Daily

daily@lists.cert.at

1 participants
3085 discussions

Tageszusammenfassung - 04.01.2021
by Daily end-of-shift report 04 Jan '21

04 Jan '21

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 30-12-2020 18:00 − Montag 04-01-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Citrix adds NetScaler ADC setting to block recent DDoS attacks ∗∗∗ --------------------------------------------- Citrix has released a feature enhancement designed to block attackers from using the Datagram Transport Layer Security (DTLS) feature of NetScaler ADC devices as an amplification vector in DDoS attacks. [...] https://support.citrix.com/article/CTX289674 --------------------------------------------- https://www.bleepingcomputer.com/news/security/citrix-adds-netscaler-adc-se… ∗∗∗ Malware: Wurm macht Windows- und Linux-Server zu Monero-Minern ∗∗∗ --------------------------------------------- Die Schadsoftware nutzt offene Ports von Diensten wie MySQL aus und setzt darauf, dass sie mit schwachen Passwörtern gesichert sind. --------------------------------------------- https://www.golem.de/news/malware-wurm-macht-windows-und-linux-server-zu-mo… ∗∗∗ From a small BAT file to Mass Logger infostealer, (Mon, Jan 4th) ∗∗∗ --------------------------------------------- Since another year went by, Ive decided to once again check all of the malicious files, which were caught in my e-mail quarantine during its course. Last year, when I went through the batch of files from 2019, I found couple of very large samples[1] and I wanted to see whether Iɽ find something similar in the 2020 batch. --------------------------------------------- https://isc.sans.edu/diary/rss/26946 ∗∗∗ Cyber-Attacke über SolarWinds: Angreifer hatten Zugriff auf Microsoft-Quellcode ∗∗∗ --------------------------------------------- Microsoft hat eingeräumt, dass die Angreifer im Fall SolarWinds sehr tief in die konzerninternen Netzwerke eingedrungen und bis zum Quellcode gelangt sind. --------------------------------------------- https://heise.de/-5001678 ∗∗∗ IntelOwl 2.0: Freies Tool für Threat-Intelligence-Analysen ∗∗∗ --------------------------------------------- In der neuen Major Release 2.0 erhält das Threat-Intelligence-Werkzeug IntelOwl mehrere neue Analysatoren. Das Tool erscheint als Open-Source-Software. --------------------------------------------- https://heise.de/-5002685 ===================== = Vulnerabilities = ===================== ∗∗∗ Zend Framework remote code execution vulnerability revealed ∗∗∗ --------------------------------------------- An untrusted deserialization vulnerability has been disclosed in Zend Framework which can be used by attackers to achieve remote code execution on PHP sites. Portions of Laminas Project may also be impacted by this flaw, tracked as CVE-2021-3007. --------------------------------------------- https://www.bleepingcomputer.com/news/security/zend-framework-remote-code-e… ∗∗∗ Zyxel hat Backdoor in Firewalls einprogrammiert ∗∗∗ --------------------------------------------- Zyxel Networks hat in Firewalls und Access-Point-Controller Hintertüren eingebaut und das Passwort verraten. Für die Firewalls gibt es ein Update. --------------------------------------------- https://heise.de/-5002067 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox, openjpeg2, openssl, qemu, tensorflow, and thunderbird) and Debian (highlight.js). --------------------------------------------- https://lwn.net/Articles/841498/ ∗∗∗ Security updates for the start of 2021 ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libxstream-java and p11-kit), Mageia (curl and minidlna), and openSUSE (groovy). --------------------------------------------- https://lwn.net/Articles/841544/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, dovecot, flac, influxdb, libhibernate3-java, and p11-kit), Fedora (ceph and guacamole-server), Mageia (audacity, gdm, libxml2, rawtherapee, and vlc), openSUSE (jetty-minimal and privoxy), Red Hat (kernel and kernel-rt), SUSE (gimp), and Ubuntu (libproxy). --------------------------------------------- https://lwn.net/Articles/841653/ ∗∗∗ Security Advisory - Out-of-Bounds Read Vulnerability in Huawei CloudEngine Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201230-… ∗∗∗ Apache Tomcat vulnerability CVE-2020-17527 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K44415301 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.12.2020
by Daily end-of-shift report 30 Dec '20

30 Dec '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 29-12-2020 18:00 − Mittwoch 30-12-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Gesundheits-IT: Tut mal kurz weh ∗∗∗ --------------------------------------------- Röntgenbilder auf ungeschützten Servern und aus dem Internet erreichbare Praxen: Die Gesundheits-IT hat viele Sicherheitsprobleme. Ein Bericht von Moritz Tremmel --------------------------------------------- https://www.golem.de/news/gesundheits-it-tut-mal-kurz-weh-2012-153097-rss.h… ∗∗∗ Facebook-Freundschaftsanfrage von „Kurz“ führt in Abo-Falle ∗∗∗ --------------------------------------------- Sie haben eine Freundschaftsanfragen von „Kurz (Sebastian Kurz – team)“ erhalten? Wenn ja, sollten Sie diese ignorieren. Die BetrügerInnen, die hinter diesem gefälschten Profil stecken, schicken Ihnen eine Nachricht, nachdem Sie die Freundschaftsanfrage akzeptiert haben. Dort heißt es, Sie hätten 5.000 Euro gewonnen und Sie werden auf eine Webseite weitergeleitet, auf der sich Werbung für betrügerische Dienste und Trading-Plattformen versteckt! --------------------------------------------- https://www.watchlist-internet.at/news/facebook-freundschaftsanfrage-von-ku… ∗∗∗ New worm turns Windows, Linux servers into Monero miners ∗∗∗ --------------------------------------------- A newly discovered and self-spreading Golang-based malware has been actively dropping XMRig cryptocurrency miners on Windows and Linux servers since early December. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-worm-turns-windows-linux… ∗∗∗ A Year After Microsoft Ended All Support for Windows 7, Millions of Users Are Still Not Upgrading ∗∗∗ --------------------------------------------- Ed Bott, writing at ZDNet: With a heartfelt nod to Monty Python, Windows 7 would like you all to know that its not dead yet. A year after Microsoft officially ended support for its long-running OS, a small but determined population of PC users would rather fight than switch. How many? No one knows for sure, but that number has shrunk substantially in the past year. On the eve of Microsofts Windows 7 end-of-support milestone, I consulted some analytics experts and calculated that the owners of [...] --------------------------------------------- https://tech.slashdot.org/story/20/12/30/1635257/a-year-after-microsoft-end… ∗∗∗ SEO Spam Links in Nulled Plugins ∗∗∗ --------------------------------------------- It’s not unusual to see website owners running things on a budget. Choosing a safe and reliable hosting company, buying a nice domain name, boosting posts on social media, and ranking on search engines - all this costs a lot of money. At the end of the day, some site owners may even choose to cut expenses by installing pirated (or nulled) software on their websites. Unfortunately, as discussed in some of our earlier posts about free software and fake verification, these [...] --------------------------------------------- https://blog.sucuri.net/2020/12/seo-spam-links-in-nulled-plugins.html ∗∗∗ Shields Up: How to Tackle Supply Chain Risk Hazards ∗∗∗ --------------------------------------------- Organizations Need to Monitor and Manage IT Security Risks Downstream in the Supply Chain read more --------------------------------------------- https://www.securityweek.com/shields-how-tackle-supply-chain-risk-hazards ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libdatetime-timezone-perl and tzdata), openSUSE (kdeconnect-kde and opera), and SUSE (gimp, squid3, and xen). --------------------------------------------- https://lwn.net/Articles/841471/ ∗∗∗ Security Advisory - Resource Management Errors Vulnerability in Huawei Smartphone Product ∗∗∗ --------------------------------------------- https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201230… ∗∗∗ Security Advisory - Privilege Escalation Vulnerability in Huawei Product ∗∗∗ --------------------------------------------- https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201230… ∗∗∗ Security Bulletin: Multiple security vulnerabilities with IBM Content Navigator component in IBM Business Automation Workflow – CVE-2020-4687, CVE-2020-4760, CVE-2020-4704 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Bind affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ QNAP NAS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1273 ∗∗∗ OpenJPEG: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1272 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.12.2020
by Daily end-of-shift report 29 Dec '20

29 Dec '20

===================== = End-of-Day report = ===================== Timeframe: Montag 28-12-2020 18:00 − Dienstag 29-12-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Video: Betrugsmaschen auf Facebook, WhatsApp, Instagram und Co. ∗∗∗ --------------------------------------------- Abo-Fallen, Phishing-Nachrichten oder unseriöse Werbungen. Auf Facebook, WhatsApp, Instagram & Co. stößt man auf verschiedene Betrugsmaschen. Im Video zeigen wir Ihnen, auf was Sie achten müssen, um sicher in den sozialen Medien surfen zu können! --------------------------------------------- https://www.watchlist-internet.at/news/video-betrugsmaschen-auf-facebook-wh… ∗∗∗ Useful Sources of Domain and DNS Logging ∗∗∗ --------------------------------------------- The final part of this blog series on log collection covers Managed DNS Providers, Packet Capture, IDS/IPS Tools, Mail Exchange, IIS Servers, and more. Learn about these log sources and explore the next steps for ideas beyond logging. --------------------------------------------- https://www.domaintools.com/resources/blog/useful-sources-of-domain-and-dns… ∗∗∗ Using Microsoft 365 Defender to protect against Solorigate ∗∗∗ --------------------------------------------- This blog is a comprehensive guide for security operations and incident response teams using Microsoft 365 Defender to identify, investigate, and respond to the Solorigate attack if it’s found in your environment. --------------------------------------------- https://www.microsoft.com/security/blog/2020/12/28/using-microsoft-365-defe… ∗∗∗ Want to know whats in a folder you dont have a permission to access? Try asking your AV solution..., (Tue, Dec 29th) ∗∗∗ --------------------------------------------- Back in February, I wrote a diary about a small vulnerability in Windows, which allows users to brute-force names of files in folders, which they dont have permission to open/list[1]. While thinking on the topic, it occurred to me that a somewhat-complete list of files placed in a folder one cant access due to lack of permissions might potentially be obtained by scanning the folder with an anti-malware solution, which displays files which are currently being scanned. --------------------------------------------- https://isc.sans.edu/diary/rss/26932 ∗∗∗ A Google Docs Bug Could Have Allowed Hackers See Your Private Documents ∗∗∗ --------------------------------------------- Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 as part of Googles Vulnerability Reward Program. --------------------------------------------- https://thehackernews.com/2020/12/a-google-docs-bug-could-have-allowed.html ∗∗∗ SearchDimension search hijackers: An overview of developments ∗∗∗ --------------------------------------------- The SearchDimension family of search hijackers has made some headway over the past year. Heres an overview of their latest tricks. --------------------------------------------- https://blog.malwarebytes.com/adware/2020/12/searchdimension-search-hijacke… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-20-1453: Qognify Ocularis EventCoordinator ConnectedChannel_GotMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1453/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Mageia (flac, graphicsmagick, jackit, kdeconnect-kde, libmaxminddb, libvirt, openjpeg2, pngcheck, python3, roundcubemail, and spice-vdagent), openSUSE (gimp), and SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, cyrus-sasl, and gimp). --------------------------------------------- https://lwn.net/Articles/841436/ ∗∗∗ Synology-SA-20:29 SRM ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to obtain sensitive information via a susceptible version of Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_29 ∗∗∗ procps-ng vulnerability CVE-2018-1126 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K83271321 ∗∗∗ procps-ng vulnerability CVE-2018-1124 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K16124204 ∗∗∗ procps-ng vulnerability CVE-2018-1122 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00409335 ∗∗∗ Webmin: Schwachstelle ermöglicht nicht spezifizierten Angriff ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1269 ∗∗∗ HCL Domino: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1271 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.12.2020
by Daily end-of-shift report 28 Dec '20

28 Dec '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 23-12-2020 18:00 − Montag 28-12-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Jahresrückblick 2020: Diese Themen beschäftigten uns heuer! ∗∗∗ --------------------------------------------- Die Corona-Krise hat 2020 die ganze Welt in Atem gehalten. Auch bei der Watchlist Internet blieb die Corona-Krise nicht unbemerkt. Kriminelle nutzten die globale Gesundheitskrise für verschiedene Betrugsmaschen – von Fake-Shops, die Atemschutzmasken in ihr Angebot aufnahmen, über betrügerische Jobangebote bis hin zu Phishing-Nachrichten. Ebenfalls mit verschiedenen Betrugsmaschen in Verbindung steht der wachsende Trend von unseriöser Werbung. Fake-Shops werden dabei [...] --------------------------------------------- https://www.watchlist-internet.at/news/jahresrueckblick-2020-diese-themen-b… ∗∗∗ Amazon-Geschenkkarte mit Banking-Trojaner Dridex ∗∗∗ --------------------------------------------- Ein unwillkommenes Mitbringsel präsentiert eine angebliche Amazon-Geschenkkarte. Unaufmerksame Verbraucher werden mit dem Banking-Trojaner Dridex bestohlen. --------------------------------------------- https://www.zdnet.de/88391026/amazon-geschenkkarte-mit-banking-trojaner-dri… ∗∗∗ Hacker missbrauchen Citrix-Geräte für DDoS-Attacken ∗∗∗ --------------------------------------------- Bedrohungsakteure haben eine Möglichkeit entdeckt, Junk-Web-Traffic gegen Citrix ADC-Netzwerkgeräte zu verstärken, um Distributed Denial of Service (DDoS)-Angriffe zu starten. --------------------------------------------- https://www.zdnet.de/88391041/hacker-missbrauchen-citrix-geraete-fuer-ddos-… ∗∗∗ DevOps und Security im Einklang ∗∗∗ --------------------------------------------- DevOps-Teams sehen Sicherheit oft als Innovationsbremse. Wir geben einige Tipps, wie Sie effektive Entwicklerarbeit und Security unter einen Hut bringen. --------------------------------------------- https://www.zdnet.de/88391052/devops-und-security-im-einklang/ ∗∗∗ CrowdStrike releases free Azure security tool after failed hack ∗∗∗ --------------------------------------------- Leading cybersecurity firm CrowdStrike was notified by Microsoft that threat actors had attempted to read the companys emails through compromised by Microsoft Azure credentials. --------------------------------------------- https://www.bleepingcomputer.com/news/security/crowdstrike-releases-free-az… ∗∗∗ GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic ∗∗∗ --------------------------------------------- A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script. --------------------------------------------- https://www.bleepingcomputer.com/news/security/github-hosted-malware-calcul… ∗∗∗ Multi-platform card skimmer found on Shopify, BigCommerce stores ∗∗∗ --------------------------------------------- A recently discovered multi-platform credit card skimmer can harvest payment info on compromised stores powered by Shopify, BigCommerce, Zencart, and Woocommerce. --------------------------------------------- https://www.bleepingcomputer.com/news/security/multi-platform-card-skimmer-… ∗∗∗ Third-Party APIs: How to Prevent Enumeration Attacks ∗∗∗ --------------------------------------------- Jason Kent, hacker-in-residence at Cequence, walks through online-retail card fraud and what to do about it. --------------------------------------------- https://threatpost.com/third-party-apis-enumeration-attacks/162589/ ∗∗∗ Analysis Dridex Dropper, IoC extraction (guest diary), (Wed, Dec 23rd) ∗∗∗ --------------------------------------------- A couple of weeks ago, I assisted Xavier when he taught FOR610 in (virtual) Frankfurt. Last week, one of our students (Nicklas Keijser) sent us this analysis that we decided to share as a guest diary. --------------------------------------------- https://isc.sans.edu/diary/rss/26920 ∗∗∗ CISA Releases Free Detection Tool for Azure/M365 Environment ∗∗∗ --------------------------------------------- CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and authentication-based attacks seen in multiple sectors. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2020/12/24/cisa-releases-fre… ∗∗∗ The History of DNS Vulnerabilities and the Cloud ∗∗∗ --------------------------------------------- We review the history of DNS vulnerabilities, particularly DNS cache poisoning, examining both past vulnerabilities and more advanced attacks. --------------------------------------------- https://unit42.paloaltonetworks.com/dns-vulnerabilities/ ===================== = Vulnerabilities = ===================== ∗∗∗ Project Zero: Schlecht gepatchte Windows-Lücke weiter ausnutzbar ∗∗∗ --------------------------------------------- Eine aktiv ausgenutzte Sicherheitslücke in Windows ist trotz Hinweisen von Google und einem unzureichenden Patch immer noch nicht behoben. --------------------------------------------- https://www.golem.de/news/project-zero-schlecht-gepatchte-windows-luecke-we… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (spip and sympa), Gentoo (c-ares, cherokee, curl, dbus, firefox, gdk-pixbuf, haproxy, libass, nss, openssl, pdns, pdns-recursor, php, samba, tomcat, and webkit-gtk), and SUSE (java-1_8_0-ibm, openexr, and python3). --------------------------------------------- https://lwn.net/Articles/841225/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (xen) and SUSE (flac and openexr). --------------------------------------------- https://lwn.net/Articles/841243/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (horizon, kitty, python-apt, and roundcube), Fedora (libmaxminddb, mediawiki, mingw-binutils, and thunderbird), Mageia (erlang-rebar3), openSUSE (blosc, ceph, firefox, flac, kdeconnect-kde, openexr, ovmf, PackageKit, python3, thunderbird, and xen), and SUSE (thunderbird). --------------------------------------------- https://lwn.net/Articles/841378/ ∗∗∗ VU#429301: Veritas Backup Exec is vulnerable to privilege escalation due to OPENSSLDIR location ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/429301 ∗∗∗ VU#843464: SolarWinds Orion API authentication bypass allows remote command execution ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/843464 ∗∗∗ Security Bulletin: IBM MQ is affected by a vulnerability in Eclipse Jetty (CVE-2019-17638) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-v… ∗∗∗ Security Bulletin: tzdata has been updated to tzdata-2020d to address Fiji and Palestine time zone changes ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-tzdata-has-been-updated-t… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Samba affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Linux kernel and TMM vulnerability CVE-2020-25705 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K09604370 ∗∗∗ Linux kernel vulnerability CVE-2018-10675 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K40540405 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.12.2020
by Daily end-of-shift report 23 Dec '20

23 Dec '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 22-12-2020 18:00 − Mittwoch 23-12-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Emotet Returns to Hit 100K Mailboxes Per Day ∗∗∗ --------------------------------------------- Just in time for the Christmas holiday, Emotet is sending the gift of Trickbot. --------------------------------------------- https://threatpost.com/emotet-returns-100k-mailboxes/162584/ ∗∗∗ Sicherheitsalbtraum: Viele vernetzte Türklingeln lassen Hacker ins Haus ∗∗∗ --------------------------------------------- Günstige digitale Videoklingeln weisen schwere Sicherheitslücken wie Authentifizierungsprobleme auf und werden teils schon mit Softwarefehlern geliefert. --------------------------------------------- https://heise.de/-4998372 ∗∗∗ Millions of Devices Affected by Vulnerabilities Used in Stolen FireEye Tools ∗∗∗ --------------------------------------------- Millions of devices are exposed to potential attacks exploiting the vulnerabilities used in the tools that threat actors recently stole from FireEye, security and compliance solutions provider Qualys reported on Tuesday. --------------------------------------------- https://www.securityweek.com/millions-devices-affected-vulnerabilities-used… ∗∗∗ Video: So erkennen Sie betrügerische Notdienste! ∗∗∗ --------------------------------------------- Bei einem Wasserrohrbruch, einem Gasgebrechen oder bei einem Stromausfall, muss es meist schnell gehen. Für die Überprüfung eines Installations- oder Elektrik-Notdienstes bleibt da oft keine Zeit mehr. Das nützen BetrügerInnen aus: Sie bieten online einen Notdienst an, kommen auch tatsächlich, aber stellen viel zu überhöhte Kosten in Rechnung und der Schaden wird oftmals nur oberflächlich behoben. --------------------------------------------- https://www.watchlist-internet.at/news/video-so-erkennen-sie-betruegerische… ∗∗∗ Trendthema BEC-Attacken und COVID-19-Scamming ∗∗∗ --------------------------------------------- Spear-Phishing, Business Email Compromise (BEC) oder Cyberbetrug im Zusammenhang mit COVID-19 sind Beispiele, wie sich Angreifer schnell an aktuelle Ereignisse anpassen und neue Tricks anwenden, um Angriffe erfolgreich auszuführen, wie der Spear-Phishing-Report 2020 von Barracuda zeigt. --------------------------------------------- https://www.zdnet.de/88391006/trendthema-bec-attacken-und-covid-19-scamming/ ∗∗∗ Hentai Oniichan Ransomware ∗∗∗ --------------------------------------------- VMRay has published a blog detailing a ransomware package called Hentai Oniichan. Two variants of this family, King Engine and Beserker, were observed in the wild during their investigation. --------------------------------------------- https://exchange.xforce.ibmcloud.com/collection/1b1c396cce25259b8bc5e806b35… ===================== = Vulnerabilities = ===================== ∗∗∗ QNAP fixes high severity QTS, QES, and QuTS hero vulnerabilities ∗∗∗ --------------------------------------------- QNAP has released security updates to fix multiple high severity security vulnerabilities impacting network-attached storage (NAS) devices running the QES, QTS, and QuTS hero operating systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/qnap-fixes-high-severity-qts… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (awstats and mediawiki), Fedora (mbedtls and pngcheck), openSUSE (firefox and thunderbird), Oracle (gnutls, go-toolset:ol8, pacemaker, postgresql:10, postgresql:12, and postgresql:9.6), and SUSE (clamav, groovy, jetty-minimal, and xen). --------------------------------------------- https://lwn.net/Articles/841163/ ∗∗∗ Security Advisory - Memory Leak Vulnerability in Huawei CloudEngine Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201223-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in Websphere Liberty server (WLP) affects IBM Cloud Application Business Insights ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to a Denial of Service on Windows (CVE-2020-4642) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM SDK, Java affects IBM Cloud Application Business Insights ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ cURL vulnerability CVE-2019-5482 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41523201 ∗∗∗ Asterisk: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1259 ∗∗∗ QNAP NAS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1261 ∗∗∗ Grafana: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1260 ∗∗∗ Joomla: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1256 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.12.2020
by Daily end-of-shift report 22 Dec '20

22 Dec '20

===================== = End-of-Day report = ===================== Timeframe: Montag 21-12-2020 18:00 − Dienstag 22-12-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Ransomware Task Force gegründet ∗∗∗ --------------------------------------------- Verschiedene Sicherheitsspezialisten haben die Ransomware Taks Force aus der Taufe gehoben. Zu den Gründungsmitgliedern gehören bekannte Namen wie Microsoft, McAfee und Citrix, aber auch kleinere Hersteller und gemeinnützige Organisationen. --------------------------------------------- https://www.zdnet.de/88390942/ransomware-task-force-gegruendet/ ∗∗∗ Least Privilege Application Management - A Lesson Learned from SolarWinds Orion ∗∗∗ --------------------------------------------- The sophisticated, nation-state assault used to infiltrate SolarWinds Orion and then leveraged to compromise potentially thousands of its customers is astonishing in scope and potential fallout. --------------------------------------------- https://www.beyondtrust.com/blog/entry/least-privilege-application-manageme… ∗∗∗ Smart Doorbell Disaster: Many Brands Vulnerable to Attack ∗∗∗ --------------------------------------------- Investigation reveals device sector is problem plagued when it comes to security bugs. --------------------------------------------- https://threatpost.com/smart-doorbell-vulnerable-to-attack/162527/ ∗∗∗ Patrick Wardle on Hackers Leveraging 'Powerful' iOS Bugs in High-Level Attacks ∗∗∗ --------------------------------------------- Noted Apple security expert Patrick Wardle discusses how cybercriminals are stepping up their game in targeting Apple users with new techniques and cyberattacks. --------------------------------------------- https://threatpost.com/patrick-wardle-on-hackers-leveraging-powerful-ios-bu… ∗∗∗ Threat Actors Increasingly Using VBA Purging in Attacks ∗∗∗ --------------------------------------------- Cyberattacks relying on malicious Office documents have increasingly leveraged a relatively new technique called VBA Purging, FireEye said over the weekend, when it also announced the availability of a related open source tool. --------------------------------------------- https://www.securityweek.com/threat-actors-increasingly-using-vba-purging-a… ∗∗∗ Increase in Drive-by Attacks Using SocGholish ∗∗∗ --------------------------------------------- The SocGholish framework is commonly used to distribute fake updates for applications such as Chrome, Firefox, Flash Player, and Microsoft Teams through drive-by downloads. Menlo Labs has reported an uptick in attacks using SocGholish. --------------------------------------------- https://exchange.xforce.ibmcloud.com/collection/ef2a09a8bb57d90f200a51af745… ∗∗∗ Meyhod - Yet Another Magecart Skimmer ∗∗∗ --------------------------------------------- Discovered by RiskIQ in October, Meyhod is a Magecart skimmer that researchers observed on several sites, in some cases it has been present on a site for months. The IP address that is hosting the malicious JavaScript code has several other domains associated with it that are suspected to be malicious. --------------------------------------------- https://exchange.xforce.ibmcloud.com/collection/5a493a06b3a2fa9585d3f239007… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke mit maximaler Gefahreneinstufung in Wyse-Thin-Clients von Dell ∗∗∗ --------------------------------------------- Zwei kritische Sicherheitslücken gefährden Dell-PCs der Wyse-Thin-Serie. Updates sind verfügbar. --------------------------------------------- https://heise.de/-4997456 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel and thunderbird), Debian (openjdk-8 and webkit2gtk), Fedora (gdm, mingw-openjpeg2, and openjpeg2), Mageia (compat-openssl10, golang-googlecode-net, mbedtls, openssl, and virtualbox), openSUSE (ovmf and xen), Red Hat (kernel, mariadb-connector-c, mariadb:10.3, postgresql:10, and postgresql:9.6), and SUSE (ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, [...] --------------------------------------------- https://lwn.net/Articles/841099/ ∗∗∗ Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554) ∗∗∗ --------------------------------------------- A currently unpatched, medium-severity issue affecting all Kubernetes versions, CVE-2020-8554 can be mitigated in several ways. --------------------------------------------- https://unit42.paloaltonetworks.com/cve-2020-8554/ ∗∗∗ BlackBerry Powered by Android Security Bulletin - December 2020 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect IBM Spectrum Conductor and IBM Spectrum Conductor with Spark ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Bind affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Apache Poi as used by IBMQRadar SIEM is vulnerable to information disclosure (CVE-2019-12415, CVE-2017-12626) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-poi-as-used-by-ibm… ∗∗∗ Apache Struts vulnerability CVE-2020-17530 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K24608264 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.12.2020
by Daily end-of-shift report 21 Dec '20

21 Dec '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 18-12-2020 18:00 − Montag 21-12-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Aktuelle Welle mit Ping-Anrufen ∗∗∗ --------------------------------------------- Die Rundfunk und Telekom Regulierungs-GmbH (RTR) erhält derzeit vermehrt Meldungen zu Ping-Anrufen aus dem Ausland. Die Anrufe kommen insbesondere aus Tunesien (+216), Abchasien (+79407), der Schweiz (+41748) und Uganda (+256). Hier darf nicht zurückgerufen oder abgehoben werden, denn dies kann hohe Kosten verursachen. --------------------------------------------- https://www.watchlist-internet.at/news/aktuelle-welle-mit-ping-anrufen/ ∗∗∗ Gitpaste-12 worm botnet returns with 30+ vulnerability exploits ∗∗∗ --------------------------------------------- Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with over 30 vulnerability exploits, according to researchers at Juniper Labs. --------------------------------------------- https://www.bleepingcomputer.com/news/security/gitpaste-12-worm-botnet-retu… ∗∗∗ Hacker Dumps Crypto Wallet Customer Data; Active Attacks Follow ∗∗∗ --------------------------------------------- Customer data from a June attack against cryptocurrency wallet firm Ledger is now public and actively being used in attacks. --------------------------------------------- https://threatpost.com/ledger-dump-active-attacks-follow/162477/ ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-20-1452: (0Day) Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1452/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, influxdb, lxml, node-ini, php-pear, and postsrsd), Fedora (chromium, curl, firefox, matrix-synapse, mingw-jasper, phpldapadmin, and thunderbird), Mageia (openjpeg2), openSUSE (gcc7, openssh, PackageKit, python-urllib3, slurm_18_08, and webkit2gtk3), Oracle (fapolicydbug, firefox, nginx:1.16, nodejs:12, and thunderbird), Red Hat (libpq, openssl, and thunderbird), and SUSE (curl, firefox, openssh, ovmf, slurm_17_11, slurm_18_08, slurm_20_02, and [...] --------------------------------------------- https://lwn.net/Articles/840972/ ∗∗∗ Authentication Bypass Vulnerability Patched in Bouncy Castle Library ∗∗∗ --------------------------------------------- A high-severity authentication bypass vulnerability was recently addressed in the Bouncy Castle cryptography library. Founded in 2000, the project represents a collection of APIs used in cryptography for both Java and C#, with a strong emphasis on standards compliance and adaptability. --------------------------------------------- https://www.securityweek.com/authentication-bypass-vulnerability-patched-bo… ∗∗∗ Treck TCP/IP Stack ∗∗∗ --------------------------------------------- This advisory contains mitigations for Heap-based Buffer Overflow, Out-of-bounds Read, and Out-of-bounds Write vulnerabilities in Trecks TCP/IP stack, which may also be known as Kasago TCP/IP, ELMIC, Net+ OS, Quadnet, GHNET v2, Kwiknet, or AMX. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-20-353-01 ∗∗∗ December 21, 2020 TNS-2020-11 [R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2020-11 ∗∗∗ HCL Domino und Notes: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1254 ∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Denial of Service und Codeausführung ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1252 ∗∗∗ Security Bulletin: Information disclosure and Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4794 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-an… ∗∗∗ Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential logout session timeout (CVE-2020-4555) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-man… ∗∗∗ Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential logout session timeout (CVE-2020-4555) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-man… ∗∗∗ Security Bulletin: IBM MQ could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. (CVE-2020-4592) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-an-aut… ∗∗∗ Security Bulletin: Vulnerability in BIND affects AIX (CVE-2020-8622) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-aff… ∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by denial of service vulnerabilities (CVE-2020-5481, CVE-2020-4580, CVE-2020-4579) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential logout session timeout (CVE-2020-4555) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-man… ∗∗∗ Security Bulletin: Financial Transaction Manager for Corporate Payment Services v2.1.1 is affected by a potential logout session timeout (CVE-2020-4555) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-man… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.12.2020
by Daily end-of-shift report 18 Dec '20

18 Dec '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 17-12-2020 18:00 − Freitag 18-12-2020 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Security baseline (FINAL) for Windows 10 and Windows Server, version 20H2 ∗∗∗ --------------------------------------------- We are pleased to announce the final release of the for Windows 10 and Windows Server, version 20H2 (a.k.a. October 2020 Update) security baseline package! --------------------------------------------- https://techcommunity.microsoft.com/t5/microsoft-security-baselines/securit… ∗∗∗ A slightly optimistic tale of how patching went for CVE-2019-19781, (Fri, Dec 18th) ∗∗∗ --------------------------------------------- Since we could all probably use a little distraction from the current Solarigate/SUNBURST news, I thought it might be good to look at something a little bit more positive today. Specifically, at how patching of CVE-2019-19781 AKA "Shitrix" AKA "one of the more famous named vulnerabilities from the end of 2019" went. --------------------------------------------- https://isc.sans.edu/diary/rss/26900 ∗∗∗ E-Mails mit gefälschten Domain-Rechnungen im Umlauf ∗∗∗ --------------------------------------------- Derzeit erhalten Unternehmen E-Mails, in denen vorgegeben wird, dass sie für eine Domainregistrierung die Rechnung bezahlen müssten. Tatsächlich haben die EmpfängerInnen jedoch keinen derartigen Auftrag erteilt. Daher sollten Sie nichts bezahlten und die E-Mail ignorieren. --------------------------------------------- https://www.watchlist-internet.at/news/e-mails-mit-gefaelschten-domain-rech… ∗∗∗ SUPERNOVA: SolarStorm’s Novel .NET Webshell ∗∗∗ --------------------------------------------- The SolarStorm actors behind the supply chain attack on SolarWinds' Orion software have demonstrated a high degree of technical sophistication and attention to operational security, as well as a novel combination of techniques in the potential compromise of approximately 18,000 SolarWinds customers. As published in the original disclosure, the attackers were observed removing their initial backdoor once a more legitimate method of persistence was obtained. --------------------------------------------- https://unit42.paloaltonetworks.com/solarstorm-supernova/ ∗∗∗ Operation SignSight: Supply‑chain attack against a certification authority in Southeast Asia ∗∗∗ --------------------------------------------- ESET researchers uncovered this new supply-chain attack in early December 2020 and notified the compromised organization and the VNCERT. We believe that the website has not been delivering compromised software installers as of the end of August 2020 and ESET telemetry data does not indicate the compromised installers being distributed anywhere else. The Vietnam Government Certification Authority confirmed that they were aware of the attack before our notification and that they notified the users who downloaded the trojanized software. --------------------------------------------- https://www.welivesecurity.com/2020/12/17/operation-signsight-supply-chain-… ∗∗∗ Updates zu SolarWinds Orion ∗∗∗ --------------------------------------------- Die Situation um den Supply-Chain Angriff auf SolarWinds Orion Produkt ist um einige Facetten reichter geworden: --------------------------------------------- https://cert.at/de/aktuelles/2020/12/updates-zu-solarwinds-orion ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-20-1452: NETGEAR Multiple Routers mini_httpd Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1452/ ∗∗∗ ZDI-20-1451: NETGEAR Multiple Routers mini_httpd Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1451/ ∗∗∗ VMSA-2020-0029 VMware ESXi, Workstation, Fusion and Cloud Foundation updates address a denial of service vulnerability (CVE-2020-3999) ∗∗∗ --------------------------------------------- A denial of service vulnerability in VMware ESXi, Workstation and Fusion was privately reported to VMware. Updates are available to address this vulnerability in affected VMware products. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0029.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (blueman, chromium, gdk-pixbuf2, hostapd, lib32-gdk-pixbuf2, minidlna, nsd, pam, and unbound), CentOS (gd, openssl, pacemaker, python-rtslib, samba, and targetcli), Debian (kernel, lxml, and mediawiki), Fedora (mbedtls), openSUSE (clamav and openssl-1_0_0), Oracle (firefox and openssl), Red Hat (openssl, postgresql:12, postgresql:9.6, and thunderbird), Scientific Linux (openssl and thunderbird), and SUSE (cyrus-sasl, openssh, slurm_18_08, and webkit2gtk3). --------------------------------------------- https://lwn.net/Articles/840731/ ∗∗∗ D-LINK Router DSL-2888A: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in D-LINK Router ausnutzen, um die Authentisierung zu umgehen, seine Rechte zu erweitern, Code auszuführen oder Informationen offenzulegen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-1246 ∗∗∗ Security Bulletin: z/TPF is affected by an OpenSSL vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-z-tpf-is-affected-by-an-o… ∗∗∗ Security Bulletin: IBM Planning Analytics has addressed a security vulnerability (CVE-2020-4764) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-ha… ∗∗∗ Security Bulletin: Version 12.18.0 of Node.js included in IBM Netcool Operations Insight 1.6.2.x has several security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-version-12-18-0-of-node-j… ∗∗∗ Emerson Rosemount X-STREAM ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-20-352-01 ∗∗∗ PTC Kepware KEPServerEX ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 ∗∗∗ PTC Kepware LinkMaster ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-20-352-03 ∗∗∗ ctrlX Products affected by OpenSSL Vulnerability CVE-2020-1971 ∗∗∗ --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-274557.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.12.2020
by Daily end-of-shift report 17 Dec '20

17 Dec '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 16-12-2020 18:00 − Donnerstag 17-12-2020 18:00 Handler: Robert Waldner Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ Maximizing Your Defense with Windows DNS Logging ∗∗∗ --------------------------------------------- In part 3 of 5 of this blog series, learn how to improve your log collection deployment. Follow a sample Windows log scenario and receive a deployment checklist to help optimize your DNS logging. --------------------------------------------- https://www.domaintools.com/resources/blog/maximizing-your-defense-with-win… ∗∗∗ IoT: Wenn Sicherheitsrisiken unter dem Weihnachtsbaum landen ∗∗∗ --------------------------------------------- Experten haben beliebte, vernetzte Gadgets auf Sicherheitslücken und Datenhunger untersucht und Erschreckendes festgestellt. --------------------------------------------- https://futurezone.at/netzpolitik/iot-wenn-sicherheitsrisiken-unterm-weihna… ∗∗∗ DNS Logs in Public Clouds, (Wed, Dec 16th) ∗∗∗ --------------------------------------------- The current Solarwinds/Sunburst/Fireeye incident and its associated command&control (C2) traffic to avsvmcloud[.]com domains have spurred potentially affected Solarwinds customers to searching their logs and data for any presence of this C2 domain. --------------------------------------------- https://isc.sans.edu/diary/rss/26892 ∗∗∗ The NoneNone Brute Force Attacks: Even Hackers Need QA ∗∗∗ --------------------------------------------- For the last few weeks we’ve seen and blocked an increase in brute-force, credential stuffing, and dictionary attacks targeting the WordPress xmlrpc.php endpoint, on some days exceeding 150 million attacks against 1.9 million sites in a 24-hour period. --------------------------------------------- https://www.wordfence.com/blog/2020/12/the-nonenone-brute-force-attacks-eve… ===================== = Vulnerabilities = ===================== ∗∗∗ WordPress plugin with 5 million installs has a critical vulnerability ∗∗∗ --------------------------------------------- The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch. The vulnerable plugin, Contact Form 7, has over 5 million active installations making this upgrade a necessity for WordPress site owners out there. --------------------------------------------- https://www.bleepingcomputer.com/news/security/wordpress-plugin-with-5-mill… ∗∗∗ CVE-2020-25695 Privilege Escalation in Postgresql ∗∗∗ --------------------------------------------- This is my first and probably only post for the year, and covers a fun privilege escalation vulnerability I found in Postgresql. This affects all supported versions of Postgresql going back to 9.5, it is likely it affects most earlier versions as well. (Notiz: fehlerbereinigte Versionen wurden am 12. Nov. 2020 veröffentlicht.) --------------------------------------------- https://staaldraad.github.io/post/2020-12-15-cve-2020-25695-postgresql-priv… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, sympa, thunderbird, tomcat8, and xerces-c), Fedora (fprintd, kernel, libfprint, and synergy), Mageia (bitcoin, dpic, firefox, jasper, jupyter-notebook, sam2p, thunderbird, and x11-server), Oracle (firefox, gd, kernel, net-snmp, openssl, python-rtslib, samba, and targetcli), Red Hat (fapolicyd, openshift, Red Hat Virtualization, and web-admin-build), SUSE (xen), and Ubuntu (unzip). --------------------------------------------- https://lwn.net/Articles/840583/ ∗∗∗ Security Advisory - Out Of Bound Read Vulnerability in Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201216-… ∗∗∗ Security Advisory - Use after Free Vulnerability in Huawei Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201216-… ∗∗∗ Security Advisory - Information Leak Vulnerability in Huawei Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201216-… ∗∗∗ Security Advisory - Resource Management Errors Vulnerability in Huawei Smartphone Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201216-… ∗∗∗ Security Bulletin: A GNU glibc vulnerability affects IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-gnu-glibc-vulnerability… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: Spring Framework vulnerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-spring-framework-vulnerab… ∗∗∗ Security Bulletin: Apache Tomcat vulnerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-tomcat-vulnerabili… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Java Vulnerablity affects IBM Watson Speech Services for Cloud Pak for Data 1.2 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerablity-affects… ∗∗∗ Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Manager previously known as IBM Security Privilege Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Performance Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ F5 BIG-IP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-1245 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.12.2020
by Daily end-of-shift report 16 Dec '20

16 Dec '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 15-12-2020 18:00 − Mittwoch 16-12-2020 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Video: Sicher einkaufen im Amazon Marketplace ∗∗∗ --------------------------------------------- Auf Amazon können Sie direkt von Amazon, aber auch von unabhängigen Marketplace-Händlerinnen und Händlern bestellen. Vor allem im Marketplace treiben aber auch Kriminelle ihr Unwesen! In diesem Video erfahren Sie, was der Marketplace ist und vor allem wie Sie auch im Marketplace sicher bestellen. --------------------------------------------- https://www.watchlist-internet.at/news/video-sicher-einkaufen-im-amazon-mar… ===================== = Vulnerabilities = ===================== ∗∗∗ HPE discloses critical zero-day in server management software ∗∗∗ --------------------------------------------- Hewlett Packard Enterprise (HPE) has disclosed a zero-day bug in the latest versions of its proprietary HPE Systems Insight Manager (SIM) software for Windows and Linux. While security updates are not yet available for this remote code execution (RCE) vulnerability, HPE has provided Windows mitigation info and is working on addressing the zero-day. ... The vulnerability ... is tracked as CVE-2020-7200 and it affects HPE Systems Insight Manager (SIM) 7.6.x. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hpe-discloses-critical-zero-… ∗∗∗ VMSA-2020-0028 VMware Carbon Black Cloud macOS Sensor installer file overwrite issue (CVE-2020-4008) ∗∗∗ --------------------------------------------- The installer of the macOS Sensor for VMware Carbon Black Cloud handles certain files in an insecure way. VMware has evaluated the severity of this issue to be in the Low severity range with a CVSSv3 base score of 3.6. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0028.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr), Fedora (mingw-openjpeg2, openjpeg2, and synergy), openSUSE (audacity and gdm), Oracle (libexif, libpq, and thunderbird), Red Hat (firefox, gnutls, go-toolset:rhel8, java-1.7.1-ibm, java-1.8.0-ibm, kernel, kernel-rt, linux-firmware, mariadb-connector-c, mariadb:10.3, memcached, net-snmp, nginx:1.16, nodejs:12, openssl, pacemaker, postgresql:10, python-django-horizon, python-XStatic-Bootstrap-SCSS, python-XStatic-jQuery, python-XStatic-jQuery224 and python-django-horizon), Scientific Linux (gd, kernel, pacemaker, python-rtslib, samba and targetcli), SUSE (PackageKit, openssh, spice and spice-gtk), Ubuntu (firefox and imagemagick). --------------------------------------------- https://lwn.net/Articles/840398/ ∗∗∗ ABB Central Licensing System Vulnerabilities, impact on Symphony Plus, Composer Harmony, Composer Melody, Harmony OPC Server ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2PAA123981&Language… ∗∗∗ ABB Multiple Vulnerabilities in Symphony PlusHistorian ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&Language… ∗∗∗ ABB Multiple Vulnerabilities in Symphony Plus Operations ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&Language… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200318-… ∗∗∗ Security Advisory - Out of Bound Read Vulnerability in Huawei Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201216-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Huawei Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201216-… ∗∗∗ Security Advisory - Out Of Bound Read Vulnerability in Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201216-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: PostgresSQL JDBC Driver as used in IBM QRadar SIEM is vulnerable to information disclosure (CVE-2020-13692) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-postgressql-jdbc-driver-a… ∗∗∗ Security Bulletin: Open Source Security issues for NPS console. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-open-source-security-issu… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Apache Santuario as used in IBM QRadar SIEM is vulnerable to improper input validation (CVE-2019-12400) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-santuario-as-used-… ∗∗∗ Security Bulletin: IBM RackSwitch firmware products are affected by a vulnerability in the Kernel (CVE-2020-12464) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-p… ∗∗∗ Security Bulletin: A security vulnerability in Node.js npm package affects IBM Cloud Pak for Multicloud Management Managed Service. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: App Connect Enterprise Certified Container may be vulnerable to buffer overflows, Denial of Service or HTTP request smuggling ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-ce… ∗∗∗ Security Bulletin: Netcool Operations Insight – Cloud Native Event Analytics is affected by an Apache Commons Codec vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insigh… ∗∗∗ Security Bulletin: A security vulnerability in Node.js node-forge module affects IBM Cloud Pak for Multicloud Management Managed Service. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ QEMU vulnerability CVE-2020-14364 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K09081535?utm_source=f5support&utm_mediu… ∗∗∗ QEMU vulnerability CVE-2020-25084 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41301038?utm_source=f5support&utm_mediu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily