Daily

daily@lists.cert.at

1 participants
3085 discussions

Tageszusammenfassung - 21.09.2020
by Daily end-of-shift report 21 Sep '20

21 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 18-09-2020 18:00 − Montag 21-09-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Google App Engine: Redirect-Feature begünstigt Phishing und Malware-Verbreitung ∗∗∗ --------------------------------------------- Googles Cloud-Anwendungsplattform App Engine bietet Kriminellen beim Generieren schädlicher Links viel Freiraum, den diese im Zuge aktiver Angriffe auskosten. --------------------------------------------- https://heise.de/-4906593 ∗∗∗ iOS 14: Private WLAN-Adressen können für Probleme sorgen ∗∗∗ --------------------------------------------- iOS 14 sattelt iPhones automatisch auf zufällige MAC-Adressen um. Das führt in Heim- und Firmennetzen unter Umständen zu Verbindungsstörungen. --------------------------------------------- https://heise.de/-4907542 ∗∗∗ uMatrix wird nicht weiterentwickelt: Repository steht auf "archived" ∗∗∗ --------------------------------------------- Die Browser-Erweiterung uMatrix ist auf GitHub als archiviert markiert worden. Damit endet die Weiterentwicklung der Firewall. --------------------------------------------- https://heise.de/-4906711 ∗∗∗ Windows 10 Health Report: September 2020 issues, Defender fiasco, & more ∗∗∗ --------------------------------------------- This Windows 10 Health Report provides an overview of the problems people are encountering in September 2020 due to new cumulative updates or changes made in the operating system. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/windows-10-health-report-se… ∗∗∗ Slightly broken overlay phishing, (Mon, Sep 21st) ∗∗∗ --------------------------------------------- At the Internet Storm Center, we often receive examples of interesting phishing e-mails from our readers. Of course, this is not the only source of interesting malicious messages in our inboxes - sometimes the phishing authors "cut out the middleman" and send their creations directly to us. Last week, this was the case with a slightly unusual (and slightly broken) phishing, which tries to use legitimate pages overlaid with a fake login prompt. --------------------------------------------- https://isc.sans.edu/diary/rss/26586 ∗∗∗ The Hidden PHP Malware that Reinfects Cleaned Files ∗∗∗ --------------------------------------------- Website reinfections are a serious problem for website owners, and it can often be difficult to determine the cause behind the reinfection — especially if you lack access to necessary logs, which is usually the case for shared hosting services. Some of the more common causes of reinfections are issues like cross- site contamination or unpatched website software security vulnerabilities that get re-exploited. --------------------------------------------- https://blog.sucuri.net/2020/09/the-hidden-php-malware-that-reinfects-clean… ∗∗∗ One Part Steganography, Four Redirectors, and a Splash of C2! ∗∗∗ --------------------------------------------- What do you get when you combine Google Images, QR Codes, and Remote Command Execution? This silly project of mine Id like to share with you all, of course! Building off of my security research from my last couple of blogs, I decided to use my research using dynamic web content to proxy traffic over third party image providers, and try to find a valid bi-directional method for sending data between a NATd client and a public server. --------------------------------------------- https://medium.com/@curtbraz/one-part-steganography-four-redirectors-and-a-… ∗∗∗ Is domain name abuse something companies should worry about? ∗∗∗ --------------------------------------------- Should you worry about domain name abuse? For the most part it depends on what kind of company you are and what you expect to encounter. --------------------------------------------- https://blog.malwarebytes.com/business-2/2020/09/is-domain-name-abuse-somet… ∗∗∗ The Return of Raining SYSTEM Shells with Citrix Workspace app ∗∗∗ --------------------------------------------- TL;DR Back in July I documented a new Citrix Workspace vulnerability that allowed attackers to remotely execute arbitrary commands under the SYSTEM account. Well after some further investigation on the [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/the-return-of-raining-system-… ∗∗∗ Code execution, defense evasion are top tactics used in critical attacks against corporate endpoints ∗∗∗ --------------------------------------------- Cisco examines MITRE ATT&CK data to suggest the threat vectors enterprise security staff should focus their efforts on. --------------------------------------------- https://www.zdnet.com/article/defense-evasion-code-execution-are-the-top-at… ∗∗∗ Rückblick auf das zweite Drittel 2020 ∗∗∗ --------------------------------------------- Anders als das erste Jahresdrittel, begann das zweite wesentlich weniger dramatisch, was IT-Sicherheit angeht. Neben Citrix, dem auch im 2. Jahresdrittel unsere erste anlassbezogene Aussendung zu verdanken war, kam auch eine andere alte Schwachstelle zu neuem "Ruhm". --------------------------------------------- https://cert.at/de/blog/2020/9/ruckblick-auf-das-zweite-drittel-2020 ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Mobiler Firefox-Browser führte Befehle aus dem WLAN aus ∗∗∗ --------------------------------------------- Im gleichen WLAN konnten Angreifer den mobilen Firefox-Browser unter Android beliebige Webseiten oder andere Apps öffnen lassen - ohne Nutzerinteraktion. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-mobiler-firefox-browser-fuehrte… ∗∗∗ Micropatch for Zerologon, the "perfect" Windows vulnerability (CVE-2020-1472) ∗∗∗ --------------------------------------------- The Zerologon vulnerability allows an attacker with network access to a Windows Domain Controller to quickly and reliably take complete control of the Windows domain. As such, it is a perfect vulnerability for any attacker and a nightmare for defenders. --------------------------------------------- https://blog.0patch.com/2020/09/micropatch-for-zerologon-perfect.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (inspircd and modsecurity), Fedora (chromium, cryptsetup, gnutls, mingw-libxml2, and seamonkey), openSUSE (ark, chromium, claws-mail, docker-distribution, fossil, hylafax+, inn, knot, libetpan, libjpeg-turbo, libqt4, librepo, libvirt, libxml2, lilypond, mumble, openldap2, otrs, pdns-recursor, perl-DBI, python-Flask-Cors, singularity, slurm_18_08, and virtualbox), SUSE (jasper, less, ovmf, and rubygem-actionview-4_2), and Ubuntu (sa-exim). --------------------------------------------- https://lwn.net/Articles/832080/ ∗∗∗ MISP 2.4.132 released (security fix CVE-2020-25766 and bugs fixed) ∗∗∗ --------------------------------------------- A new version of MISP (2.4.132) has been released with several bugs fixed including an important security fix CVE-2020-25766. --------------------------------------------- https://www.misp-project.org/2020/09/21/MISP.2.4.132.released.html ∗∗∗ B-swiss 3 Digital Signage System 3.6.5 Backdoor Remote Code Execution ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5590.php ∗∗∗ B-swiss 3 Digital Signage System 3.6.5 CSRF Add Maintenance Admin ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5589.php ∗∗∗ B-swiss 3 Digital Signage System 3.6.5 Database Disclosure ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5588.php ∗∗∗ Security Bulletin: Denial of Service with HTTP/2 in IBM DataPower Gateway (CVE-2020-4579) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-with-ht… ∗∗∗ Security Bulletin: IBM Business Automation Content Analyzer is affected by Insecure Cookie vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-business-automation-c… ∗∗∗ Security Bulletin: Denial of Service with HTTP/2 in IBM DataPower Gateway (CVE-2020-4581) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-with-ht… ∗∗∗ Security Bulletin: Denial of Service in IBM DataPower Gateway (CVE-2020-4580) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-in-ibm-… ∗∗∗ Security Bulletin: Vulnerability in bind (CVE-2020-8616 and CVE-2020-8617). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-cve… ∗∗∗ Security Bulletin: Vulnerability in ntp (CVE-2020-11868 and CVE-2020-13817). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ntp-cve-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.09.2020
by Daily end-of-shift report 18 Sep '20

18 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 17-09-2020 18:00 − Freitag 18-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Maze ransomware now encrypts via virtual machines to evade detection ∗∗∗ --------------------------------------------- The Maze ransomware operators have adopted a tactic previously used by the Ragnar Locker gang; to encrypt a computer from within a virtual machine. --------------------------------------------- https://www.bleepingcomputer.com/news/security/maze-ransomware-now-encrypts… ∗∗∗ Microsoft removes Windows Defender ability after security concerns ∗∗∗ --------------------------------------------- Microsoft has removed the ability to download files using Windows Defender after it was demonstrated how it could be used by attackers to download malware onto a computer. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-windows-d… ∗∗∗ Mozi Botnet Accounts for Majority of IoT Traffic ∗∗∗ --------------------------------------------- Mozi’s spike comes amid a huge increase in overall IoT botnet activity. --------------------------------------------- https://threatpost.com/mozi-botnet-majority-iot-traffic/159337/ ∗∗∗ Ransomware-Angriffe als Folge von Shitrix ∗∗∗ --------------------------------------------- Monate nach dem Auftauchen der kritischen Sicherheitslücke im Citrix Application Delivery Controller (ADC) und NetScaler Gateway (CVE-2019-19781, auch als “Shitrix“ bekannt) werden nun immer mehr Fälle bekannt, in denen die Lücke sehr früh ausgenutzt, jedoch erst sehr viel später lukrativ verwendet wurde bzw. aktuell wird. --------------------------------------------- https://www.hisolutions.com/detail/ransomware-angriffe-als-folge-von-shitrix ∗∗∗ Identitätsdiebstahl: Das sind die gängigsten Betrugsmaschen ∗∗∗ --------------------------------------------- Ausweiskopien und fremde Identitäten sind im Bereich der Internetkriminalität ein begehrtes Gut. Denn so können Kriminelle unter falschem Namen Straftaten begehen und bleiben selbst unentdeckt. --------------------------------------------- https://www.watchlist-internet.at/news/identitaetsdiebstahl-das-sind-die-ga… ===================== = Vulnerabilities = ===================== ∗∗∗ Backdoors in Video-Encodern auf Huawei-Chips entdeckt - Ursprung unbekannt ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher ist auf mehrere kritische Sicherheitslücken gestoßen, die Hardware-Video-Encoder angreifbar machen. --------------------------------------------- https://heise.de/-4905641 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium and netbeans), Oracle (mysql:8.0 and thunderbird), SUSE (rubygem-rack and samba), and Ubuntu (apng2gif, gnupg2, libemail-address-list-perl, libproxy, pulseaudio, pure-ftpd, samba, and xawtv). --------------------------------------------- https://lwn.net/Articles/831853/ ∗∗∗ Cisco Content Security Management Appliance and Cisco Email Security Appliance Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Bulletin: IBM OpenPages with Watson has addressed a Cross-Site Scripting (XSS) vulnerability (CVE-2020-4443) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-openpages-with-watson… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Digital Payments (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4643) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: IBM OpenPages with Watson has addressed a reverse tabnabbing vulnerability (CVE-2020-4440) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-openpages-with-watson… ∗∗∗ Pivotal spring-boot: Schwachstelle ermöglicht Umgehung von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0911 ∗∗∗ Atlassian Jira Software: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0910 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.09.2020
by Daily end-of-shift report 17 Sep '20

17 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 16-09-2020 18:00 − Donnerstag 17-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Cyber-Angriff auf Uniklinik Düsseldorf: BSI warnt vor akuter Ausnutzung bekannter Schwachstelle ∗∗∗ --------------------------------------------- Am 10. September 2020 kam es zu einem IT-Sicherheitsvorfall im Universitätsklinikum Düsseldorf (UKD). Gemäß BSI-Gesetz hat das UKD das Bundesamt für Sicherheit in der Informationstechnik (BSI) über diesen Vorfall informiert. [...] In diesem Zusammenhang weist das BSI mit Nachdruck darauf hin, dass derzeit eine seit Januar 2020 bekannte Schwachstelle (CVE-2019-19781) in VPN-Produkten der Firma Citrix für Cyber-Angriffe ausgenutzt wird. Dem BSI werden zunehmend Vorfälle bekannt, bei denen Citrix-Systeme bereits vor der Installation der im Januar 2020 bereitgestellten Sicherheitsupdates kompromittiert wurden. Dadurch haben Angreifer auch nach Schließung der Sicherheitslücke weiterhin Zugriff auf das System und dahinterliegende Netzwerke. Diese Möglichkeit wird aktuell vermehrt ausgenutzt, um Angriffe auf betroffene Organisationen durchzuführen. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2020/UKDuesseldo… ∗∗∗ Evasive URLs in Spam ∗∗∗ --------------------------------------------- Cybercriminals are continuously evolving their tools, tactics, and techniques to evade spam detection systems. We recently observed some spam campaigns that heavily relied on URL obfuscation in email messages. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/evasive-url… ∗∗∗ phpbash – A Terminal Emulator Web Shell ∗∗∗ --------------------------------------------- It’s common for hackers to utilize post-compromise tools that contain a graphical user interface (GUI) that can be loaded in the web browser. A GUI generally makes the tool easier to use — and certainly more visually appealing than just raw text. One example of web malware that uses GUIs are PHP webshells like r57. --------------------------------------------- https://blog.sucuri.net/2020/09/phpbash-terminal-editor-web-shell.html ∗∗∗ GuLoaders VM-Exit Instruction Hammering explained ∗∗∗ --------------------------------------------- In Joe Sandbox Cloud Basic, our community version of Joe Sandbox, we often get very interesting and recent malware samples. On the September 16th, 2020 we came across a new GuLoader variant (MD5: 01a54f73856cfb74a3bbba47bcec227b). GuLoader is a malware loader well known for its anti-evasion techniques. --------------------------------------------- http://blog.joesecurity.org/2020/09/guloaders-vm-exit-instruction-hammering… ===================== = Vulnerabilities = ===================== ∗∗∗ Schadcode per Word-Datei: Microsoft flickt Office für Mac ∗∗∗ --------------------------------------------- Microsoft hat die macOS-Version seiner Office-Suite aktualisiert. Die Updates schließen Schwachstellen, die das Ausführen von Schadcode ermöglichen. --------------------------------------------- https://heise.de/-4904475 ∗∗∗ Apple iOS & iPadOS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand herbeizuführen, Informationen offenzulegen, einen Cross-Site Scripting Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0907 ∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Drupal ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0906 ∗∗∗ Vulnerability Spotlight: Remote code execution vulnerability Apple Safari ∗∗∗ --------------------------------------------- The Apple Safari web browser contains a remote code execution vulnerability in its Webkit feature. Specifically, an attacker could trigger a use-after-free condition in WebCore, the DOM-rendering system for Webkit used in Safari. This could give the attacker the ability to execute remote code on the victim machine. --------------------------------------------- https://blog.talosintelligence.com/2020/09/vuln-spotlight-apple-safari-sept… ∗∗∗ High-Severity Vulnerabilities Patched in Discount Rules for WooCommerce ∗∗∗ --------------------------------------------- On August 20, 2020, the Wordfence Threat Intelligence team was made aware of several vulnerabilities that had been patched in Discount Rules for WooCommerce, a WordPress plugin installed on over 40,000 sites. --------------------------------------------- https://www.wordfence.com/blog/2020/09/high-severity-vulnerabilities-patche… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (dotnet3.1, kernel, mbedtls, and python35), Mageia (libraw), openSUSE (mumble), SUSE (libsolv, libzypp, and perl-DBI), and Ubuntu (libdbi-perl, libphp-phpmailer, mcabber, ncmpc, openssl, openssl1.0, qemu, samba, storebackup, and util-linux). --------------------------------------------- https://lwn.net/Articles/831720/ ∗∗∗ Synology-SA-20:21 Zerologon ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to bypass security constraints via a susceptible version of Synology Directory Server. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_21 ∗∗∗ Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update ∗∗∗ --------------------------------------------- Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. --------------------------------------------- https://support.citrix.com/article/CTX281474 ∗∗∗ Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-websph… ∗∗∗ Security Bulletin: IBM Aspera Shares 1.9.14 Patch Level 1 and earlier are vulnerable to DOM XSS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-shares-1-9-14-… ∗∗∗ Security Bulletin: Denial of service vulnerability in WebSphere Application Server Liberty (CVE-2020-4590) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnera… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.09.2020
by Daily end-of-shift report 16 Sep '20

16 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 15-09-2020 18:00 − Mittwoch 16-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Malware greift Microsoft Datenbanken an ∗∗∗ --------------------------------------------- Eine neue Malware-Gang hat sich in den letzten Monaten einen Namen gemacht, indem sie sich in die Datenbank Microsoft SQL Server (MSSQL) gehackt und einen Crypto-Miner installiert hat. --------------------------------------------- https://www.zdnet.de/88382758/malware-greift-microsoft-datenbanken-an/ ∗∗∗ Netflix-KundInnen aufgepasst: Betrügerische E-Mails im Umlauf! ∗∗∗ --------------------------------------------- Derzeit häufen sich Meldungen über betrügerische E-Mails, die angeblich von Netflix stammen. In diesen E-Mails werden die Opfer darum gebeten, ihre Zahlungsinformationen zu aktualisieren, da es Probleme mit der Rechnung gäbe. Die Mails stammen jedoch nicht von Netflix, sondern von Kriminellen, die versuchen an die Kreditkartendaten der EmpfängerInnen zu kommen. --------------------------------------------- https://www.watchlist-internet.at/news/netflix-kundinnen-aufgepasst-betrueg… ∗∗∗ This security awareness training email is actually a phishing scam ∗∗∗ --------------------------------------------- A creative phishing campaign uses an email template that pretends to be a reminder to complete security awareness training from a well-known security company. --------------------------------------------- https://www.bleepingcomputer.com/news/security/this-security-awareness-trai… ∗∗∗ DNS security best practices: Preventing DNS hijacking, poisoning and redirection ∗∗∗ --------------------------------------------- The importance of DNS The Domain Name System (DNS) is one of the fundamental protocols of the Internet. It provides a lookup service that converts domain names (like google.com) into IP addresses (like 192.168.0.0). While DNS has always been an important protocol, the growing use of cloud-based services has made it even more so. --------------------------------------------- https://resources.infosecinstitute.com/dns-security-best-practices-preventi… ∗∗∗ Do Vulnerabilities Ever Get Old? Recent "Mirai" Variant Scanning for 20 Year Old Amanda Version?, (Wed, Sep 16th) ∗∗∗ --------------------------------------------- We always say how network security is changing every day. Take a long lunch, and you may miss a critical exploit. But sometimes, time appears to stand still. We just passed 1.6 Billion seconds in the Unix Epoch. Back when the Unix timestamp still had 9 digits, in the late 90s also known as "pre Y2K", one of the servers you may have used for backups was Amanda (Advanced Maryland Automatic Network Disk Archiver). Still active and alive today, back then Amanda V 2.3 was current. --------------------------------------------- https://isc.sans.edu/diary/rss/26572 ∗∗∗ The Hacker Motive: What Attackers Are Doing with Your Hacked Site ∗∗∗ --------------------------------------------- Yesterday, September 15, 2020, the Wordfence Live team covered The Hacker Motive: What Attackers Are Doing with Your Hacked Site. This companion blog post reviews the motives we discussed live during Wordfence Live and dives deeper into the minds of attackers. --------------------------------------------- https://www.wordfence.com/blog/2020/09/the-hacker-motive-what-attackers-are… ∗∗∗ Billions of devices vulnerable to new BLESA Bluetooth security flaw ∗∗∗ --------------------------------------------- New BLESA attack goes after the often ignored Bluetooth reconnection process, unlike previous vulnerabilities, most found in the pairing operation. --------------------------------------------- https://www.zdnet.com/article/billions-of-devices-vulnerable-to-new-blesa-b… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Content Security Management Appliance and Cisco Web Security Appliance Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Content Security Management Appliance (SMA) and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Schadcode-Lücken in Nitro Pro PDF geschlossen ∗∗∗ --------------------------------------------- Es sind wichtige Sicherheitsupdates für die PDF-Anwendung Nitro Pro erschienen. --------------------------------------------- https://heise.de/-4902752 ∗∗∗ IBM: Sicherheitsupdates für zahlreiche Produkte verfügbar ∗∗∗ --------------------------------------------- Seit Anfang voriger Woche hat IBM eine ganze Reihe von Lücken aus seinem Produktportfolio beseitigt – darunter einige mit hohem bis kritischem Schweregrad. --------------------------------------------- https://heise.de/-4902825 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (libssh, python35, and xen), Oracle (kernel), Red Hat (librepo and mysql:8.0), SUSE (perl-DBI), and Ubuntu (Apache Log4j, Apache XML-RPC, bsdiff, libdbi-perl, luajit, milkytracker, OpenJPEG, ruby-loofah, and ruby-websocket-extensions). --------------------------------------------- https://lwn.net/Articles/831654/ ∗∗∗ Flaws in Philips Patient Monitoring Products Can Lead to Patient Data Exposure ∗∗∗ --------------------------------------------- Multiple vulnerabilities identified in Philips patient monitoring solutions could provide attackers with unauthorized access to patient data. read more --------------------------------------------- https://www.securityweek.com/flaws-philips-patient-monitoring-products-can-… ∗∗∗ Security Advisory - Use-after-free Vulnerability in Some Huawei Smart Phone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200916-… ∗∗∗ Trend Micro ServerProtect for Linux: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0905 ∗∗∗ Node.js: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0904 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.09.2020
by Daily end-of-shift report 15 Sep '20

15 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Montag 14-09-2020 18:00 − Dienstag 15-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Windows 10 'Finger' command can be abused to download or steal files ∗∗∗ --------------------------------------------- The list of native executables in Windows that can download or run malicious code keeps growing as another one has been reported recently. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-10-finger-command-ca… ∗∗∗ Sicherheitslücke: Mit acht Nullen zum Active-Directory-Admin ∗∗∗ --------------------------------------------- Die Sicherheitslücke Zerologon nutzt einen Fehler in Netlogon aus und involviert die Zahl Null auf kreative Weise - um Passwörter zu ändern. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-mit-acht-nullen-zum-active-dire… ∗∗∗ Erfolgreiche Angriffskampagne trifft Online-Shops auf Basis von Magento 1 ∗∗∗ --------------------------------------------- Der Support für Version 1.x der Onlineshop-Software Magento endete im Juni 2020. Eine aktuelle "Magecart"-Angriffskampagne zielt nun auf veraltete Shops. --------------------------------------------- https://heise.de/-4894269 ∗∗∗ Shitrix-Nachwehen: Citrix-Systeme mit unbemerkten Backdoors ∗∗∗ --------------------------------------------- Auf Citrix ADC und Netscaler Gateways sind offenbar über die Shitrix-Lücke Anfang des Jahres Backdoors installiert worden, durch die Ransomware gelangen kann. --------------------------------------------- https://heise.de/-4901590 ∗∗∗ Erpressungs-E-Mails: Kriminelle hätten Beweise, dass Sie fremdgehen ∗∗∗ --------------------------------------------- Werden Sie per E-Mail erpresst? Behauptet der Erpresser, einen Virus auf Ihrem Smartphone installiert zu haben, der Ihre Aktivitäten überwacht? Hat er angeblich Beweismaterial, dass Sie beim Fremdgehen zeigt? Fordert man für Stillschweigen die Überweisung von Bitcoins? Dann: Machen Sie sich keine Sorgen! Es handelt sich um ein betrügerisches E-Mail, das aktuell massenhaft versendet wird! --------------------------------------------- https://www.watchlist-internet.at/news/erpressungs-e-mails-kriminelle-haett… ∗∗∗ Network Attack Trends: Attackers Leveraging High Severity and Critical Exploits ∗∗∗ --------------------------------------------- We captured global network traffic from firewalls around the world and then analyzed the data to examine the latest network attack trends. --------------------------------------------- https://unit42.paloaltonetworks.com/network-attack-trends/ ∗∗∗ MITRE releases emulation plan for FIN6 hacking group, more to follow ∗∗∗ --------------------------------------------- New MITRE project to provide free emulation plans that mimic major threat actors in order to train and help defenders. --------------------------------------------- https://www.zdnet.com/article/mitre-releases-emulation-plan-for-fin6-hackin… ∗∗∗ Hackers are getting more hands-on with their attacks. Thats not a good sign ∗∗∗ --------------------------------------------- Both nation-state backed hackers and cyber criminals asking trying to take advantage of the rise in remote working, and getting more sophisticated in their approach. --------------------------------------------- https://www.zdnet.com/article/hackers-are-getting-more-hands-on-with-their-… ===================== = Vulnerabilities = ===================== ∗∗∗ MFA Bypass Bugs Opened Microsoft 365 to Attack ∗∗∗ --------------------------------------------- Vulnerabilities 'that have existed for years' in WS-Trust could be exploited to attack other services such as Azure and Visual Studio. --------------------------------------------- https://threatpost.com/flaws-in-microsoft-365s-mfa-access-cloud-apps/159240/ ∗∗∗ VMware VMSA-2020-0020 (Sep 14) ∗∗∗ --------------------------------------------- VMware Workstation, Fusion and Horizon Client updates address multiple security vulnerabilities (CVE-2020-3980, CVE-2020-3986, CVE-2020-3987, CVE-2020-3988, CVE-2020-3989, CVE-2020-3990) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0020.html ∗∗∗ Notfallpatch für Adobe Media Encoder verfügbar ∗∗∗ --------------------------------------------- Angreifer könnten Media Encoder von Adobe attackieren und Informationen leaken. --------------------------------------------- https://heise.de/-4901833 ∗∗∗ Vulnerability Spotlight: Memory corruption in Google PDFium ∗∗∗ --------------------------------------------- Google Chromes PDFium feature could be exploited by an adversary to corrupt memory and potentially execute remote code. Chrome is a popular, free web browser available on all operating systems. PDFium allows users to open PDFs inside Chrome. We recently discovered a bug that would allow an adversary to send a malicious web page to a user, and then cause out-of-bounds memory access. --------------------------------------------- https://blog.talosintelligence.com/2020/09/vuln-spotlight-google-pdfium-sep… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (dovecot), Debian (gnome-shell and teeworlds), Mageia (libetpan and zeromq), openSUSE (libxml2), Red Hat (chromium-browser and librepo), SUSE (compat-openssl098, firefox, kernel, openssl, and shim), and Ubuntu (gupnp). --------------------------------------------- https://lwn.net/Articles/831592/ ∗∗∗ Synology-SA-20:20 Photo Station ∗∗∗ --------------------------------------------- Multiple vulnerabilities allow remote attackers to execute arbitrary code via a susceptible version of Photo Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_20 ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to Java Deserialization (CVE-2020-4521) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Missing Security Control vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to SQL Injection (CVE-2019-4671) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: Docker vulnerability affects IBM Spectrum Protect Plus (CVE-2020-13401) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-docker-vulnerability-affe… ∗∗∗ Security Bulletin: Linux Kernel vulnerability affects IBM Spectrum Protect Plus (187206) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-linux-kernel-vulnerabilit… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site request forgery (CVE-2020-4526) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: Directory Traversal and Execution of Arbitrary Code vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4711, CVE-2020-4703) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-directory-traversal-and-e… ∗∗∗ Security Bulletin: Cacheable HTTPS Response vulnerability in IBM Tivoli Business Service Manager (CVE-2020-4344) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cacheable-https-response-… ∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Business Service Manager (CVE-2020-14577) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Improper DLL loading vulnerability affecting Aspera Connect 3.9.9 and earlier ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-improper-dll-loading-vuln… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.09.2020
by Daily end-of-shift report 14 Sep '20

14 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 11-09-2020 18:00 − Montag 14-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Zerologon übernimmt Domain-Controller ∗∗∗ --------------------------------------------- Unbemerkt von vielen hat Microsoft im August letzten Monats einen der schwerwiegendsten Fehler behoben, der dem Unternehmen jemals gemeldet wurde. Dieses Problem könnte dazu missbraucht werden, Windows-Server, die als Domänencontroller in Unternehmensnetzwerken laufen, einfach zu übernehmen. --------------------------------------------- https://www.zdnet.de/88382688/zerologon-uebernimmt-domain-controller/ ∗∗∗ Magento stores hit by largest automated hacking attack since 2015 ∗∗∗ --------------------------------------------- In the largest automated hacking campaign against Magento sites, attackers compromised almost 2,000 online stores this weekend to steal credit cards. --------------------------------------------- https://www.bleepingcomputer.com/news/security/magento-stores-hit-by-larges… ∗∗∗ Creating patched binaries for pentesting purposes, (Sun, Sep 13th) ∗∗∗ --------------------------------------------- When doing pentestings, the establishment of backdoors is vital to be able to carry out lateral movements in the network or to reach the stage of action on objectives. This is usually accomplished by inviting someone to click on a commonly used executable on the computer using social engineering techniques. --------------------------------------------- https://isc.sans.edu/diary/rss/26560 ∗∗∗ ModSecurity, Regular Expressions and Disputed CVE-2020-15598 ∗∗∗ --------------------------------------------- This blog post will discuss that tradeoff in the context of regular expressions in ModSecurity. It will cover an issue raised by a member of the community as a security issue (assigned CVE-2020-15598), which we disputed, and some tips for how to avoid the more problematic aspects of regular expressions in ModSecurity. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity… ∗∗∗ New BlindSide attack uses speculative execution to bypass ASLR ∗∗∗ --------------------------------------------- New BlindSide technique abuses the CPUs internal performance-boosting feature to bypass OS security protection. --------------------------------------------- https://www.zdnet.com/article/new-blindside-attack-uses-speculative-executi… ===================== = Vulnerabilities = ===================== ∗∗∗ Hyland OnBase Arbitrary File Upload ∗∗∗ --------------------------------------------- Hyland OnBase allows malicious attackers to directly upload arbitrary files to the OnBase server using file upload methods. The client-side sometimes restricts file types, but the server-side does not allowing attackers with direct server access to upload files of any type including malicious files designed to compromise clients that view the data. OnBase also appears to lack the proper mechanisms to verify that files are of the type claimed and instead relies on file extensions, allowing attackers to upload malicious files whose extensions do not match the actual file type. This allows a second vector for malicious file upload and attacking clients. --------------------------------------------- https://cxsecurity.com/issue/WLB-2020090071 ∗∗∗ WordPress Plugin Flaw Allows Attackers to Forge Emails ∗∗∗ --------------------------------------------- The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites. --------------------------------------------- https://threatpost.com/wordpress-plugin-flaw/159172/ ∗∗∗ Sicherheitsupdates: Root-Lücke bedroht Firewalls von Palo Alto ∗∗∗ --------------------------------------------- Eine kritische Lücke im Betriebssystem PAN-OS gefährdet Firewalls aus dem Hause Palo Alto. --------------------------------------------- https://heise.de/-4892796 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (thunderbird), Debian (libproxy, qemu, and wordpress), Fedora (ansible, chromium, community-mysql, dotnet-build-reference-packages, dotnet3.1, drupal7, grub2, java-1.8.0-openjdk-aarch32, kernel, kernel-headers, kernel-tools, mingw-gnutls, php-symfony4, python-django, and selinux-policy), Gentoo (DBI, file-roller, gnome-shell, gst-rtsp-server, nextcloud-client, php, proftpd, qtgui, and zeromq), openSUSE (gimp, libjpeg-turbo, openldap2, [...] --------------------------------------------- https://lwn.net/Articles/831524/ ∗∗∗ Vulnerabilities Expose Thousands of MobileIron Servers to Remote Attacks ∗∗∗ --------------------------------------------- Researchers have disclosed the details of several potentially serious vulnerabilities affecting MobileIron’s mobile device management (MDM) solutions, including a flaw that can be exploited by an unauthenticated attacker for remote code execution on affected servers. --------------------------------------------- https://www.securityweek.com/vulnerabilities-expose-thousands-mobileiron-se… ∗∗∗ Multiple vulnerabilities in Buffalo AirStation WHR-G54S ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN09166495/ ∗∗∗ Security Bulletin: IBM Cloud Pak System is affected by a vulnerability in VMware component ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-system-is-a… ∗∗∗ Security Bulletin: A vulnerability in Apache AvtiveMQ affects IBM Operations Analytics Predictive Insights (CVE-2020-1941) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache… ∗∗∗ Security Bulletin: Vulnerability in libcurl affects the OS image for RedHat Enterprise Linux for IBM Cloud Pak System (CVE-2019-5436) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-libcurl-… ∗∗∗ Security Bulletin: Vulnerability in OpenSSL library affects OS Pattern Kit used in IBM Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-… ∗∗∗ Security Bulletin: IBM Kenexa LMS On Premise -IBM SDK, Java Technology Edition Quarterly CPU -Jul 2020 – Includes Oracle Jul 2020 CPU plus one additional vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise… ∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – [All] jQuery (Publicly disclosed vulnerability) CVEID: 180875 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-o… ∗∗∗ Security Bulletin: Vulnerability in side channel in Intel CPUs affect IBM Cloud Pak System (CVE-2019-11135) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-side-cha… ∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – [All] jQuery (Publicly disclosed vulnerability) CVE-2020-11023, CVE-2020-11022 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-o… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK addressed in IBM Cloud Pak System (April 2020 updates) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.09.2020
by Daily end-of-shift report 11 Sep '20

11 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 10-09-2020 18:00 − Freitag 11-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Zoom adds two-factor authentication (2FA) support to all accounts ∗∗∗ --------------------------------------------- Zoom has announced that starting today it has added two-factor authentication (2FA) support to all user accounts to make it simpler to secure them against security breaches and identity theft. --------------------------------------------- https://www.bleepingcomputer.com/news/security/zoom-adds-two-factor-authent… ∗∗∗ Whats in Your Clipboard? Pillaging and Protecting the Clipboard, (Fri, Sep 11th) ∗∗∗ --------------------------------------------- Recently I happened to notice that the Cisco AnyConnect VPN client clears the clipboard if you paste a password into it. (Note - if you know and can type any of your passwords in 2020, you should at least partially examine your life choices). Several password managers also do this "right thing" - retaining passwords in the clipboard is a great way for folks to accidentally paste that information into the worst [...] --------------------------------------------- https://isc.sans.edu/diary/rss/26556 ∗∗∗ WordPress Malware Disables Security Plugins to Avoid Detection ∗∗∗ --------------------------------------------- An alarm or monitoring system is a great tool that can be used to improve the security of a home or website, but what if an attacker can easily disable it? --------------------------------------------- https://blog.sucuri.net/2020/09/wordpress-malware-disables-security-to-avoi… ∗∗∗ Bluetooth anfällig für Angriffe auf Schlüssel – irgendwie ∗∗∗ --------------------------------------------- Das CERT/CC und die Bluetooth-Standardisierer warnen vor Blurtooth – knausern aber mit Informationen zur entdeckten Schwachstelle. --------------------------------------------- https://heise.de/-4891764 ∗∗∗ Sichere Passwörter schützen vor Verlust und Missbrauch ∗∗∗ --------------------------------------------- Sichere Passwörter schützen nicht nur private Informationen vor Fremden. Sie schützen vor allem vor finanziellem Schaden und Identitätsmissbrauch. Daher ist auf die Passwort-Sicherheit besonderen Wert zu legen. --------------------------------------------- https://www.watchlist-internet.at/news/sichere-passwoerter-schuetzen-vor-ve… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (python-pip), Fedora (kernel, libX11, and xen), openSUSE (go1.14), Oracle (libcroco, php:7.3, and postgresql:10), Red Hat (chromium-browser and httpd:2.4), and SUSE (gimp, golang-github-prometheus-prometheus, kernel, libxml2, pdsh, slurm_20_02, slurm, slurm_18_08, and tomcat). --------------------------------------------- https://lwn.net/Articles/831283/ ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: A vulnerability may affect IBM® SDK, Java™ Technology Edition used in Liberty for Java for IBM Cloud (CVE-2020-2590) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-may-affec… ∗∗∗ Security Bulletin: IBM® Db2® on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2020-4411) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-on-aix-and-linux-… ∗∗∗ Security Bulletin: IBM® SDK, Java™ Technology Edition Quarterly CPU – Jul 2020 – Includes Oracle Jul 2020 CPU plus one additional vulnerability affects Liberty for Java for IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: IBM® Db2® on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2020-4412) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-on-aix-and-linux-… ∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime related to the Kerberos component affect IBM® Db2®. (CVE-2019-2949) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: A vulnerability may affect IBM® SDK, Java™ Technology Edition used in Liberty for Java for IBM Cloud (CVE-2020-2601) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-may-affec… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.09.2020
by Daily end-of-shift report 10 Sep '20

10 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 09-09-2020 18:00 − Donnerstag 10-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ ProLock ransomware increases payment demand and victim count ∗∗∗ --------------------------------------------- Using standard tactics, the operators of ProLock ransomware were able to deploy a large number of attacks over the past six months, averaging close to one target every day. --------------------------------------------- https://www.bleepingcomputer.com/news/security/prolock-ransomware-increases… ∗∗∗ An overview of targeted attacks and APTs on Linux ∗∗∗ --------------------------------------------- Perhaps unsurprisingly, a lot has been written about targeted attacks on Windows systems. Windows is, due to its popularity, the platform for which we discover most APT attack tools. At the same time, there’s a widely held opinion that Linux [...] --------------------------------------------- https://securelist.com/an-overview-of-targeted-attacks-and-apts-on-linux/98… ∗∗∗ Zeppelin Ransomware Returns with New Trojan on Board ∗∗∗ --------------------------------------------- The malware has popped up in a targeted campaign and a new infection routine. --------------------------------------------- https://threatpost.com/zeppelin-ransomware-returns-trojan/159092/ ∗∗∗ O365 Phishing Attack Used Real-Time Validation against Active Directory ∗∗∗ --------------------------------------------- A phishing attack used real-time validation against an organization’s Active Directory in order to steal users’ Office 365 credentials. According to Armorblox, the phishing attack targeted an executive working at an American brand that was named one of the world’s Top 50 most innovative companies for 2019 on a Friday evening. The email used spoofing [...] --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/o365-ph… ∗∗∗ BLURtooth Vulnerability Can Allow Bluetooth MITM Attacks ∗∗∗ --------------------------------------------- A security vulnerability in the Cross-Transport Key Derivation (CTKD) of devices supporting both Bluetooth BR/EDR and LE could allow an attacker to overwrite encryption keys, researchers have discovered. --------------------------------------------- https://www.securityweek.com/blurtooth-vulnerability-can-allow-bluetooth-mi… ∗∗∗ Fake Gewinnspiel mit Cineplexx-Gutschein lockt in Abo-Falle ∗∗∗ --------------------------------------------- Auf Facebook wird über Anzeigen und den Facebook-Messenger ein Gewinnspiel beworben. Sie wurden angeblich, ausgewählt Gutscheine für Cineplexx-Kinos zu erhalten. Dafür sollen Sie 2 Euro für die Versandkosten mit Ihrer Kreditkarte bezahlen. Achtung: Das Gewinnspiel ist fake, die Gutscheine gibt es nicht und Sie landen in einer Abo-Falle! Cineplexx selbst hat nichts mit diesen Gewinnspielen zu tun. --------------------------------------------- https://www.watchlist-internet.at/news/fake-gewinnspiel-mit-cineplexx-gutsc… ∗∗∗ New CDRThief malware targets VoIP softswitches to steal call detail records ∗∗∗ --------------------------------------------- Malware targets only two very specific softswitches (software switches): Linknat VOS2009 and VOS3000. --------------------------------------------- https://www.zdnet.com/article/new-cdrthief-malware-targets-voip-softswitche… ∗∗∗ Ransomware-Attacken vervielfacht ∗∗∗ --------------------------------------------- Die Zahl der Ransomware-Angriffe ist im ersten Halbjahr im Vergleich zum Vorjahr um 715% gestiegen. Die Lösegelderpresser werden immer gefährlicher und sorgen für hohe Schäden. --------------------------------------------- https://www.zdnet.de/88382645/ransomware-attacken-vervielfacht/ ∗∗∗ Recent Dridex activity, (Thu, Sep 10th) ∗∗∗ --------------------------------------------- For the past month or so, I hadn't had any luck finding active malspam campaigns pushing Dridex malware. That changed starting this week, and I've since found several examples. Today's diary reviews an infection from Wednesday September 9th, 2020. --------------------------------------------- https://isc.sans.edu/diary/rss/26550 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (ark, gnupg, go, opendmarc, and python-django), Debian (libxml2), Gentoo (chromium), Oracle (librepo and thunderbird), Red Hat (dovecot and httpd:2.4), SUSE (avahi, kernel, and openldap2), and Ubuntu (xorg-server). --------------------------------------------- https://lwn.net/Articles/831178/ ∗∗∗ Palo Alto Networks Patches Serious DoS, Code Execution Flaws in PAN-OS ∗∗∗ --------------------------------------------- Palo Alto Networks this week announced that it has patched critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall software. read more --------------------------------------------- https://www.securityweek.com/palo-alto-networks-patches-serious-dos-code-ex… ∗∗∗ PEPPERL+FUCHS/VMT Bildverarbeitungssysteme GmbH: VMT MSS and VMT IS - Several vulnerabilities in products utilizing WIBU SYSTEMS CodeMeter components ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-034 ∗∗∗ PILZ: Multiple products prone to WIBU CodeMeter vulnerabilities ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-033 ∗∗∗ avahi: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0892 ∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0891 ∗∗∗ Security Advisory - Information Leak Vulnerability in Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200909-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in jackson-databind shipped with IBM Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jackson-… ∗∗∗ Security Bulletin: WebSphere Application Server Admin Console is vulnerable to cross-site scripting (CVE-2020-4578) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Vulnerabilities in IBM HTTP Server affects IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ht… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affect IBM Cloud Orchestrator (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.09.2020
by Daily end-of-shift report 09 Sep '20

09 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 08-09-2020 18:00 − Mittwoch 09-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers use legit tool to take over Docker, Kubernetes platforms ∗∗∗ --------------------------------------------- In a recent attack, cybercrime group TeamTNT relied on a legitimate tool to avoid deploying malicious code on compromised cloud infrastructure and still have a good grip on it. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-use-legit-tool-to-ta… ∗∗∗ Diffie-Hellman-Seitenkanal: Raccoon-Angriff auf TLS betrifft nur Wenige ∗∗∗ --------------------------------------------- Forscher zeigen eine bislang unbekannte Schwäche im TLS-Protokoll, die praktischen Risiken sind aber sehr gering. --------------------------------------------- https://www.golem.de/news/diffie-hellman-seitenkanal-raccoon-angriff-auf-tl… ∗∗∗ Attacking the Qualcomm Adreno GPU ∗∗∗ --------------------------------------------- When writing an Android exploit, breaking out of the application sandbox is often a key step. There are a wide range of remote attacks that give you code execution with the privileges of an application (like the browser or a messaging application), but a sandbox escape is still required to gain full system access. This blog post focuses on an interesting attack surface that is accessible from the Android application sandbox: the graphics processing unit (GPU) --------------------------------------------- https://googleprojectzero.blogspot.com/2020/09/attacking-qualcomm-adreno-gp… ∗∗∗ Adobe behebt Schwachstellen ∗∗∗ --------------------------------------------- Adobes neueste Runde von Sicherheitsupdates behebt schwerwiegende Fehler in Experience Manager, InDesign und Framemaker. Der Grafikspezialist verabschiedet sich zudem von Flash. --------------------------------------------- https://www.zdnet.de/88382613/adobe-behebt-schwachstellen/ ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: Von Angreifern präparierte Websites könnten Windows gefährlich werden ∗∗∗ --------------------------------------------- Microsoft hat Sicherheitsupdates für mehrere Produkte veröffentlicht und über 120 Sicherheitslücken geschlossen. --------------------------------------------- https://heise.de/-4888876 ∗∗∗ IPAS: Security Advisories for September 2020 ∗∗∗ --------------------------------------------- Hi everyone, Today we are releasing four security advisories addressing 9 vulnerabilities that were all internally found by Intel except for INTEL-SA-00405 which was reported through our bug bounty program. --------------------------------------------- https://blogs.intel.com/technology/2020/09/intel-september-2020-security-ad… ∗∗∗ Google Android: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um Schadcode auszuführen, um seine Privilegien zu erhöhen, um Informationen auszuspähen und um Sicherheitsmechanismen zu umgehen. Letztlich kann der Angreifer so die Kontrolle über das Gerät übernehmen. Zur Ausnutzung genügt es, eine bösartige App zu installieren bzw. zu nutzen. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/09/warn… ∗∗∗ Reflected XSS in WordPress Plugin Admin Pages ∗∗∗ --------------------------------------------- The administrative dashboard in WordPress is a pretty safe place: Only elevated users can access it. Exploiting a plugin’s admin panel would serve very little purpose here — an administrator already has the required permissions to do all of the actions a vulnerability could cause. While this is usually true, there are a number of techniques bad actors are using to trick an administrator into performing actions they would not expect, such as Cross Site Request Forgery (CSRF) or [...] --------------------------------------------- https://blog.sucuri.net/2020/09/reflected-xss-in-wordpress-plugin-admin-pag… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (grunt), Fedora (ansible and geary), openSUSE (firefox, gettext-runtime, python-Flask-Cors, and thunderbird), Oracle (firefox and thunderbird), Red Hat (.NET Core 3.1), SUSE (kernel and libjpeg-turbo), and Ubuntu (gnutls28 and libx11). --------------------------------------------- https://lwn.net/Articles/831069/ ∗∗∗ PHOENIX CONTACT: Products utilizing WIBU SYSTEMS CodeMeter components ∗∗∗ --------------------------------------------- Several vulnerabilities have been discovered in WIBU SYSTEMS CodeMeter Runtime. --------------------------------------------- https://cert.vde.com/de-de/advisories/copy_of_vde-2020-030 ∗∗∗ WAGO: Vulnerable WIBU-SYSTEMS Codemeter installed through e!COCKPIT ∗∗∗ --------------------------------------------- Multiple vulnerabilties were reported in WIBU-SYSTEMS Codemeter. --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-032 ∗∗∗ Security Advisory - Privilege Elevation Vulnerability in Microsoft Windows Kerberos Key Distribution Center ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20200909-… ∗∗∗ Security Advisory - Buffer Overflow Vulnerability on Several Mobile Broadband Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200909-… ∗∗∗ Security Advisory - MITM Vulnerability on Huawei Share ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200909-… ∗∗∗ Security Bulletin: IBM InfoSphere Metadata Asset Manager is vulnerable to stored cross-site scripting and server-side request forgery. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-metadata-a… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Improper DLL loading vulnerability affecting Aspera Connect 3.9.9 and earlier ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-improper-dll-loading-vuln… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.09.2020
by Daily end-of-shift report 08 Sep '20

08 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Montag 07-09-2020 18:00 − Dienstag 08-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Windows 10 themes can be abused to steal Windows accounts ∗∗∗ --------------------------------------------- Specially crafted Windows 10 themes and theme packs can be used in Pass-the-Hash attacks to steal Windows account credentials from unsuspecting users. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/windows-10-themes-can-be-ab… ∗∗∗ Office: About OLE and ZIP Files, (Mon, Sep 7th) ∗∗∗ --------------------------------------------- A reader asked if a particular Emotet sample was a malformed ZIP file. It is not, and I will explain why you might think it is in this diary entry. --------------------------------------------- https://isc.sans.edu/diary/rss/26540 ∗∗∗ Japan, France, New Zealand Warn of Sudden Uptick in Emotet Trojan Attacks ∗∗∗ --------------------------------------------- Cybersecurity agencies across Asia and Europe have issued multiple security alerts regarding the resurgence of email-based Emotet malware attacks targeting businesses in France, Japan, and New Zealand. --------------------------------------------- https://thehackernews.com/2020/09/emotet-malware-attack.html ∗∗∗ Was sind Tech-Support Scams? Und: Wie Sie sich davor schützen! ∗∗∗ --------------------------------------------- Ein Tech-Support Scam ist eine Betrugsmasche, wo sich Kriminelle als Service-MitarbeiterInnen von Microsoft oder Apple ausgeben und ein Computerproblem vortäuschen. Die Kontaktaufnahme erfolgt entweder durch die Kriminellen per Telefon oder die Opfer rufen aufgrund eines Pop-Ups selbst bei einer vermeintlichen Service-Stelle an. In beiden Fällen wird eine Fernwartungssoftware installiert, um Zugangsdaten zu erspähen, Schadsoftware zu installieren oder Daten zu löschen oder [...] --------------------------------------------- https://www.watchlist-internet.at/news/was-sind-tech-support-scams-und-wie-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe InDesign (APSB20-52), Adobe Framemaker (APSB20-54) and Adobe Experience Manager (APSB20-56). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1916 ∗∗∗ Windows 10 Sandbox activation enables zero-day vulnerability ∗∗∗ --------------------------------------------- A reverse engineer discovered a new zero-day vulnerability in most Windows 10 editions that allows creating files in restricted areas of the operating system. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-10-sandbox-activatio… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (imagemagick, lemonldap-ng, and zeromq3), Fedora (ark, cryptsetup, gnutls, kernel, kernel-headers, and kernel-tools), openSUSE (firefox, kernel, and thunderbird), Red Hat (cloud-init, go-toolset:rhel8, libcroco, librepo, php:7.3, postgresql:10, and thunderbird), SUSE (firefox and go1.14), and Ubuntu (linux, linux-aws, linux-aws-5.3, linux-aws-5.4, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-azure-5.4, linux-gcp, linux-gcp-4.15, linux-gcp-5.4, [...] --------------------------------------------- https://lwn.net/Articles/830941/ ∗∗∗ SAP Patchday September 2020 ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in SAP Produkten und Anwendungskomponenten ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität der Anwendungen zu gefährden. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0870 ∗∗∗ Citrix StoreFront Security Update ∗∗∗ --------------------------------------------- An issue has been discovered in Citrix StoreFront that, if exploited, would allow an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. --------------------------------------------- https://support.citrix.com/article/CTX277455 ∗∗∗ SSA-770698: User Information Disclosure Vulnerability in Siveillance Video Client ∗∗∗ --------------------------------------------- The Siveillance Video Client contains an information disclosure vulnerability that could allow an attacker to obtain valid adminstrator login names and use this information to launch further attacks. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-770698.txt ∗∗∗ SSA-709003: Privilege Escalation Vulnerability in License Management Utility (LMU) ∗∗∗ --------------------------------------------- The latest update for the License Management Utility (LMU), which is used by multiple Siemens building technology products, fixes a vulnerability that could allow local users to escalate privileges and execute code as local SYSTEM user. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-709003.txt ∗∗∗ SSA-568969: Insecure Storage of Sensitive Information in Spectrum Power™ 4 ∗∗∗ --------------------------------------------- Vulnerabilities in Spectrum Power™ 4 could allow an unauthorized attacker to retrieve a list of software users, or in certain cases to list the contents of a directory. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-568969.txt ∗∗∗ SSA-542525: Authentication Vulnerabilities in SIMATIC HMI Products ∗∗∗ --------------------------------------------- SIMATIC HMI Products are affected by two vulnerabilities that could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-542525.txt ∗∗∗ SSA-534763: Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products ∗∗∗ --------------------------------------------- Security researchers published information on a vulnerability known as Crosstalk (INTEL-SA-00320). This vulnerability affects modern Intel processors to a varying degree. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-534763.txt ∗∗∗ SSA-455843: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products ∗∗∗ --------------------------------------------- CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens and Siemens Energy products for license management. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-455843.txt ∗∗∗ SSA-436520: XSS and CSRF Vulnerabilities in Polarion Subversion Webclient ∗∗∗ --------------------------------------------- Multiple cross-site scripting (XSS) vulnerabilities were found in the subversion webclient of Polarion. In addition, the webclient doesnt have any cross-site request forgery (CSRF) protection. An attacker could inject client side script to induce the victim to issue an HTTP request that would lead to a state changing operation. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-436520.txt ∗∗∗ SSA-381684: Improper Password Protection during Authentication in SIMATIC S7-300 and S7-400 CPUs ∗∗∗ --------------------------------------------- A vulnerability has been identified in SIMATIC S7-300 and S7-400 CPU families, which could result in credential disclosure. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-381684.txt ∗∗∗ SSA-251935: Multiple Privilege Escalation Vulnerabilities in SIMATIC RTLS Locating Manager ∗∗∗ --------------------------------------------- The latest update for SIMATIC RTLS Locating Manager fixes various vulnerabilities that could allow a low-privileged local user to escalate privileges. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-251935.txt ∗∗∗ Red Hat Enterprise Linux: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0871 ∗∗∗ Security Bulletin: Novalink is impacted by denial of service high vulnerability in WebSphere Application Server Liberty CVE-2019-4720 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-d… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – July 2020 – Includes Oracle July 2020 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Security Bulletin: Novalink is impacted by Publicly disclosed vulnerability in IBM Java SDK/JRE (CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-novalin… ∗∗∗ Security Bulletin: Novalink is impacted Apache CXF affects middle vulnerability in WebSphere Application Server Liberty (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-apac… ∗∗∗ Security Bulletin: Novalink is impacted by Apache CXF affects WebSphere Liberty JAX-WS middle vulnerability in WebSphere Application Server Liberty (CVE-2019-17573) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-a… ∗∗∗ Security Bulletin: Vulnerability in Apache Ant affects IBM Platform Symphony and IBM Spectrum Symphony ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily