Daily

daily@lists.cert.at

1 participants
3182 discussions

Tageszusammenfassung - 28.12.2020
by Daily end-of-shift report 28 Dec '20

28 Dec '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 23-12-2020 18:00 − Montag 28-12-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Jahresrückblick 2020: Diese Themen beschäftigten uns heuer! ∗∗∗ --------------------------------------------- Die Corona-Krise hat 2020 die ganze Welt in Atem gehalten. Auch bei der Watchlist Internet blieb die Corona-Krise nicht unbemerkt. Kriminelle nutzten die globale Gesundheitskrise für verschiedene Betrugsmaschen – von Fake-Shops, die Atemschutzmasken in ihr Angebot aufnahmen, über betrügerische Jobangebote bis hin zu Phishing-Nachrichten. Ebenfalls mit verschiedenen Betrugsmaschen in Verbindung steht der wachsende Trend von unseriöser Werbung. Fake-Shops werden dabei [...] --------------------------------------------- https://www.watchlist-internet.at/news/jahresrueckblick-2020-diese-themen-b… ∗∗∗ Amazon-Geschenkkarte mit Banking-Trojaner Dridex ∗∗∗ --------------------------------------------- Ein unwillkommenes Mitbringsel präsentiert eine angebliche Amazon-Geschenkkarte. Unaufmerksame Verbraucher werden mit dem Banking-Trojaner Dridex bestohlen. --------------------------------------------- https://www.zdnet.de/88391026/amazon-geschenkkarte-mit-banking-trojaner-dri… ∗∗∗ Hacker missbrauchen Citrix-Geräte für DDoS-Attacken ∗∗∗ --------------------------------------------- Bedrohungsakteure haben eine Möglichkeit entdeckt, Junk-Web-Traffic gegen Citrix ADC-Netzwerkgeräte zu verstärken, um Distributed Denial of Service (DDoS)-Angriffe zu starten. --------------------------------------------- https://www.zdnet.de/88391041/hacker-missbrauchen-citrix-geraete-fuer-ddos-… ∗∗∗ DevOps und Security im Einklang ∗∗∗ --------------------------------------------- DevOps-Teams sehen Sicherheit oft als Innovationsbremse. Wir geben einige Tipps, wie Sie effektive Entwicklerarbeit und Security unter einen Hut bringen. --------------------------------------------- https://www.zdnet.de/88391052/devops-und-security-im-einklang/ ∗∗∗ CrowdStrike releases free Azure security tool after failed hack ∗∗∗ --------------------------------------------- Leading cybersecurity firm CrowdStrike was notified by Microsoft that threat actors had attempted to read the companys emails through compromised by Microsoft Azure credentials. --------------------------------------------- https://www.bleepingcomputer.com/news/security/crowdstrike-releases-free-az… ∗∗∗ GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic ∗∗∗ --------------------------------------------- A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script. --------------------------------------------- https://www.bleepingcomputer.com/news/security/github-hosted-malware-calcul… ∗∗∗ Multi-platform card skimmer found on Shopify, BigCommerce stores ∗∗∗ --------------------------------------------- A recently discovered multi-platform credit card skimmer can harvest payment info on compromised stores powered by Shopify, BigCommerce, Zencart, and Woocommerce. --------------------------------------------- https://www.bleepingcomputer.com/news/security/multi-platform-card-skimmer-… ∗∗∗ Third-Party APIs: How to Prevent Enumeration Attacks ∗∗∗ --------------------------------------------- Jason Kent, hacker-in-residence at Cequence, walks through online-retail card fraud and what to do about it. --------------------------------------------- https://threatpost.com/third-party-apis-enumeration-attacks/162589/ ∗∗∗ Analysis Dridex Dropper, IoC extraction (guest diary), (Wed, Dec 23rd) ∗∗∗ --------------------------------------------- A couple of weeks ago, I assisted Xavier when he taught FOR610 in (virtual) Frankfurt. Last week, one of our students (Nicklas Keijser) sent us this analysis that we decided to share as a guest diary. --------------------------------------------- https://isc.sans.edu/diary/rss/26920 ∗∗∗ CISA Releases Free Detection Tool for Azure/M365 Environment ∗∗∗ --------------------------------------------- CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and authentication-based attacks seen in multiple sectors. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2020/12/24/cisa-releases-fre… ∗∗∗ The History of DNS Vulnerabilities and the Cloud ∗∗∗ --------------------------------------------- We review the history of DNS vulnerabilities, particularly DNS cache poisoning, examining both past vulnerabilities and more advanced attacks. --------------------------------------------- https://unit42.paloaltonetworks.com/dns-vulnerabilities/ ===================== = Vulnerabilities = ===================== ∗∗∗ Project Zero: Schlecht gepatchte Windows-Lücke weiter ausnutzbar ∗∗∗ --------------------------------------------- Eine aktiv ausgenutzte Sicherheitslücke in Windows ist trotz Hinweisen von Google und einem unzureichenden Patch immer noch nicht behoben. --------------------------------------------- https://www.golem.de/news/project-zero-schlecht-gepatchte-windows-luecke-we… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (spip and sympa), Gentoo (c-ares, cherokee, curl, dbus, firefox, gdk-pixbuf, haproxy, libass, nss, openssl, pdns, pdns-recursor, php, samba, tomcat, and webkit-gtk), and SUSE (java-1_8_0-ibm, openexr, and python3). --------------------------------------------- https://lwn.net/Articles/841225/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (xen) and SUSE (flac and openexr). --------------------------------------------- https://lwn.net/Articles/841243/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (horizon, kitty, python-apt, and roundcube), Fedora (libmaxminddb, mediawiki, mingw-binutils, and thunderbird), Mageia (erlang-rebar3), openSUSE (blosc, ceph, firefox, flac, kdeconnect-kde, openexr, ovmf, PackageKit, python3, thunderbird, and xen), and SUSE (thunderbird). --------------------------------------------- https://lwn.net/Articles/841378/ ∗∗∗ VU#429301: Veritas Backup Exec is vulnerable to privilege escalation due to OPENSSLDIR location ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/429301 ∗∗∗ VU#843464: SolarWinds Orion API authentication bypass allows remote command execution ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/843464 ∗∗∗ Security Bulletin: IBM MQ is affected by a vulnerability in Eclipse Jetty (CVE-2019-17638) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-v… ∗∗∗ Security Bulletin: tzdata has been updated to tzdata-2020d to address Fiji and Palestine time zone changes ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-tzdata-has-been-updated-t… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Samba affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Linux kernel and TMM vulnerability CVE-2020-25705 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K09604370 ∗∗∗ Linux kernel vulnerability CVE-2018-10675 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K40540405 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.12.2020
by Daily end-of-shift report 23 Dec '20

23 Dec '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 22-12-2020 18:00 − Mittwoch 23-12-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Emotet Returns to Hit 100K Mailboxes Per Day ∗∗∗ --------------------------------------------- Just in time for the Christmas holiday, Emotet is sending the gift of Trickbot. --------------------------------------------- https://threatpost.com/emotet-returns-100k-mailboxes/162584/ ∗∗∗ Sicherheitsalbtraum: Viele vernetzte Türklingeln lassen Hacker ins Haus ∗∗∗ --------------------------------------------- Günstige digitale Videoklingeln weisen schwere Sicherheitslücken wie Authentifizierungsprobleme auf und werden teils schon mit Softwarefehlern geliefert. --------------------------------------------- https://heise.de/-4998372 ∗∗∗ Millions of Devices Affected by Vulnerabilities Used in Stolen FireEye Tools ∗∗∗ --------------------------------------------- Millions of devices are exposed to potential attacks exploiting the vulnerabilities used in the tools that threat actors recently stole from FireEye, security and compliance solutions provider Qualys reported on Tuesday. --------------------------------------------- https://www.securityweek.com/millions-devices-affected-vulnerabilities-used… ∗∗∗ Video: So erkennen Sie betrügerische Notdienste! ∗∗∗ --------------------------------------------- Bei einem Wasserrohrbruch, einem Gasgebrechen oder bei einem Stromausfall, muss es meist schnell gehen. Für die Überprüfung eines Installations- oder Elektrik-Notdienstes bleibt da oft keine Zeit mehr. Das nützen BetrügerInnen aus: Sie bieten online einen Notdienst an, kommen auch tatsächlich, aber stellen viel zu überhöhte Kosten in Rechnung und der Schaden wird oftmals nur oberflächlich behoben. --------------------------------------------- https://www.watchlist-internet.at/news/video-so-erkennen-sie-betruegerische… ∗∗∗ Trendthema BEC-Attacken und COVID-19-Scamming ∗∗∗ --------------------------------------------- Spear-Phishing, Business Email Compromise (BEC) oder Cyberbetrug im Zusammenhang mit COVID-19 sind Beispiele, wie sich Angreifer schnell an aktuelle Ereignisse anpassen und neue Tricks anwenden, um Angriffe erfolgreich auszuführen, wie der Spear-Phishing-Report 2020 von Barracuda zeigt. --------------------------------------------- https://www.zdnet.de/88391006/trendthema-bec-attacken-und-covid-19-scamming/ ∗∗∗ Hentai Oniichan Ransomware ∗∗∗ --------------------------------------------- VMRay has published a blog detailing a ransomware package called Hentai Oniichan. Two variants of this family, King Engine and Beserker, were observed in the wild during their investigation. --------------------------------------------- https://exchange.xforce.ibmcloud.com/collection/1b1c396cce25259b8bc5e806b35… ===================== = Vulnerabilities = ===================== ∗∗∗ QNAP fixes high severity QTS, QES, and QuTS hero vulnerabilities ∗∗∗ --------------------------------------------- QNAP has released security updates to fix multiple high severity security vulnerabilities impacting network-attached storage (NAS) devices running the QES, QTS, and QuTS hero operating systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/qnap-fixes-high-severity-qts… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (awstats and mediawiki), Fedora (mbedtls and pngcheck), openSUSE (firefox and thunderbird), Oracle (gnutls, go-toolset:ol8, pacemaker, postgresql:10, postgresql:12, and postgresql:9.6), and SUSE (clamav, groovy, jetty-minimal, and xen). --------------------------------------------- https://lwn.net/Articles/841163/ ∗∗∗ Security Advisory - Memory Leak Vulnerability in Huawei CloudEngine Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201223-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in Websphere Liberty server (WLP) affects IBM Cloud Application Business Insights ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to a Denial of Service on Windows (CVE-2020-4642) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM SDK, Java affects IBM Cloud Application Business Insights ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ cURL vulnerability CVE-2019-5482 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41523201 ∗∗∗ Asterisk: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1259 ∗∗∗ QNAP NAS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1261 ∗∗∗ Grafana: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1260 ∗∗∗ Joomla: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1256 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.12.2020
by Daily end-of-shift report 22 Dec '20

22 Dec '20

===================== = End-of-Day report = ===================== Timeframe: Montag 21-12-2020 18:00 − Dienstag 22-12-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Ransomware Task Force gegründet ∗∗∗ --------------------------------------------- Verschiedene Sicherheitsspezialisten haben die Ransomware Taks Force aus der Taufe gehoben. Zu den Gründungsmitgliedern gehören bekannte Namen wie Microsoft, McAfee und Citrix, aber auch kleinere Hersteller und gemeinnützige Organisationen. --------------------------------------------- https://www.zdnet.de/88390942/ransomware-task-force-gegruendet/ ∗∗∗ Least Privilege Application Management - A Lesson Learned from SolarWinds Orion ∗∗∗ --------------------------------------------- The sophisticated, nation-state assault used to infiltrate SolarWinds Orion and then leveraged to compromise potentially thousands of its customers is astonishing in scope and potential fallout. --------------------------------------------- https://www.beyondtrust.com/blog/entry/least-privilege-application-manageme… ∗∗∗ Smart Doorbell Disaster: Many Brands Vulnerable to Attack ∗∗∗ --------------------------------------------- Investigation reveals device sector is problem plagued when it comes to security bugs. --------------------------------------------- https://threatpost.com/smart-doorbell-vulnerable-to-attack/162527/ ∗∗∗ Patrick Wardle on Hackers Leveraging 'Powerful' iOS Bugs in High-Level Attacks ∗∗∗ --------------------------------------------- Noted Apple security expert Patrick Wardle discusses how cybercriminals are stepping up their game in targeting Apple users with new techniques and cyberattacks. --------------------------------------------- https://threatpost.com/patrick-wardle-on-hackers-leveraging-powerful-ios-bu… ∗∗∗ Threat Actors Increasingly Using VBA Purging in Attacks ∗∗∗ --------------------------------------------- Cyberattacks relying on malicious Office documents have increasingly leveraged a relatively new technique called VBA Purging, FireEye said over the weekend, when it also announced the availability of a related open source tool. --------------------------------------------- https://www.securityweek.com/threat-actors-increasingly-using-vba-purging-a… ∗∗∗ Increase in Drive-by Attacks Using SocGholish ∗∗∗ --------------------------------------------- The SocGholish framework is commonly used to distribute fake updates for applications such as Chrome, Firefox, Flash Player, and Microsoft Teams through drive-by downloads. Menlo Labs has reported an uptick in attacks using SocGholish. --------------------------------------------- https://exchange.xforce.ibmcloud.com/collection/ef2a09a8bb57d90f200a51af745… ∗∗∗ Meyhod - Yet Another Magecart Skimmer ∗∗∗ --------------------------------------------- Discovered by RiskIQ in October, Meyhod is a Magecart skimmer that researchers observed on several sites, in some cases it has been present on a site for months. The IP address that is hosting the malicious JavaScript code has several other domains associated with it that are suspected to be malicious. --------------------------------------------- https://exchange.xforce.ibmcloud.com/collection/5a493a06b3a2fa9585d3f239007… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke mit maximaler Gefahreneinstufung in Wyse-Thin-Clients von Dell ∗∗∗ --------------------------------------------- Zwei kritische Sicherheitslücken gefährden Dell-PCs der Wyse-Thin-Serie. Updates sind verfügbar. --------------------------------------------- https://heise.de/-4997456 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel and thunderbird), Debian (openjdk-8 and webkit2gtk), Fedora (gdm, mingw-openjpeg2, and openjpeg2), Mageia (compat-openssl10, golang-googlecode-net, mbedtls, openssl, and virtualbox), openSUSE (ovmf and xen), Red Hat (kernel, mariadb-connector-c, mariadb:10.3, postgresql:10, and postgresql:9.6), and SUSE (ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, [...] --------------------------------------------- https://lwn.net/Articles/841099/ ∗∗∗ Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554) ∗∗∗ --------------------------------------------- A currently unpatched, medium-severity issue affecting all Kubernetes versions, CVE-2020-8554 can be mitigated in several ways. --------------------------------------------- https://unit42.paloaltonetworks.com/cve-2020-8554/ ∗∗∗ BlackBerry Powered by Android Security Bulletin - December 2020 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect IBM Spectrum Conductor and IBM Spectrum Conductor with Spark ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Bind affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Apache Poi as used by IBMQRadar SIEM is vulnerable to information disclosure (CVE-2019-12415, CVE-2017-12626) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-poi-as-used-by-ibm… ∗∗∗ Apache Struts vulnerability CVE-2020-17530 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K24608264 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.12.2020
by Daily end-of-shift report 21 Dec '20

21 Dec '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 18-12-2020 18:00 − Montag 21-12-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Aktuelle Welle mit Ping-Anrufen ∗∗∗ --------------------------------------------- Die Rundfunk und Telekom Regulierungs-GmbH (RTR) erhält derzeit vermehrt Meldungen zu Ping-Anrufen aus dem Ausland. Die Anrufe kommen insbesondere aus Tunesien (+216), Abchasien (+79407), der Schweiz (+41748) und Uganda (+256). Hier darf nicht zurückgerufen oder abgehoben werden, denn dies kann hohe Kosten verursachen. --------------------------------------------- https://www.watchlist-internet.at/news/aktuelle-welle-mit-ping-anrufen/ ∗∗∗ Gitpaste-12 worm botnet returns with 30+ vulnerability exploits ∗∗∗ --------------------------------------------- Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with over 30 vulnerability exploits, according to researchers at Juniper Labs. --------------------------------------------- https://www.bleepingcomputer.com/news/security/gitpaste-12-worm-botnet-retu… ∗∗∗ Hacker Dumps Crypto Wallet Customer Data; Active Attacks Follow ∗∗∗ --------------------------------------------- Customer data from a June attack against cryptocurrency wallet firm Ledger is now public and actively being used in attacks. --------------------------------------------- https://threatpost.com/ledger-dump-active-attacks-follow/162477/ ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-20-1452: (0Day) Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1452/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, influxdb, lxml, node-ini, php-pear, and postsrsd), Fedora (chromium, curl, firefox, matrix-synapse, mingw-jasper, phpldapadmin, and thunderbird), Mageia (openjpeg2), openSUSE (gcc7, openssh, PackageKit, python-urllib3, slurm_18_08, and webkit2gtk3), Oracle (fapolicydbug, firefox, nginx:1.16, nodejs:12, and thunderbird), Red Hat (libpq, openssl, and thunderbird), and SUSE (curl, firefox, openssh, ovmf, slurm_17_11, slurm_18_08, slurm_20_02, and [...] --------------------------------------------- https://lwn.net/Articles/840972/ ∗∗∗ Authentication Bypass Vulnerability Patched in Bouncy Castle Library ∗∗∗ --------------------------------------------- A high-severity authentication bypass vulnerability was recently addressed in the Bouncy Castle cryptography library. Founded in 2000, the project represents a collection of APIs used in cryptography for both Java and C#, with a strong emphasis on standards compliance and adaptability. --------------------------------------------- https://www.securityweek.com/authentication-bypass-vulnerability-patched-bo… ∗∗∗ Treck TCP/IP Stack ∗∗∗ --------------------------------------------- This advisory contains mitigations for Heap-based Buffer Overflow, Out-of-bounds Read, and Out-of-bounds Write vulnerabilities in Trecks TCP/IP stack, which may also be known as Kasago TCP/IP, ELMIC, Net+ OS, Quadnet, GHNET v2, Kwiknet, or AMX. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-20-353-01 ∗∗∗ December 21, 2020 TNS-2020-11 [R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2020-11 ∗∗∗ HCL Domino und Notes: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1254 ∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Denial of Service und Codeausführung ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1252 ∗∗∗ Security Bulletin: Information disclosure and Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4794 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-an… ∗∗∗ Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential logout session timeout (CVE-2020-4555) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-man… ∗∗∗ Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential logout session timeout (CVE-2020-4555) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-man… ∗∗∗ Security Bulletin: IBM MQ could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. (CVE-2020-4592) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-an-aut… ∗∗∗ Security Bulletin: Vulnerability in BIND affects AIX (CVE-2020-8622) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-aff… ∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by denial of service vulnerabilities (CVE-2020-5481, CVE-2020-4580, CVE-2020-4579) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential logout session timeout (CVE-2020-4555) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-man… ∗∗∗ Security Bulletin: Financial Transaction Manager for Corporate Payment Services v2.1.1 is affected by a potential logout session timeout (CVE-2020-4555) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-man… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.12.2020
by Daily end-of-shift report 18 Dec '20

18 Dec '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 17-12-2020 18:00 − Freitag 18-12-2020 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Security baseline (FINAL) for Windows 10 and Windows Server, version 20H2 ∗∗∗ --------------------------------------------- We are pleased to announce the final release of the for Windows 10 and Windows Server, version 20H2 (a.k.a. October 2020 Update) security baseline package! --------------------------------------------- https://techcommunity.microsoft.com/t5/microsoft-security-baselines/securit… ∗∗∗ A slightly optimistic tale of how patching went for CVE-2019-19781, (Fri, Dec 18th) ∗∗∗ --------------------------------------------- Since we could all probably use a little distraction from the current Solarigate/SUNBURST news, I thought it might be good to look at something a little bit more positive today. Specifically, at how patching of CVE-2019-19781 AKA "Shitrix" AKA "one of the more famous named vulnerabilities from the end of 2019" went. --------------------------------------------- https://isc.sans.edu/diary/rss/26900 ∗∗∗ E-Mails mit gefälschten Domain-Rechnungen im Umlauf ∗∗∗ --------------------------------------------- Derzeit erhalten Unternehmen E-Mails, in denen vorgegeben wird, dass sie für eine Domainregistrierung die Rechnung bezahlen müssten. Tatsächlich haben die EmpfängerInnen jedoch keinen derartigen Auftrag erteilt. Daher sollten Sie nichts bezahlten und die E-Mail ignorieren. --------------------------------------------- https://www.watchlist-internet.at/news/e-mails-mit-gefaelschten-domain-rech… ∗∗∗ SUPERNOVA: SolarStorm’s Novel .NET Webshell ∗∗∗ --------------------------------------------- The SolarStorm actors behind the supply chain attack on SolarWinds' Orion software have demonstrated a high degree of technical sophistication and attention to operational security, as well as a novel combination of techniques in the potential compromise of approximately 18,000 SolarWinds customers. As published in the original disclosure, the attackers were observed removing their initial backdoor once a more legitimate method of persistence was obtained. --------------------------------------------- https://unit42.paloaltonetworks.com/solarstorm-supernova/ ∗∗∗ Operation SignSight: Supply‑chain attack against a certification authority in Southeast Asia ∗∗∗ --------------------------------------------- ESET researchers uncovered this new supply-chain attack in early December 2020 and notified the compromised organization and the VNCERT. We believe that the website has not been delivering compromised software installers as of the end of August 2020 and ESET telemetry data does not indicate the compromised installers being distributed anywhere else. The Vietnam Government Certification Authority confirmed that they were aware of the attack before our notification and that they notified the users who downloaded the trojanized software. --------------------------------------------- https://www.welivesecurity.com/2020/12/17/operation-signsight-supply-chain-… ∗∗∗ Updates zu SolarWinds Orion ∗∗∗ --------------------------------------------- Die Situation um den Supply-Chain Angriff auf SolarWinds Orion Produkt ist um einige Facetten reichter geworden: --------------------------------------------- https://cert.at/de/aktuelles/2020/12/updates-zu-solarwinds-orion ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-20-1452: NETGEAR Multiple Routers mini_httpd Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1452/ ∗∗∗ ZDI-20-1451: NETGEAR Multiple Routers mini_httpd Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1451/ ∗∗∗ VMSA-2020-0029 VMware ESXi, Workstation, Fusion and Cloud Foundation updates address a denial of service vulnerability (CVE-2020-3999) ∗∗∗ --------------------------------------------- A denial of service vulnerability in VMware ESXi, Workstation and Fusion was privately reported to VMware. Updates are available to address this vulnerability in affected VMware products. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0029.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (blueman, chromium, gdk-pixbuf2, hostapd, lib32-gdk-pixbuf2, minidlna, nsd, pam, and unbound), CentOS (gd, openssl, pacemaker, python-rtslib, samba, and targetcli), Debian (kernel, lxml, and mediawiki), Fedora (mbedtls), openSUSE (clamav and openssl-1_0_0), Oracle (firefox and openssl), Red Hat (openssl, postgresql:12, postgresql:9.6, and thunderbird), Scientific Linux (openssl and thunderbird), and SUSE (cyrus-sasl, openssh, slurm_18_08, and webkit2gtk3). --------------------------------------------- https://lwn.net/Articles/840731/ ∗∗∗ D-LINK Router DSL-2888A: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in D-LINK Router ausnutzen, um die Authentisierung zu umgehen, seine Rechte zu erweitern, Code auszuführen oder Informationen offenzulegen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-1246 ∗∗∗ Security Bulletin: z/TPF is affected by an OpenSSL vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-z-tpf-is-affected-by-an-o… ∗∗∗ Security Bulletin: IBM Planning Analytics has addressed a security vulnerability (CVE-2020-4764) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-ha… ∗∗∗ Security Bulletin: Version 12.18.0 of Node.js included in IBM Netcool Operations Insight 1.6.2.x has several security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-version-12-18-0-of-node-j… ∗∗∗ Emerson Rosemount X-STREAM ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-20-352-01 ∗∗∗ PTC Kepware KEPServerEX ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 ∗∗∗ PTC Kepware LinkMaster ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-20-352-03 ∗∗∗ ctrlX Products affected by OpenSSL Vulnerability CVE-2020-1971 ∗∗∗ --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-274557.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.12.2020
by Daily end-of-shift report 17 Dec '20

17 Dec '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 16-12-2020 18:00 − Donnerstag 17-12-2020 18:00 Handler: Robert Waldner Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ Maximizing Your Defense with Windows DNS Logging ∗∗∗ --------------------------------------------- In part 3 of 5 of this blog series, learn how to improve your log collection deployment. Follow a sample Windows log scenario and receive a deployment checklist to help optimize your DNS logging. --------------------------------------------- https://www.domaintools.com/resources/blog/maximizing-your-defense-with-win… ∗∗∗ IoT: Wenn Sicherheitsrisiken unter dem Weihnachtsbaum landen ∗∗∗ --------------------------------------------- Experten haben beliebte, vernetzte Gadgets auf Sicherheitslücken und Datenhunger untersucht und Erschreckendes festgestellt. --------------------------------------------- https://futurezone.at/netzpolitik/iot-wenn-sicherheitsrisiken-unterm-weihna… ∗∗∗ DNS Logs in Public Clouds, (Wed, Dec 16th) ∗∗∗ --------------------------------------------- The current Solarwinds/Sunburst/Fireeye incident and its associated command&control (C2) traffic to avsvmcloud[.]com domains have spurred potentially affected Solarwinds customers to searching their logs and data for any presence of this C2 domain. --------------------------------------------- https://isc.sans.edu/diary/rss/26892 ∗∗∗ The NoneNone Brute Force Attacks: Even Hackers Need QA ∗∗∗ --------------------------------------------- For the last few weeks we’ve seen and blocked an increase in brute-force, credential stuffing, and dictionary attacks targeting the WordPress xmlrpc.php endpoint, on some days exceeding 150 million attacks against 1.9 million sites in a 24-hour period. --------------------------------------------- https://www.wordfence.com/blog/2020/12/the-nonenone-brute-force-attacks-eve… ===================== = Vulnerabilities = ===================== ∗∗∗ WordPress plugin with 5 million installs has a critical vulnerability ∗∗∗ --------------------------------------------- The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch. The vulnerable plugin, Contact Form 7, has over 5 million active installations making this upgrade a necessity for WordPress site owners out there. --------------------------------------------- https://www.bleepingcomputer.com/news/security/wordpress-plugin-with-5-mill… ∗∗∗ CVE-2020-25695 Privilege Escalation in Postgresql ∗∗∗ --------------------------------------------- This is my first and probably only post for the year, and covers a fun privilege escalation vulnerability I found in Postgresql. This affects all supported versions of Postgresql going back to 9.5, it is likely it affects most earlier versions as well. (Notiz: fehlerbereinigte Versionen wurden am 12. Nov. 2020 veröffentlicht.) --------------------------------------------- https://staaldraad.github.io/post/2020-12-15-cve-2020-25695-postgresql-priv… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, sympa, thunderbird, tomcat8, and xerces-c), Fedora (fprintd, kernel, libfprint, and synergy), Mageia (bitcoin, dpic, firefox, jasper, jupyter-notebook, sam2p, thunderbird, and x11-server), Oracle (firefox, gd, kernel, net-snmp, openssl, python-rtslib, samba, and targetcli), Red Hat (fapolicyd, openshift, Red Hat Virtualization, and web-admin-build), SUSE (xen), and Ubuntu (unzip). --------------------------------------------- https://lwn.net/Articles/840583/ ∗∗∗ Security Advisory - Out Of Bound Read Vulnerability in Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201216-… ∗∗∗ Security Advisory - Use after Free Vulnerability in Huawei Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201216-… ∗∗∗ Security Advisory - Information Leak Vulnerability in Huawei Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201216-… ∗∗∗ Security Advisory - Resource Management Errors Vulnerability in Huawei Smartphone Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201216-… ∗∗∗ Security Bulletin: A GNU glibc vulnerability affects IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-gnu-glibc-vulnerability… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: Spring Framework vulnerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-spring-framework-vulnerab… ∗∗∗ Security Bulletin: Apache Tomcat vulnerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-tomcat-vulnerabili… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Java Vulnerablity affects IBM Watson Speech Services for Cloud Pak for Data 1.2 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerablity-affects… ∗∗∗ Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Manager previously known as IBM Security Privilege Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Performance Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ F5 BIG-IP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-1245 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.12.2020
by Daily end-of-shift report 16 Dec '20

16 Dec '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 15-12-2020 18:00 − Mittwoch 16-12-2020 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Video: Sicher einkaufen im Amazon Marketplace ∗∗∗ --------------------------------------------- Auf Amazon können Sie direkt von Amazon, aber auch von unabhängigen Marketplace-Händlerinnen und Händlern bestellen. Vor allem im Marketplace treiben aber auch Kriminelle ihr Unwesen! In diesem Video erfahren Sie, was der Marketplace ist und vor allem wie Sie auch im Marketplace sicher bestellen. --------------------------------------------- https://www.watchlist-internet.at/news/video-sicher-einkaufen-im-amazon-mar… ===================== = Vulnerabilities = ===================== ∗∗∗ HPE discloses critical zero-day in server management software ∗∗∗ --------------------------------------------- Hewlett Packard Enterprise (HPE) has disclosed a zero-day bug in the latest versions of its proprietary HPE Systems Insight Manager (SIM) software for Windows and Linux. While security updates are not yet available for this remote code execution (RCE) vulnerability, HPE has provided Windows mitigation info and is working on addressing the zero-day. ... The vulnerability ... is tracked as CVE-2020-7200 and it affects HPE Systems Insight Manager (SIM) 7.6.x. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hpe-discloses-critical-zero-… ∗∗∗ VMSA-2020-0028 VMware Carbon Black Cloud macOS Sensor installer file overwrite issue (CVE-2020-4008) ∗∗∗ --------------------------------------------- The installer of the macOS Sensor for VMware Carbon Black Cloud handles certain files in an insecure way. VMware has evaluated the severity of this issue to be in the Low severity range with a CVSSv3 base score of 3.6. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0028.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr), Fedora (mingw-openjpeg2, openjpeg2, and synergy), openSUSE (audacity and gdm), Oracle (libexif, libpq, and thunderbird), Red Hat (firefox, gnutls, go-toolset:rhel8, java-1.7.1-ibm, java-1.8.0-ibm, kernel, kernel-rt, linux-firmware, mariadb-connector-c, mariadb:10.3, memcached, net-snmp, nginx:1.16, nodejs:12, openssl, pacemaker, postgresql:10, python-django-horizon, python-XStatic-Bootstrap-SCSS, python-XStatic-jQuery, python-XStatic-jQuery224 and python-django-horizon), Scientific Linux (gd, kernel, pacemaker, python-rtslib, samba and targetcli), SUSE (PackageKit, openssh, spice and spice-gtk), Ubuntu (firefox and imagemagick). --------------------------------------------- https://lwn.net/Articles/840398/ ∗∗∗ ABB Central Licensing System Vulnerabilities, impact on Symphony Plus, Composer Harmony, Composer Melody, Harmony OPC Server ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2PAA123981&Language… ∗∗∗ ABB Multiple Vulnerabilities in Symphony PlusHistorian ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&Language… ∗∗∗ ABB Multiple Vulnerabilities in Symphony Plus Operations ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&Language… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200318-… ∗∗∗ Security Advisory - Out of Bound Read Vulnerability in Huawei Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201216-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Huawei Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201216-… ∗∗∗ Security Advisory - Out Of Bound Read Vulnerability in Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201216-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: PostgresSQL JDBC Driver as used in IBM QRadar SIEM is vulnerable to information disclosure (CVE-2020-13692) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-postgressql-jdbc-driver-a… ∗∗∗ Security Bulletin: Open Source Security issues for NPS console. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-open-source-security-issu… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Apache Santuario as used in IBM QRadar SIEM is vulnerable to improper input validation (CVE-2019-12400) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-santuario-as-used-… ∗∗∗ Security Bulletin: IBM RackSwitch firmware products are affected by a vulnerability in the Kernel (CVE-2020-12464) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-p… ∗∗∗ Security Bulletin: A security vulnerability in Node.js npm package affects IBM Cloud Pak for Multicloud Management Managed Service. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: App Connect Enterprise Certified Container may be vulnerable to buffer overflows, Denial of Service or HTTP request smuggling ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-ce… ∗∗∗ Security Bulletin: Netcool Operations Insight – Cloud Native Event Analytics is affected by an Apache Commons Codec vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insigh… ∗∗∗ Security Bulletin: A security vulnerability in Node.js node-forge module affects IBM Cloud Pak for Multicloud Management Managed Service. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ QEMU vulnerability CVE-2020-14364 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K09081535?utm_source=f5support&utm_mediu… ∗∗∗ QEMU vulnerability CVE-2020-25084 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41301038?utm_source=f5support&utm_mediu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.12.2020
by Daily end-of-shift report 15 Dec '20

15 Dec '20

===================== = End-of-Day report = ===================== Timeframe: Montag 14-12-2020 18:00 − Dienstag 15-12-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ SolarWinds hackers have a clever way to bypass multi-factor authentication ∗∗∗ --------------------------------------------- Hackers who hit SolarWinds compromised a think tank three separate times. --------------------------------------------- https://arstechnica.com/?p=1729836 ∗∗∗ Paypal‑Betrugsmaschen – Wie Sie sich schützen können ∗∗∗ --------------------------------------------- Paypal ist einer der größten und beliebtesten Zahlungsdienste und daher im Fadenkreuz vieler Cyberkrimineller. Wie kann man sich vor deren Tricks schützen? --------------------------------------------- https://www.welivesecurity.com/deutsch/2020/12/15/betrugsmaschen-der-paypal… ∗∗∗ Vorsicht: Gefälschte Benachrichtigungen von Paketdiensten im Umlauf ∗∗∗ --------------------------------------------- Warten Sie gerade auf ein Paket? Dann nehmen Sie sich vor gefälschten Benachrichtigungen per E-Mail oder SMS im Namen der Post, DHL oder anderen Paketdiensten in Acht! Kriminelle fälschen E-Mails bekannter Zustelldienste und behaupten darin, es müssten 1-2 Euro Zustellungs- oder Zollgebühren bezahlt werden. Wird diese Gebühr per Kreditkarte bezahlt, buchen Kriminelle Monat für Monat 50-90 Euro ab. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-gefaelschte-benachrichtigun… ∗∗∗ Hospitals are leaving millions of sensitive medical images exposed online ∗∗∗ --------------------------------------------- Cybersecurity researchers discover millions of medical files and associated personal data left discoverable on the open web due to being stored insecurely. --------------------------------------------- https://www.zdnet.com/article/hospitals-are-leaving-millions-of-sensitive-m… ===================== = Vulnerabilities = ===================== ∗∗∗ Xen Security Advisories ∗∗∗ --------------------------------------------- Xen has released 15 Security Advisories. --------------------------------------------- https://xenbits.xen.org/xsa/ ∗∗∗ URL Spoofing Vulnerability in Bitdefender SafePay (VA-8958) ∗∗∗ --------------------------------------------- An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects Bitdefender Antivirus Plus versions prior to 25.0.7.29. --------------------------------------------- https://www.bitdefender.com/support/security-advisories/url-spoofing-vulner… ∗∗∗ Apple security updates ∗∗∗ --------------------------------------------- Apple has released the following security updates: iOS 14.3 and iPadOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Server 5.11, tvOS 14.3, watchOS 7.2, Safari 14.0.2, iOS 12.5, watchOS 6.3 --------------------------------------------- https://support.apple.com/en-us/HT201222 ∗∗∗ libarchive vulnerability CVE-2017-5601 ∗∗∗ --------------------------------------------- An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive. [...] The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations. --------------------------------------------- https://support.f5.com/csp/article/K50543013 ∗∗∗ SECURITY BULLETIN: December 2020 Security Bulletin for Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 ∗∗∗ --------------------------------------------- Trend Micro has made a Critical Patch (CP) available for Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2. This CP addresses multiple vulnerabilities related to CRSF protection bypass, cross-site scripting (XSS), authorization/authentication bypass, command execution and unauthenticated command injections. --------------------------------------------- https://success.trendmicro.com/solution/000283077 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libxstream-java and xen), Fedora (curl), openSUSE (curl, kernel, mariadb, and openssl-1_1), Oracle (kernel, libexif, thunderbird, and xorg-x11-server), Red Hat (curl, gd, kernel, kernel-rt, linux-firmware, net-snmp, openssl, pacemaker, python-rtslib, samba, targetcli, and xorg-x11-server), Scientific Linux (libexif, thunderbird, and xorg-x11-server), and SUSE (clamav, gdm, and kernel). --------------------------------------------- https://lwn.net/Articles/840217/ ∗∗∗ Synology-SA-20:28 File Station ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to read arbitrary files via a susceptible version of File Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_28 ∗∗∗ Citrix Hypervisor Security Update ∗∗∗ --------------------------------------------- Several security issues have been identified that, collectively, may allow privileged code running in a guest VM to compromise the host or cause a denial of service. --------------------------------------------- https://support.citrix.com/article/CTX286756 ∗∗∗ WAGO Series 750-88x and 750-352 (Update A) ∗∗∗ --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-20-308-01 WAGO Series 750-88x and 750-352 that was published November 3, 2020, on the ICS webpage on us-cert.gov. This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the WAGO Fieldbus Ethernet coupler. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-20-308-01 ∗∗∗ Eclipse Jetty vulnerability CVE-2019-10241 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01869532 ∗∗∗ HCL Domino: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1237 ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1238 ∗∗∗ Security Bulletin: A security vulnerability in angular.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Gradle version in IBP javaenv and dind images depends on vulnerable Apache Ant ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-gradle-version-in-ibp-jav… ∗∗∗ Security Bulletin: A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management Managed Service. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Vulnerability in nss and nspr CVE-2019-17006. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nss-and-… ∗∗∗ Security Bulletin: A vulnerability have been identified in jwt-go shipped with IBM Netcool Operations Insight Event Integrations Operator (CVE-2020-26160) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-have-been… ∗∗∗ Security Bulletin: A security vulnerability in Node.js serialize-javascript affects IBM Cloud Pak for Multicloud Management Managed Service. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBP javaenv and dind images ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibp-javaenv-and-dind-imag… ∗∗∗ Security Bulletin: A security vulnerability in Node.js acorn and bootstrap-select affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management Managed Service. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Vulnerability in libssh2 CVE-2019-17498. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-libssh2-… ∗∗∗ ZDI-20-1444: (0Day) Eaton EASYsoft E70 File Parsing Type Confusion Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1444/ ∗∗∗ ZDI-20-1443: (0Day) Eaton EASYsoft E70 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1443/ ∗∗∗ ZDI-20-1442: (0Day) Eaton EASYsoft E70 File Parsing Type Confusion Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1442/ ∗∗∗ ZDI-20-1441: (0Day) Eaton EASYsoft E70 File Parsing Type Confusion Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1441/ ∗∗∗ ZDI-20-1429: D-Link DAP-1860 uhttpd Authentication Bypass Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1429/ ∗∗∗ ZDI-20-1428: D-Link DAP-1860 HNAP Authorization Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1428/ ∗∗∗ ZDI-20-1427: D-Link Multiple Routers dhttpd Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1427/ ∗∗∗ ZDI-20-1426: D-Link Multiple Routers dhttpd Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1426/ ∗∗∗ ZDI-20-1438: (0Day) D-Link DCS-960L HTTP Authorization Header Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1438/ ∗∗∗ ZDI-20-1437: (0Day) D-Link DCS-960L HNAP LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1437/ ∗∗∗ ZDI-20-1436: (0Day) D-Link DCS-960L HNAP Login Cookie Format String Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1436/ ∗∗∗ ZDI-20-1435: (0Day) D-Link DCS-960L HNAP Cookie Format String Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1435/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.12.2020
by Daily end-of-shift report 14 Dec '20

14 Dec '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 11-12-2020 18:00 − Montag 14-12-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Backdoor in SolarWinds Orion ∗∗∗ --------------------------------------------- Nach einem erfolgreichen Angriff auf den IT-Security-Dienstleister FireEye in der vergangen Woche, wurden neue Informationen zu dem Vorfall veröffentlicht. Wie nun bekannt wurde, erfolgten die Angriffe mittels einer sogenannten "Supply-Chain-Attack"; sowohl SolarWinds als auch FireEye berichten, dass die AngreiferInnen bei einem erfolgreichen Angriff auf SolarWinds eine Hintertür in Updates für das Produkt "SolarWinds Orion" eingeschleust haben. Betroffen sind [...] --------------------------------------------- https://cert.at/de/aktuelles/2020/12/backdoor-in-solarwinds-orion ∗∗∗ pfSense Firewall Configuration Audit with pfAudit ∗∗∗ --------------------------------------------- pfSense is a very popular free and open source firewall solution. It does not only provide classic firewall services but has plenty of features like VPN server or can offer DNS, DHCP, proxy services [...] --------------------------------------------- https://blog.rootshell.be/2020/12/14/pfsense-firewall-configuration-audit-w… ∗∗∗ PyMICROPSIA: New Information-Stealing Trojan from AridViper ∗∗∗ --------------------------------------------- We've identified a new information-stealing Trojan we call PyMICROPSIA, related to the previously identified MICROPSIA malware family. --------------------------------------------- https://unit42.paloaltonetworks.com/pymicropsia/ ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: Google schließt gefährliche Lücken in Android 8.0 bis 11 ∗∗∗ --------------------------------------------- Es sind wichtige Sicherheitsupdates für eine Reihe von Android-Versionen erschienen. Angreifer könnten unter anderem Schadcode ausführen. --------------------------------------------- https://heise.de/-4988647 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (lxml, openexr, openssl, and openssl1.0), Fedora (libpri, libxls, mediawiki, nodejs, opensc, php-wikimedia-assert, php-zordius-lightncandy, squeezelite, and wireshark), openSUSE (curl, openssh, openssl-1_0_0, python-urllib3, and rpmlint), Red Hat (libexif, libpq, and thunderbird), Slackware (p11), SUSE (kernel, Kubernetes, etcd, helm, openssl, openssl-1_0_0, and python), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, [...] --------------------------------------------- https://lwn.net/Articles/840110/ ∗∗∗ Zero-Day-Lücke im WordPress-SMTP-Plug-in erlaubt das Zurücksetzen von Admin-Passwörtern ∗∗∗ --------------------------------------------- Das Plug-in speichert eine Log-Datei in einem unter Umständen unsicheren Verzeichnis. Hacker erhalten so Zugriff auf die Datei, die auch Links zum Zurücksetzen von Administrator-Passwörtern aufzeichnet. Inzwischen steht ein Patch für die Schwachstelle zur Verfügung. --------------------------------------------- https://www.zdnet.de/88390454/zero-day-luecke-im-wordpress-smtp-plug-in-erl… ∗∗∗ BIND vulnerability CVE-2020-8624 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K91090139 ∗∗∗ Apache Struts vulnerability CVE-2012-0392 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K13434228 ∗∗∗ Apache Struts vulnerability CVE-2012-0391 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K20127031 ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Resilient Platform could allow formula injection in Excel (CVE-2020-4633) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-platform-co… ∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-… ∗∗∗ Security Bulletin: Security Vulnerabilities in GNU glibc affect IBM Cloud Pak for Data – GNU glibc (CVE-2020-1751) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validation of input. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-codec-coul… ∗∗∗ Security Bulletin: Apache Hadoop could allow a remote attacker to obtain sensitive information that could affect IBM Streams. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-hadoop-could-allow… ∗∗∗ Security Bulletin: App Connect Enterprise Certified Container may be vulnerable to man in the middle attack through use of OpenSSL (CVE-2019-1551) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-ce… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server October 2020 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Java vulnerability CVE-2020-2590 affecting IBM Streams ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerability-cve-20… ∗∗∗ Security Bulletin: Open Source Security issues for NPS service provider ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-open-source-security-issu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.12.2020
by Daily end-of-shift report 11 Dec '20

11 Dec '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 10-12-2020 18:00 − Freitag 11-12-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers ∗∗∗ --------------------------------------------- A persistent malware campaign has been actively distributing Adrozek, an evolved browser modifier malware at scale since at least May 2020. At its peak in August, the threat was observed on over 30,000 devices every day. The malware is designed to inject ads into search engine results pages and affects multiple browsers. --------------------------------------------- https://www.microsoft.com/security/blog/2020/12/10/widespread-malware-campa… ∗∗∗ Symantec Messaging Gateway könnte Passwörter leaken ∗∗∗ --------------------------------------------- Es ist ein wichtiges Sicherheitsupdate für Symantec Messaging Gateway erschienen. --------------------------------------------- https://heise.de/-4986723 ∗∗∗ PoC Released for Unpatched Windows Vulnerability Present Since 2006 ∗∗∗ --------------------------------------------- Details and a proof-of-concept (PoC) exploit have been released for an unpatched privilege escalation vulnerability in Windows related to the PsExec administration tool. The vulnerability was discovered by Tenable researcher David Wells and it was disclosed this week after Microsoft failed to release a patch within 90 days. --------------------------------------------- https://www.securityweek.com/poc-released-unpatched-windows-vulnerability-p… ∗∗∗ myusenet.de, bigusenet.de & Co.: Neue betrügerische Streaming-Plattformen führen in Abofalle! ∗∗∗ --------------------------------------------- Immer wieder berichtet die Watchlist Internet von betrügerischen Streaming-Plattformen, die in die Abofalle führen. Derzeit gehen zahlreiche Meldungen bei uns ein, die vor myusenet.de, foxusenet.de bigusenet.de und megausenet.de warnen. Diese neuen Streaming-Plattformen sehen zwar anders aus als die üblichen Fake-Streaming-Plattformen, die Masche bleibt aber die gleiche: Nach einer Registrierung, erhalten Sie eine Zahlungsaufforderung von 384 Euro. --------------------------------------------- https://www.watchlist-internet.at/news/myusenetde-bigusenetde-co-neue-betru… ∗∗∗ Update now: Researchers warn of security vulnerabilities in these widely used point-of-sale terminals ∗∗∗ --------------------------------------------- Security researchers disclose vulnerabilities including default passwords in two of the largest PoS manufacturers in the world. --------------------------------------------- https://www.zdnet.com/article/update-now-researchers-warn-of-security-vulne… ===================== = Vulnerabilities = ===================== ∗∗∗ Adobe Releases Security Updates for Acrobat and Reader ∗∗∗ --------------------------------------------- Adobe has released security updates to address a vulnerability in Acrobat and Reader. An attacker could exploit this vulnerability to obtain sensitive information. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2020/12/10/adobe-releases-se… ∗∗∗ Hotfix rüstet Firewalls und Router von Sophos gegen Attacken ∗∗∗ --------------------------------------------- Unter bestimmten Voraussetzungen könnten Angreifer das Netzwerkbetriebssystem Cyberoam attackieren. --------------------------------------------- https://heise.de/-4986665 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (minidlna and x11vnc), Fedora (pam), openSUSE (chromium, minidlna, nsd, openssl-1_1, and pngcheck), SUSE (gcc7 and kernel), and Ubuntu (lxml and squirrelmail). --------------------------------------------- https://lwn.net/Articles/839861/ ∗∗∗ OpenSSL vulnerability CVE-2020-1968 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K92451315 ∗∗∗ F5 TMM vulnerability CVE-2020-5950 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K05204103 ∗∗∗ F5 TMUI XSS vulnerability CVE-2020-5948 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42696541 ∗∗∗ TMM vulnerability CVE-2020-27713 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K37960100 ∗∗∗ BIG-IP LTM vulnerability CVE-2020-5949 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K20984059 ∗∗∗ Security Bulletin: IBM Resilient Platform could allow formula injection in Excel (CVE-2020-4633) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-platform-co… ∗∗∗ Security Bulletin: NGINX vulnerability CVE-2019-20372 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-nginx-vulnerability-cve-2… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow (CVE-2020-4701) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: Fixed CP4D timeout for IBM Netezza for Cloud Pak for Data 11.1.1.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-fixed-cp4d-timeout-for-ib… ∗∗∗ Security Bulletin: OpenSSL vulnerability CVE-2020-1968 impacts IBM Aspera Streaming/IBM Aspera Streaming for Video version 3.9.6.1 and earlier ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-cve… ∗∗∗ Security Bulletin: App Connect Enterprise Certified Container is vulnerable to code injection and Denial of Service attacks ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-ce… ∗∗∗ Security Bulletin: HAProxy vulnerability CVE-2019-18277 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-haproxy-vulnerability-cve… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4387) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: App Connect Enterprise Certified Container Integration Servers could cause a Denial of Service or a buffer overflow when using MQ ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-ce… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily