerability) in IBM eDiscovery Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-fileupload… ∗∗∗ Security Bulletin: January 2020 Critical Patch Update for Java ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-january-2020-critical-pat… ∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-… ∗∗∗ Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-ser… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.06.2020
by Daily end-of-shift report 19 Jun '20

19 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 18-06-2020 18:00 − Freitag 19-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers use fake Windows error logs to hide malicious payload ∗∗∗ --------------------------------------------- Hackers have been using fake error logs to store ASCII characters disguised as hexadecimal values that decode to a malicious payload designed to prepare the ground for script-based attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-use-fake-windows-err… ∗∗∗ IBM Maximo Asset Management servers patched against attacks ∗∗∗ --------------------------------------------- Details are hazy but the overall story is clear: if you use IBM’s Maximo Asset Management, make sure you’re patched. --------------------------------------------- https://nakedsecurity.sophos.com/2020/06/19/ibm-maximo-asset-management-ser… ∗∗∗ Sicherheitsupdate für CMS: Drupal anfällig für Remote Code Execution ∗∗∗ --------------------------------------------- Die Drupal-Entwickler haben zwei Sicherheitslücken in mehreren Versionen des Content Management Systems geschlossen. --------------------------------------------- https://heise.de/-4789539 ∗∗∗ Security: Four zero-days spotted in attacks on honeypot systems ∗∗∗ --------------------------------------------- Previously unknown attacks used against fake systems show big problems remain with industrial systems security. --------------------------------------------- https://www.zdnet.com/article/security-four-zero-day-attacks-spotted-in-att… ===================== = Vulnerabilities = ===================== ∗∗∗ BlackBerry Powered by Android Security Bulletin - June 2020 ∗∗∗ --------------------------------------------- BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build. --------------------------------------------- https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumbe… ∗∗∗ Kritische 0day-Lücke in 79 Netgear-Router-Modellen ∗∗∗ --------------------------------------------- Über einen Fehler im eingebauten Webserver lassen sich die Geräte kapern – unter Umständen schon beim Besuch einer Webseite mit dem Exploit. --------------------------------------------- https://heise.de/-4789814 ∗∗∗ VMSA-2020-0014 ∗∗∗ --------------------------------------------- VMware Tools for macOS update addresses a denial-of-service vulnerability (CVE-2020-3972) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0014.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7), Fedora (dbus, kernel, microcode_ctl, mingw-glib-networking, moby-engine, and roundcubemail), Mageia (libjpeg), openSUSE (chromium and rmt-server), Oracle (kernel and microcode_ctl), Red Hat (rh-nodejs8-nodejs and thunderbird), Slackware (bind), and SUSE (adns, containerd, docker, docker-runc, golang-github-docker-libnetwork, dbus-1, fwupd, gegl, gnuplot, guile, java-1_7_1-ibm, java-1_8_0-ibm, kernel, mozilla-nspr, mozilla-nss, perl, and [...] --------------------------------------------- https://lwn.net/Articles/823736/ ∗∗∗ Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Contract Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-ser… ∗∗∗ Security Bulletin: Multiple vulnerabilities affects IBM Engineering Requirements Management DOORS Next ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability identified in Apache ActiveMQ used in Cloud Pak System (CVE-2020-1941) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-identified-… ∗∗∗ Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-ser… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.06.2020
by Daily end-of-shift report 18 Jun '20

18 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 17-06-2020 18:00 − Donnerstag 18-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ FF Sandbox Escape (CVE-2020-12388) ∗∗∗ --------------------------------------------- In my previous blog post I discussed an issue with the Windows Kernel’s handling of Restricted Tokens which allowed me to escape the Chrome GPU sandbox. Originally I’d planned to use Firefox for the proof-of-concept as Firefox uses the same effective sandbox level as the Chrome GPU process for its content renderers. That means a FF content RCE would give code execution in a sandbox where you could abuse the Windows Kernel Restricted Tokens issue, [...] --------------------------------------------- https://googleprojectzero.blogspot.com/2020/06/ff-sandbox-escape-cve-2020-1… ∗∗∗ BofA Phish Gets Around DMARC, Other Email Protections ∗∗∗ --------------------------------------------- The June campaign was targeted and aimed at stealing online banking credentials. --------------------------------------------- https://threatpost.com/bofa-phish-gets-around-dmarc-other-email-protections… ∗∗∗ Broken phishing accidentally exploiting Outlook zero-day, (Thu, Jun 18th) ∗∗∗ --------------------------------------------- When we think of zero-days, what comes to mind are usually RCEs or other high-impact vulnerabilities. Zero-days, however, come in all shapes and sizes and many of them are low impact, as is the vulnerability were going to discuss today. What is interesting about it, apart from it allowing a sender of an e-mail to include/change a link in an e-mail when it is forwarded by Outlook, is that I noticed it being exploited in a low-quality phishing e-mail by what appears to be a complete accident. --------------------------------------------- https://isc.sans.edu/diary/rss/26254 ∗∗∗ Gefährliche SMS von Notify stiehlt Apple-ID ∗∗∗ --------------------------------------------- Zahlreiche Leserinnen und Leser melden der Watchlist Internet eine SMS-Nachricht im Namen von Apple. Als Absender ist keine Nummer sondern „Notify“ angegeben. Angeblich wurde das Apple-Konto gesperrt. Dem Link zur Freischaltung darf nicht gefolgt werden! Hier werden Apple-ID und Kreditkartendaten gestohlen und missbraucht. --------------------------------------------- https://www.watchlist-internet.at/news/gefaehrliche-sms-von-notify-stiehlt-… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco IP Phones Call Log Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Web Access feature of Cisco IP Phones could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Sicherheitsupdates: Cisco Webex Meetings kann sich an Fake-Updates verschlucken ∗∗∗ --------------------------------------------- Der Netzwerkausrüster Cisco hat wichtige Sicherheitsupdates für etwa Data Center Network Manager, verschiedene Router und Webex Meetings veröffentlicht. --------------------------------------------- https://heise.de/-4787456 ∗∗∗ CPU-Sicherheitslücken bei AMD-Kombiprozessoren: BIOS-Updates kommen ∗∗∗ --------------------------------------------- AMDs Kombiprozessoren der Jahre 2016 bis 2019, also auch Ryzen-Modellen, fehlen Sicherheitschecks, um SMM-Code im RAM zu verstecken. --------------------------------------------- https://heise.de/-4788807 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7 and python-django), Fedora (glib-networking, kernel, kernel-headers, and nghttp2), openSUSE (adns, chromium, file-roller, and libEMF), SUSE (java-1_7_1-ibm), and Ubuntu (bind9 and nss). --------------------------------------------- https://lwn.net/Articles/823461/ ∗∗∗ Synology-SA-20:14 SRM ∗∗∗ --------------------------------------------- Multiple vulnerabilities allow remote attackers to execute arbitrary code via a susceptible version of Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_14 ∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0598 ∗∗∗ Internet Systems Consortium BIND: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0599 ∗∗∗ Microsoft Windows 10: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0601 ∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0609 ∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0604 ∗∗∗ Security Advisory - Improper Privilege Management Vulnerability in FusionShpere Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200617-… ∗∗∗ Security Bulletin: IBM API Connect V2018 is vulnerable to denial of service (CVE-2020-8551, CVE-2020-8552) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v2018-is-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4469, CVE-2020-4471, CVE-2020-4470) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager (October 2019, January 2020 and April 2020 CPUs) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – CVE-2020-2654 (deferred from Oracle Jan 2020 CPU) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-o… ∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – IBM SDK, Java Technology Edition Quarterly CPU – Apr 2020 – Includes Oracle Apr 2020 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-o… ∗∗∗ Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-i… ∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – CVE-2019-2949 (deferred from Oracle Oct 2019 CPU) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-o… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU for IBM MQ – Jan 2020 – Includes Oracle Jan 2020 CPU minus CVE-2020-2585, CVE-2020-2654, and CVE-2020-2590 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.06.2020
by Daily end-of-shift report 17 Jun '20

17 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 16-06-2020 18:00 − Mittwoch 17-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Do cybercriminals play cyber games during quarantine? ∗∗∗ --------------------------------------------- Thanks to the coronavirus pandemic, the role of the Internet in our lives has undergone changes, including irreversible ones. We decided to take a closer look at the changes around us through the prism of information security, starting with the video game industry. --------------------------------------------- https://securelist.com/do-cybercriminals-play-cyber-games-during-quarantine… ∗∗∗ When NTP Kills Your Sandbox ∗∗∗ --------------------------------------------- If it’s common to say that “Everything is a Freaking DNS problem“, other protocols can also be the source of problems… NTP (“Network Time Protocol”) is also a good candidate! A best practice is to synchronize all your devices via NTP but also to set up the same timezone! We [...] --------------------------------------------- https://blog.rootshell.be/2020/06/17/when-ntp-kills-your-sandbox/ ∗∗∗ A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software ∗∗∗ --------------------------------------------- [...] The vulnerability represents a new attack vector that allows attackers to create fake USB devices, fully trusted by the Windows operating system (kernel), to attack a machine in unconventional and unexpected ways. --------------------------------------------- https://labs.sentinelone.com/click-from-the-backyard-cve-2020-9332/ ∗∗∗ Ripple20 erschüttert das Internet der Dinge ∗∗∗ --------------------------------------------- Eine Reihe von teils kritischen Sicherheitslücken in einer TCP/IP-Implementierung gefährdet Geräte in Haushalten, Krankenhäusern und Industrieanlagen. --------------------------------------------- https://heise.de/-4786249 ∗∗∗ Embedded security fails in ICS ∗∗∗ --------------------------------------------- Over the last 5 years, we’ve seen an increasing use of open-source software in ICS (Industrial Control Systems) devices, with a move away from traditional RTOS (Real Time Operating System) [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/embedded-security-fails-in-ic… ∗∗∗ Vorsicht bei der Wohnungssuche: Günstige Traumwohnung könnte Betrug sein! ∗∗∗ --------------------------------------------- Es ist kaum zu glauben: Zentrale Lage in der Wiener Innenstadt. Eingerichtet mit neuesten Möbeln und Geräten. 87m2 und dazu noch eine Terrasse oder einen Balkon. Das Beste daran: Die Miete beträgt nur 450 Euro monatlich, weit unter dem Durchschnitt also. Kennen Sie ähnlich verlockende Wohnungsinserate? Wenn ja, sollten Sie vorsichtig sein und sich den Anbieter oder die Anbieterin genauer ansehen, bevor Sie bei dem verlockenden Schnäppchen zusagen! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-der-wohnungssuche-guens… ===================== = Vulnerabilities = ===================== ∗∗∗ SaltStack FrameWork Vulnerabilities Affecting Cisco Products ∗∗∗ --------------------------------------------- On April 29, 2020, the Salt Open Core team notified their community regarding the following two CVE-IDs: CVE-2020-11651: Authentication Bypass Vulnerability CVE-2020-11652: Directory Traversal Vulnerability Cisco Modeling Labs Corporate Edition (CML), Cisco TelePresence IX5000 Series, and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ ICS Advisory (ICSA-20-168-01) - Treck TCP/IP Stack ∗∗∗ --------------------------------------------- CISA is aware of a public report, known as "Ripple20" that details vulnerabilities found in the Treck TCP/IP stack. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-168-01 ∗∗∗ Linux-Kernel: ACPI-Bug hebelt Schutzmechanismen von UEFI Secure Boot aus ∗∗∗ --------------------------------------------- Ein Bug im Linux-Mainline-Kernel könnte Angreifern das Laden unsignierter Kernel-Module trotz UEFI Secure Boot ermöglichen. PoC-Code und ein Patch liegen vor. --------------------------------------------- https://heise.de/-4786877 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (dbus and intel-ucode), CentOS (libexif), Debian (vlc), SUSE (xen), and Ubuntu (dbus, libexif, and nss). --------------------------------------------- https://lwn.net/Articles/823283/ ∗∗∗ Security Bulletin: WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Security Vulnerabilities in IBM® Java SDK April 2020 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: Information disclosure vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4532 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server and IBM WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.06.2020
by Daily end-of-shift report 16 Jun '20

16 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Montag 15-06-2020 18:00 − Dienstag 16-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ New Java STRRAT ships with .crimson ransomware module ∗∗∗ --------------------------------------------- This Java based malware installs RDPWrap, steals credentials, logs keystrokes and remote controls Windows systems. It may soon be capable to infect without Java installed. --------------------------------------------- https://www.gdatasoftware.com/blog/strrat-crimson ∗∗∗ SOHO Device Exploitation ∗∗∗ --------------------------------------------- This blog describes one such session of auditing the Netgear R7000 router, analyzing the resulting vulnerability, and the exploit development process that followed. The write-up and code for the vulnerability described in this blog post can be found in our NotQuite0DayFriday repository. --------------------------------------------- https://blog.grimm-co.com/2020/06/soho-device-exploitation.html ∗∗∗ The Curious Case of Copy & Paste – on risks of pasting arbitrary content in browsers ∗∗∗ --------------------------------------------- This writeup is a summary of my research on issues in handling copying and pasting in: browsers, popular WYSIWYG editors, and websites. --------------------------------------------- https://research.securitum.com/the-curious-case-of-copy-paste/ ∗∗∗ 19 Zero-Day Vulnerabilities Amplified by the Supply Chain ∗∗∗ --------------------------------------------- The JSOF research lab has discovered a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. The 19 vulnerabilities, given the name Ripple20, affect hundreds of millions of devices (or more), and include multiple remote code execution vulnerabilities. The risks inherent in this situation are high. Just a few examples: data could be stolen off of a printer, an infusion pump behavior changed, or industrial control devices could be made to [...] --------------------------------------------- https://www.jsof-tech.com/ripple20/ ∗∗∗ Fake-Trachtenshops werben auf Facebook & Instagram ∗∗∗ --------------------------------------------- Auf Facebook und Instagram sind wir umgeben von Werbung, jedoch ist nicht jede Werbeschaltung seriös. Aktuell werben die Fake-Shops marjo-trachten.com, statuskelidmode.de und linennew.com intensiv mit Facebook-Anzeigen. Wer dort bestellt hat, wird trotz Bezahlung keine oder nur minderwertige Ware bekommen! --------------------------------------------- https://www.watchlist-internet.at/news/fake-trachtenshops-werben-auf-facebo… ∗∗∗ Warning issued over hackable security cameras ∗∗∗ --------------------------------------------- The owners of the vulnerable indoor cameras are advised to unplug the devices immediately --------------------------------------------- https://www.welivesecurity.com/2020/06/15/warning-issued-hackable-security-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Campaign Classic (APSB20-34), Adobe After Effects (APSB20-35), Adobe Illustrator (APSB20-37), Adobe Premiere Pro (APSB20-38), Adobe Premiere Rush (APSB20-39) and Adobe Audition (APSB20-40). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1884 ∗∗∗ Beckhoff Security Advisory 2020-002: EtherLeak in TwinCAT RT network driver ∗∗∗ --------------------------------------------- In case an network interface sends Ethernet frames with payloads smaller than the minimum frame length, memory content is disclosed within the padding. --------------------------------------------- https://download.beckhoff.com/download/document/product-security/Advisories… ∗∗∗ Root-Lücke bedroht IBM Spectrum Protect Server ∗∗∗ --------------------------------------------- Unter anderem gefährliche Sicherheitslücken in IBMs Datenbankmanagementsystem Db2 gefährden Spectrum Protect Server. --------------------------------------------- https://heise.de/-4785158 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (galera, grafana, libjcat, libvirt, mariadb-connector-c, and perl), Gentoo (asterisk, bubblewrap, cyrus-imapd, faad2, json-c, openconnect, openjdk-bin, pcre2, PEAR-Archive_Tar, thunderbird, and tomcat), Mageia (mbedtls and scapy), openSUSE (libntlm, libupnp, prboom-plus, varnish, and xen), Oracle (libexif), Red Hat (kpatch-patch), Scientific Linux (libexif), SUSE (mariadb, nodejs6, and poppler), and Ubuntu (apport). --------------------------------------------- https://lwn.net/Articles/823199/ ∗∗∗ Synology-SA-20:13 CallStranger ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to obtain sensitive information or conduct denial-of-service attack via a susceptible version of Synology Router Manager (SRM) or Media Server. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_13 ∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0588 ∗∗∗ Security Bulletin: Vulnerabilities addressed in IBM Cloud Pak System (CVE-2019-4521, CVE-2019-4095) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-addressed… ∗∗∗ Security Bulletin: IBM MQ is vulnerable to a denial of service attack due to an error within the Data Conversion logic. (CVE-2020-4310) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU for WebSphere MQ Internet Pass-Thru – April 2020 – Includes Oracle April 2020 CPU (CVE-2020-2781) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by OpenSSL vulnerabilities (CVE-2019-1547 and CVE-2019-1563) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: IBM MQ and MQ Appliance could allow an authenticated user cause a denial of service due to a memory leak. (CVE-2020-4267) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-mq-appliance-c… ∗∗∗ Security Bulletin: Security Vulnerabilities in IBM® Java SDK April 2020 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by Network Security Services (NSS) vulnerabilities (CVE-2019-11729 and CVE-2019-11745) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: Cross-site scripting vulnerability in IBM Cloud Pak System (CVE-2019-4098) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: IBM MQ AMQP channels fail to block connections restricted by SSLPEER setting (CVE-2020-4320) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-amqp-channels-fail… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.06.2020
by Daily end-of-shift report 15 Jun '20

15 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 12-06-2020 18:00 − Montag 15-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Mirai Botnet Activity, (Sat, Jun 13th) ∗∗∗ --------------------------------------------- This past week, I noticed new activity from the Mirai botnet in my honeypot. The sample log with the IP and file associated with the first log appears to have been taken down (96.30.193.26) which appeared multiple times this week including today. However, the last two logs from today are still active which is using a Bash script to download multiple exploits targeting various device types (MIPS, ARM4-7, MPSL, x86, PPC, M68k). Something else of interest is the User-Agent: XTC and the name viktor [...] --------------------------------------------- https://isc.sans.edu/diary/rss/26234 ∗∗∗ What is the Gibberish Hack? ∗∗∗ --------------------------------------------- Discovering some random folder with numbers and letters you don’t remember on your website would make any website owner put on their detective cap. At first, you may think, “Did I leave my FTP client open and my cat ran across the keyboard?” But when you open the folder, you find a series of HTML files, each named with some kind of nonsensical phrases like “cheap-cool-hairstyles-photos.html.” If you open one of these files on the browser, you’ll likely be [...] --------------------------------------------- https://blog.sucuri.net/2020/06/gibberish-hack.html ===================== = Vulnerabilities = ===================== ∗∗∗ D-Link patcht älteren WLAN-Router DIR-865L – aber nur ein bisschen ∗∗∗ --------------------------------------------- Ein wichtiges Sicherheitsupdate für den WLAN-Router DIR865L schließt mehrere Sicherheitslücken. Eine kritische Schwachstelle bleibt aber offen. --------------------------------------------- https://heise.de/-4783566 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (intel-microcode, libexif, mysql-connector-java, and thunderbird), Fedora (gnutls, grafana, kernel, kernel-headers, mingw-gnutls, mod_auth_openidc, NetworkManager, and pdns-recursor), Gentoo (adobe-flash, ansible, chromium, firefox, glibc, mailutils, nokogiri, readline, ssvnc, and webkit-gtk), Mageia (axel, bind, dbus, flash-player-plugin, libreoffice, networkmanager, and roundcubemail), openSUSE (java-1_8_0-openjdk, kernel, nodejs8, rubygem-bundler, [...] --------------------------------------------- https://lwn.net/Articles/823107/ ∗∗∗ Security Bulletin: Vulnerability in Apache Tomcat affects IBM Spectrum Protect Plus (CVE-2020-1938) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-t… ∗∗∗ Security Bulletin: IBM Spectrum Protect Plus vulnerable to Logjam (CVE-2015-4000) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-plus… ∗∗∗ Security Bulletin: Multiple Java vulnerabilities affect IBM Spectrum Protect Plus ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-java-vulnerabili… ∗∗∗ Security Bulletin: Vulnerability in MongoDB affects IBM Spectrum Protect Plus (CVE-2019-2389) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-mongodb-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4469, CVE-2020-4471, CVE-2020-4470) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in Go programming language affects IBM Spectrum Protect Server (CVE-2019-16276) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-go-progr… ∗∗∗ Security Bulletin: Db2 vulnerabilities affect IBM Spectrum Protect Server (CVE-2020-4230, CVE-2020-4135, CVE-2020-4204, CVE-2020-4200) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-db2-vulnerabilities-affec… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects the IBM Spectrum Protect Server (CVE-2019-2989) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2019-4732, CVE-2019-2989, CVE-2019-2964) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Denial of Service vulnerability in Linux Kernel affects IBM Spectrum Protect Plus (CVE-2020-12114) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnera… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.06.2020
by Daily end-of-shift report 12 Jun '20

12 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 10-06-2020 18:00 − Freitag 12-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers are quick to notice exposed Elasticsearch servers ∗∗∗ --------------------------------------------- Bad guys find unprotected Elasticsearch servers exposed on the web faster than search engines can index them. A study found that threat actors are mainly going for cryptocurrency mining and credential theft. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-are-quick-to-notice-… ∗∗∗ Intel patches chip flaw that could leak your cryptographic secrets ∗∗∗ --------------------------------------------- Intel chip features that were intended to help you do cryptography better could have leaked your inner secrets. --------------------------------------------- https://nakedsecurity.sophos.com/2020/06/12/intel-patches-chip-flaw-that-co… ∗∗∗ ConnectWise issues a slightly scary but unusually significant security advisory ∗∗∗ --------------------------------------------- Because IT service providers use ConnectWise to run your IT and this is its first-ever bug report ConnectWise isn't a vendor most Reg readers deal with directly, but the fact the company has just issued its first-ever security advisory deserves attention. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2020/06/12/connectwise_… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (tomcat), Debian (intel-microcode, libphp-phpmailer, mysql-connector-java, python-django, thunderbird, and xawtv), Fedora (kernel and thunderbird), Gentoo (perl), openSUSE (libexif and vim), Oracle (dotnet, kernel, microcode_ctl, and tomcat), Red Hat (net-snmp), Scientific Linux (libexif and tomcat), Slackware (kernel), and SUSE (adns, audiofile, ed, kvm, nodejs12, and xen). --------------------------------------------- https://lwn.net/Articles/822964/ ∗∗∗ Critical Vulnerabilities Expose Siemens LOGO! Controllers to Attacks ∗∗∗ --------------------------------------------- Siemens’ LOGO! programmable logic controllers (PLCs) are affected by critical vulnerabilities that can be exploited remotely to launch denial-of-service (DoS) attacks and modify the device’s configuration. --------------------------------------------- https://www.securityweek.com/critical-vulnerabilities-expose-siemens-logo-c… ∗∗∗ 6 New Vulnerabilities Found on D-Link Home Routers ∗∗∗ --------------------------------------------- Six new D-Link vulnerabilities found in D-Links DIR-865L home cloud router. Consumers should patch ASAP. --------------------------------------------- https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-h… ∗∗∗ Vulnerabilities in Citrix Workspace app and Receiver for Windows ∗∗∗ --------------------------------------------- Vulnerabilities have been identified in Citrix Workspace app and Receiver for Windows that could result in a local user escalating their privilege level to administrator during the uninstallation process. --------------------------------------------- https://support.citrix.com/article/CTX275460 ∗∗∗ Red Hat JBoss Application Server (JBoss): Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0580 ∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0579 ∗∗∗ WordPress: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0583 ∗∗∗ Security Advisory - Denial of Service Vulnerability in Huawei FusionAccess Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200610-… ∗∗∗ Security Advisory - FasterXML Jackson-databind Injection Vulnerability in Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200610-… ∗∗∗ Security Bulletin: Vulnerabilities CVE-2020-1927 and CVE-2020-1934 in Apache HTTP Server affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-cve-2020-… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Program Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: IBM Workload Scheduler potentially vulnerable to cross site scripting ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-workload-scheduler-po… ∗∗∗ Security Bulletin: IBM Event Streams is affected by Apache CXF vulnerability CVE-2019-12406 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Contract Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: IBM Event Streams is affected by Go vulnerability CVE-2019-16276 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: IBM Event Streams is affected by WebSphere Liberty Profile vulnerability CVE-2019-4441 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: IBM Event Streams is affected by jackson-databind vulnerability CVE-2019-20330 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: IBM API Connect V5 is vulnerable to cross site scripting (XSS) (CVE-2020-4251) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v5-is-vul… ∗∗∗ Security Bulletin: IBM Event Streams is affected by kafka vulnerability CVE-2019-12399 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.06.2020
by Daily end-of-shift report 10 Jun '20

10 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 09-06-2020 18:00 − Mittwoch 10-06-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Zahlreiche Beschwerden zu Kammerjaeger.pro, elektro-24.info und anderen Handwerkern ∗∗∗ --------------------------------------------- Ungeziefer zuhause? Die BetreiberInnen von der Seite Kammerjaeger.pro sollten Sie bei Problemen mit Schädlingen lieber nicht beauftragen. Denn: KonsumentInnen berichten von überhöhten Zahlungsforderungen. Nachträgliche Beschwerden sind nicht möglich, da nach der Bezahlung niemand mehr erreichbar ist. --------------------------------------------- https://www.watchlist-internet.at/news/zahlreiche-beschwerden-zu-kammerjaeg… ∗∗∗ Neue Quiz-App: Testen Sie Ihr Wissen zum Thema Internetsicherheit! ∗∗∗ --------------------------------------------- Wissen Sie was Phishing bedeutet? Erkennen Sie einen Fake-Shop? Durchschauen Sie Abo-Fallen? Testen und stärken Sie Ihr Wissen mit der neuen Quiz-App zum Thema Internetsicherheit. --------------------------------------------- https://www.watchlist-internet.at/news/neue-quiz-app-testen-sie-ihr-wissen-… ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: Microsoft lässt über 120 Sicherheitsupdates auf Windows & Co. los ∗∗∗ --------------------------------------------- Wer Betriebssysteme und Software von Microsoft nutzt, sollte sicherstellen, dass die aktuellen Updates installiert sind. --------------------------------------------- https://heise.de/-4779414 ∗∗∗ Blackberry BSRT-2020-002 Input Validation Vulnerability in Server Configuration Management Impacts BlackBerry Workspaces Server (deployed with Appliance-X) ∗∗∗ --------------------------------------------- This advisory addresses an input validation vulnerability in the server configuration management of affected versions of BlackBerry Workspaces Server (deployed with Appliance-X) that could potentially allow a successful attacker to conduct an information disclosure, tampering or denial of service attack. BlackBerry is not aware of any exploitation of this vulnerability. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Intel IPAS: Security Advisories for June 2020 ∗∗∗ --------------------------------------------- * INTEL-SA-00266 2020.1 IPU – Intel SSD Advisory * INTEL-SA-00295 2020.1 IPU – Intel CSME, SPS, TXE, AMT and DAL Advisory * INTEL-SA-00320 2020.1 IPU – Special Register Buffer Data Sampling * INTEL-SA-00322 2020.1 IPU – BIOS Advisory * INTEL-SA-00366 Intel Innovation Engine Advisory --------------------------------------------- https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-jun… ∗∗∗ SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol ∗∗∗ --------------------------------------------- Cybersecurity researchers today uncovered a new critical vulnerability affecting the Server Message Block (SMB) protocol that could allow attackers to leak kernel memory remotely, and when combined with a previously disclosed "wormable" bug, the flaw can be exploited to achieve remote code execution attacks. --------------------------------------------- https://thehackernews.com/2020/06/SMBleed-smb-vulnerability.html ∗∗∗ VMSA-2020-0013 ∗∗∗ --------------------------------------------- VMware Horizon Client for Windows update addresses privilege escalation vulnerability (CVE-2020-3961) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0013.html ∗∗∗ XSA-320 ∗∗∗ --------------------------------------------- Special Register Buffer speculative side channel --------------------------------------------- https://xenbits.xen.org/xsa/advisory-320.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, firefox, gnutls, python-django, thunderbird, tomcat7, tomcat8, and tomcat9), CentOS (unbound), Debian (bluez, firefox-esr, kernel, and linux-4.9), Oracle (kernel), Red Hat (.NET Core, .NET Core 3.1, kernel, kernel-rt, libexif, microcode_ctl, pcs, and virt:rhel), SUSE (gnutls, java-1_7_0-ibm, kernel, microcode_ctl, nodejs10, nodejs8, rubygem-bundler, texlive, texlive-filesystem, thunderbird, and ucode-intel), and Ubuntu (intel-microcode, [...] --------------------------------------------- https://lwn.net/Articles/822719/ ∗∗∗ WAGO: PPPD in PFC100 and PFC200 Series is vulnerable to CVE-2020-8597 ∗∗∗ --------------------------------------------- WAGO PLCs pppd is vulnerable to CVE-2020-8597 in case the daemon has been activated. --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-020 ∗∗∗ Citrix Hypervisor Security Updates ∗∗∗ --------------------------------------------- CTX275165 NewCitrix Hypervisor Security Updates Applicable Products: Citrix_Hypervisor_8_0, Citrix_Hypervisor_8_1, XenServer_7_0, XenServer_7_1_Cumulative_Update_2 [...] A security issue has been identified in certain CPU hardware that may allow unprivileged code running on a host to observe the entropy provided by the CPU to other processes, virtual machines or the hypervisor that are, or have recently been, running, irrespective of whether they are running on the same processor core or thread. For example, if a process in one guest VM were to use the RDSEED instruction to get a random value to use as a secret encryption key, another process in a different VM might be able to observe the result of that RDSEED instruction and so determine the secret encryption key. --------------------------------------------- https://support.citrix.com/article/CTX275165 ∗∗∗ Security Advisory - Insufficient Input Verification of Some Huawei products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200610-… ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200610-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200610-… ∗∗∗ Security Bulletin: IBM QRadar Network Packet Capture does not require that users should have strong passwords by default (CVE-2019-4576) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-packet… ∗∗∗ Security Bulletin: OpenSSL vulnerabilites impacting IBM Aspera Streaming for Video 3.8.0 and earlier (CVE-2019-1552) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-im… ∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Private – Go (CVE-2019-16276) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Public disclosed vulnerability from OpenSSL affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-public-disclosed-vulnerab… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple security vulnerabilities have been identified In Jackson Databind library shipped with IBM Global Mailbox (CVE-2019-14892, CVE-2019-14893) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux – January 2020 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.6.0 ESR) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.1.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Various vulnerabilities affecting certain Aspera applications (CVE-2020-4432, CVE-2020-4433, CVE-2020-4434, CVE-2020-4435, CVE-2020-4436) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-various-vulnerabilities-a… ∗∗∗ Dell BIOS & Computer: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0562 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily