Daily

daily@lists.cert.at

1 participants
3086 discussions

Tageszusammenfassung - 28.07.2020
by Daily end-of-shift report 28 Jul '20

28 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Montag 27-07-2020 18:00 − Dienstag 28-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS Devices ∗∗∗ --------------------------------------------- Called QSnatch (or Derek), the data-stealing malware is said to have compromised 62,000 devices since reports emerged last October, with a high degree of infection in Western Europe and North America. ... "All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes," the US Cybersecurity and Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre (NCSC) said in the alert. --------------------------------------------- https://thehackernews.com/2020/07/qnap-nas-malware-attack.html ∗∗∗ Team Pangu demonstrated an unpatchable SEP vulnerability in iOS ∗∗∗ --------------------------------------------- Xu Hao a member of Team Pangu says they have found an “unpatchable” vulnerability on the Secure Enclave Processor (SEP) chip in iPhones. Hao presented his talk – Attack Secure Boot of SEP – on 24th July at MOSEC 2020 in Shanghai, China. --------------------------------------------- https://androidrookies.com/team-pangu-demonstrates-unpatchable-secure-encla… ∗∗∗ IT-Sicherheit: Public Cloud kann zum Einfallstor in Unternehmen werden ∗∗∗ --------------------------------------------- Schlecht gepflegte Workloads und Authentifizierungsschwächen in Cloud-Umgebungen untergraben die Sicherheit – von beidem gibt es reichlich, meint eine Studie. --------------------------------------------- https://heise.de/-4856561 ∗∗∗ Vorsicht: 500 Euro Amazon-Geschenkkarte führt in Abo-Falle ∗∗∗ --------------------------------------------- Freuen Sie sich nicht zu früh, wenn Sie eine 500 Euro Amazon-Geschenkkarte in Ihrem E-Mail-Posteingang finden. Sie werden in eine Abo-Falle gelockt, denn dieses E-Mail stammt nicht von Amazon! Klicken Sie nicht auf den Link und verschieben Sie das E-Mail in den Spam-Ordner. Haben Sie auf den Link geklickt und Kreditkartendaten angeführt, wird Ihnen Monat für Monat ein Betrag zwischen 50 und 90 Euro abgebucht! Lesen Sie hier, wie Sie dieses betrügerische Abo kündigen! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-500-euro-amazon-geschenkkar… ===================== = Vulnerabilities = ===================== ∗∗∗ Reverse String WooCommerce WordPress Credit Card Swiper ∗∗∗ --------------------------------------------- As 2020 continues to be the worst year in almost anybody’s lifetime, allow me to take this opportunity to stoke the fires of your existential dread even further. As a sequel to my last blog post earlier this year about the credit card swiper that I found on a WordPress ecommerce website using WooCommerce, today I found another very noteworthy infection of the same variety. --------------------------------------------- https://blog.sucuri.net/2020/07/reverse-string-woocommerce-wordpress-credit… ∗∗∗ TYPO3-CORE-SA-2020-008: Sensitive Information Disclosure ∗∗∗ --------------------------------------------- It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains .. --------------------------------------------- https://typo3.org/security/advisory/typo3-core-sa-2020-008 ∗∗∗ TYPO3-CORE-SA-2020-007: Potential Privilege Escalation ∗∗∗ --------------------------------------------- In case an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch typo3conf/LocalConfiguration.php which again contains the encryptionKey as well as credentials of the database management system being used. --------------------------------------------- https://typo3.org/security/advisory/typo3-core-sa-2020-007 ∗∗∗ TYPO3-PSA-2020-001: Critical vulnerability in legacy versions of TYPO3 CMS ∗∗∗ --------------------------------------------- It has been discovered that TYPO3 CMS is susceptible to sensitive information disclosure in previous TYPO3 versions which are not maintained by the community anymore. --------------------------------------------- https://typo3.org/security/advisory/typo3-psa-2020-001 ∗∗∗ TYPO3-EXT-SA-2020-014: Sensitive Information Disclosure in extension "Media Content Element" (mediace) ∗∗∗ --------------------------------------------- It has been discovered that the extension "Media Content Element" (mediace) is susceptible to Sensitive Information Disclosure. --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2020-014 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by openSUSE (cacti, cacti-spine, go1.13, SUSE Manager Client Tools, and tomcat), Red Hat (postgresql-jdbc and python-pillow), Slackware (mozilla), SUSE (python-Django and python-Pillow), and Ubuntu (clamav, librsvg, libslirp, linux-gke-5.0, linux-oem-osp1, linux-hwe, linux-azure-5.3, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-oracle-5.3, and sqlite3). --------------------------------------------- https://lwn.net/Articles/827232/ ∗∗∗ Security Vulnerabilities fixed in Thunderbird 78.1 ∗∗∗ --------------------------------------------- In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/ ∗∗∗ Security Vulnerabilities fixed in Firefox 79 ∗∗∗ --------------------------------------------- Severity: high - CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker - CVE-2020-6514: WebRTC data channel leaks internal address to peer - CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy - CVE-2020-15659: Memory safety bugs fixed in Firefox 79 --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/ ∗∗∗ JSA11041 - 2020-07 Security Bulletin: Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of large packets requiring fragmentation (CVE-2020-1655) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11041&actp=RSS ∗∗∗ JSA11036 - 2020-07 Security Bulletin:Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of small fragments requiring reassembly (CVE-2020-1649) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11036&actp=RSS ∗∗∗ Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service vulnerability (CVE-2020-4466) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulne… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: Pentest results for IBM Netcool Operations Insight found a security vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-pentest-results-for-ibm-n… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: XML parsing vulnerability in Apache Santuario might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2019-12400 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-xml-parsing-vulnerability… ∗∗∗ Security Bulletin: Security Bulletin: A Vulnerability in IBM® Java™ SDK and IBM® Java™ Runtime that affect IBM® Intelligent Operations Center products (CVE-2019-2949) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-a-vulne… ∗∗∗ Security Bulletin: SB0003782 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sb0003782/ ∗∗∗ Security Bulletin: Novalink is impacted by Swagger vulnerability affects WebSphere Application Server Liberty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-s… ∗∗∗ Security Bulletin: IBM Ingelligent Operations Center is Vulnerable to Stored Cross-Site Scripting (CVE-2020-4318) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-ingelligent-operation… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by multiple libxml2 vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.07.2020
by Daily end-of-shift report 27 Jul '20

27 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 24-07-2020 18:00 − Montag 27-07-2020 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ No More Ransom turns 4: Saves $632 million in ransomware payments ∗∗∗ --------------------------------------------- The No More Ransom Project celebrates its fourth anniversary today after helping over 4.2 million visitors recover from a ransomware infection and saving an estimated $632 million in ransom payments. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/no-more-ransom-turns-4-saves… ∗∗∗ ProLock ransomware – new report reveals the evolution of a threat ∗∗∗ --------------------------------------------- Ransomware crooks keep adjusting their approach to make their demands more compelling, even against companies that say theyd never pay up. --------------------------------------------- https://nakedsecurity.sophos.com/2020/07/27/prolock-ransomware-new-report-r… ∗∗∗ Cracking Maldoc VBA Project Passwords, (Sun, Jul 26th) ∗∗∗ --------------------------------------------- In diary entry "VBA Project Passwords" I explained that VBA project passwords in malicious documents don't hinder analysis: you can just extract the macros without knowing the password. It's only when you would perform a dynamic analysis with the step-by-step debugger of the VBA IDE, that the password would prevent you from doing this. But there are simple methods to remove the password, and then you can go ahead with your debugging. --------------------------------------------- https://isc.sans.edu/diary/rss/26390 ∗∗∗ Analyzing Metasploit ASP .NET Payloads, (Mon, Jul 27th) ∗∗∗ --------------------------------------------- I recently helped a friend with the analysis of a Metasploit ASP .NET payload. --------------------------------------------- https://isc.sans.edu/diary/rss/26392 ∗∗∗ Ensiko: A Webshell With Ransomware Capabilities ∗∗∗ --------------------------------------------- Ensiko is a PHP web shell with ransomware capabilities that targets various platforms such as Linux, Windows, macOS, or any other platform that has PHP installed. The malware has the capability to remotely control the system and accept commands to perform malicious activities on the infected machine. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/ensiko-a-webshe… ∗∗∗ Jetzt patchen! Angreifer attackieren BIG-IP Appliances von F5 ∗∗∗ --------------------------------------------- Derzeit haben Angreifer eine kritische Sicherheitslücke in verschiedenen BIG-IP Appliances im Visier. Sicherheitsupdates sind verfügbar. --------------------------------------------- https://heise.de/-4852900 ∗∗∗ Evolution of Valak, from Its Beginnings to Mass Distribution ∗∗∗ --------------------------------------------- Valak is an information stealer and malware loader that has become increasingly common in our threat landscape and is being mass distributed by an actor known as Shathak/TA551.The post Evolution of Valak, from Its Beginnings to Mass Distribution appeared first on Unit42. --------------------------------------------- https://unit42.paloaltonetworks.com/valak-evolution/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (e2fsprogs, ffmpeg, milkytracker, mupdf, openjdk-11, and qemu), Fedora (bashtop), Gentoo (ant, arpwatch, awstats, cacti, chromium, curl, dbus, djvu, filezilla, firefox, freexl, fuseiso, fwupd, glib-networking, haml, hylafaxplus, icinga, jhead, lha, libexif, libreswan, netqmail, nss, ntfs3g, ntp, ocaml, okular, ossec-hids, qtgui, qtnetwork, re2c, reportlab, samba, sarg, sqlite, thunderbird, transmission, tre, twisted, webkit-gtk, wireshark, and xen), --------------------------------------------- https://lwn.net/Articles/827153/ ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by an information disclosure vulnerability (CVE-2020-4498) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by an information disclosure vulnerability (CVE-2018-20852) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-18066) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a buffer overflow vulnerability (CVE-2015-2716) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2019-13232) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM MQ Appliance (CVE-2020-4025 and CVE-2020-4203) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Security vulnerabilities have been identified in BigFix Platform shipped with IBM License Metric Tool. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: Security vulnerability has been identified in BigFix Platform shipped with IBM License Metric Tool. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-ha… ∗∗∗ Security Bulletin: IBM MQ Appliance affected by an OpenSSL vulnerability (CVE-2019-1551) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-affected… ∗∗∗ Security Bulletin: Udaya testing on production 12345 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-udaya-testing-on-producti… ∗∗∗ Security Bulletin: Dev team testing on production 123 456 789 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-dev-team-testing-on-produ… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.07.2020
by Daily end-of-shift report 24 Jul '20

24 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-07-2020 18:00 − Freitag 24-07-2020 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ 5 severe D-Link router vulnerabilities disclosed, patch now ∗∗∗ --------------------------------------------- 5 severe D-Link vulnerabilities have been disclosed that could allow an attacker to take complete control over a router without needing to login. --------------------------------------------- https://www.bleepingcomputer.com/news/security/5-severe-d-link-router-vulne… ∗∗∗ Sicherheitslücke: Wenn das Youtube-Tutorial die Cloud-Zugangsdaten leakt ∗∗∗ --------------------------------------------- Sicherheitsforscher haben Hunderte Youtube-Tutorials ausgewertet und immer wieder Zugangsdaten entdeckt - mit diesen konnten sie sich auf AWS einloggen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-wenn-das-youtube-tutorial-die-c… ∗∗∗ MMS Exploit Part 2: Effective Fuzzing of the Qmage Codec ∗∗∗ --------------------------------------------- This post is the second of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-2-effective… ∗∗∗ Compromized Desktop Applications by Web Technologies, (Fri, Jul 24th) ∗∗∗ --------------------------------------------- For a long time now, it has been said that "the new operating system is the browser". Today, we do everything in our browsers, we connect to the office, we process emails, documents, we chat, we perform our system maintenances, ... But many popular web applications provide also desktop client: Twitter, Facebook, Slack are good examples. Such applications just replace the classic browser and use the API [...] --------------------------------------------- https://isc.sans.edu/diary/rss/26384 ∗∗∗ Garmin Connect: Ausfall offenbar nach Ransomware-Attacke ∗∗∗ --------------------------------------------- Eine Ransomware-Attacke hat Server von Garmin lahmgelegt. Fitnesstracker und Sportuhren lassen sich nicht synchronisieren. Der Ausfall dauert wohl mehrere Tage. --------------------------------------------- https://heise.de/-4851576 ∗∗∗ New variant of Phobos ransomware is coming ∗∗∗ --------------------------------------------- In recent years, the spread of ransomware has become increasingly severe, thousands of servers and databases around the world have been invaded and destroyed. --------------------------------------------- https://blog.360totalsecurity.com/en/new-variant-of-phobos-ransomware-is-co… ∗∗∗ „Letzte Mahnung“: Ignorieren Sie diese betrügerische BAWAG-Mail! ∗∗∗ --------------------------------------------- BetrügerInnen senden derzeit vermehrt E-Mails im Namen der Bank „BAWAG P.S.K.“. Darin werden Sie aufgefordert einen neuen Dienst zu aktivieren, indem Sie Ihre Bankdaten auf einer gefälschten BAWAG-Seite eingeben sollen. Achtung, diese Daten landen direkt in den Händen der Kriminelle! --------------------------------------------- https://www.watchlist-internet.at/news/letzte-mahnung-ignorieren-sie-diese-… ===================== = Vulnerabilities = ===================== ∗∗∗ Easy Breadcrumb - Moderately critical - Cross site scripting - SA-CONTRIB-2020-027 ∗∗∗ --------------------------------------------- Project: Easy BreadcrumbVersion: 8.x-1.128.x-1.10Date: 2020-July-22Security risk: Moderately critical 13∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross site scriptingDescription: This module enables you to use the current URL (path alias) and the current pages title to automatically extract the breadcrumbs segments and its respective links then show them as breadcrumbs on your website.The module doesnt sufficiently sanitize editor input in certain --------------------------------------------- https://www.drupal.org/sa-contrib-2020-027 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (qemu), Fedora (java-11-openjdk, mod_authnz_pam, podofo, and python27), openSUSE (cni-plugins, tomcat, and xmlgraphics-batik), Oracle (dbus and thunderbird), SUSE (freerdp, kernel, libraw, perl-YAML-LibYAML, and samba), and Ubuntu (libvncserver and openjdk-lts). --------------------------------------------- https://lwn.net/Articles/826965/ ∗∗∗ Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Verify Gateway does not sufficiently guard against unauthorized API calls (PSIRT-ADV0022379) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-does-n… ∗∗∗ Security Bulletin: IBM QRadar Advisor with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input (CVE-2020-4408) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-advisor-with-w… ∗∗∗ Security Bulletin: IBM Verify Gateway PAM components do not set restricted access permission for debug logs (CVE-2020-4405) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-pam-co… ∗∗∗ Privilege Escalation Vulnerability in SteelCentral Aternity Agent ∗∗∗ --------------------------------------------- https://sec-consult.com/./en/blog/advisories/privilege-escalation-vulnerabi… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.07.2020
by Daily end-of-shift report 23 Jul '20

23 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-07-2020 18:00 − Donnerstag 23-07-2020 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Popular Chinese-Made Drone Is Found To Have Security Weakness ∗∗∗ --------------------------------------------- Cybersecurity researchers revealed on Thursday a newfound vulnerability in an app that controls the worlds most popular consumer drones, threatening to intensify the growing tensions between China and the United States. From a report: In two reports, the researchers contended that an app on Googles Android operating system that powers drones made by China-based Da Jiang Innovations, or DJI, collects large amounts of personal information that could be exploited .. --------------------------------------------- https://it.slashdot.org/story/20/07/23/1437214/ ∗∗∗ Skimmers in Images & GitHub Repos ∗∗∗ --------------------------------------------- MalwareBytes recently shared some information about web skimmers that store malicious code inside real .ico files. During a routine investigation, we detected a similar issue. Instead of targeting .ico files, however, attackers chose to inject content into real .png files — both on compromised sites and in booby trapped Magento repos on GitHub. Googletagmanager.png Our security analyst Keith Petkus found this piece of malware injected on a compromised Magento 2.x site. --------------------------------------------- https://blog.sucuri.net/2020/07/skimmers-in-images-github-repos.html ∗∗∗ Towards native security defenses for the web ecosystem ∗∗∗ --------------------------------------------- With the recent launch of Chrome 83, and the upcoming release of Mozilla Firefox 79, web developers are gaining powerful new security mechanisms to protect their applications from common web vulnerabilities. In this post we share how our Information Security Engineering team is deploying Trusted Types, Content Security Policy, Fetch Metadata Request Headers and the Cross-Origin Opener Policy across Google to help guide and inspire other developers to similarly adopt these features to protect their applications. --------------------------------------------- https://security.googleblog.com/2020/07/towards-native-security-defenses-fo… ∗∗∗ Forensoftware vBulletin: Schlecht programmiertes Testskript als mögliche Gefahr ∗∗∗ --------------------------------------------- Wer das Skript vb_test.php zum Test von vBulletin-Installationsvoraussetzungen nutzt, sollte es danach wegen gefährlicher Lücken sofort vom Server löschen. --------------------------------------------- https://heise.de/-4851012 ===================== = Vulnerabilities = ===================== ∗∗∗ ASUS Router Vulnerable to Fake Updates and XSS ∗∗∗ --------------------------------------------- Recently ASUS patched two issues I discovered in the RT-AC1900P router firmware update functionality. These vulnerabilities could allow for complete compromise of the router and all traffic that traverses it. Finding 1: Update Accepts Forged Server Certificates (CVE-2020-15498) Finding 2: XSS in Release Notes Dialog Window (CVE-2020-15499) --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/asus-router… ∗∗∗ Drupal: Modal Form - Critical - Access bypass - SA-CONTRIB-2020-029 ∗∗∗ --------------------------------------------- Project: Modal Form Version: 8.x-1.x-dev Date: 2020-July-22 Security risk: Critical 16∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All Vulnerability: Access bypass Description: The Modal form module is a toolset for quick start of using forms in modal windows.Any form is available for view and submit when the modal_form module is installed. The only requirement is to know the forms fully-qualified class name. Solution: Upgrade to modal_form-8.x-1.2. --------------------------------------------- https://www.drupal.org/sa-contrib-2020-029 ∗∗∗ Sicherheitsupdate: Netzwerk-Schützer von Cisco sind löchrig ∗∗∗ --------------------------------------------- Admins, die Netzwerke mit Hard- und Software von Cisco schützen, sollten aus Sicherheitsgründen die aktuellen Versionen von Adaptive Security Appliance (ASA) und Firepower Threat Defense (FTD) installieren. ... Ein entfernter und unangemeldeter Angreifer könnte mittels präparierter HTTP-Anfragen auf das Web-Services-Dateisystem von anvisierten Geräten zugreifen (Directory-Traversal-Attacke). Dieses Dateisystem ist aber nur verfügbar, wenn Any-Connect- oder WebVPN-Features aktiviert sind. Davon sind alle Geräte mit verwundbaren ASA- und FTD-Versionen betroffen. (CVE-2020-3452) --------------------------------------------- https://heise.de/-4850949 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (poppler and tomcat8), Fedora (cacti, cacti-spine, java-1.8.0-openjdk, mbedtls, mingw-python3, singularity, and xen), openSUSE (firefox, redis, and singularity), Red Hat (samba), SUSE (java-11-openjdk, qemu, and vino), and Ubuntu (ffmpeg and pillow). --------------------------------------------- https://lwn.net/Articles/826841/ ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Z Development and Test Environment – April 2020 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Novalink is impacted by Denial of service vulnerability in WebSphere Application Server Liberty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-d… ∗∗∗ Security Bulletin: Websphere Application Server Liberty vulnerabilities used by IBM Streams ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Java vulnerability CVE-2019-2949 affecting IBM Streams ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerability-cve-20… ∗∗∗ Security Bulletin: IBM WebSphere Application Server Network Deployment security vulnerabilities in IBM Content Foundation on Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application… ∗∗∗ Security Bulletin: Vulnerability exists in Watson Explorer (CVE-2020-4329) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-exists-in-w… ∗∗∗ Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2020-1967) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affects-wat… ∗∗∗ Security Bulletin: WebSphere security vulnerability in IBM Content Foundation on Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-security-vulner… ∗∗∗ Security Bulletin: Java vulnerabilities affecting IBM Streams ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerabilities-affe… ∗∗∗ Security Bulletin: Cross Site Scripting security vulnerabilities in FileNet Content Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-secu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.07.2020
by Daily end-of-shift report 22 Jul '20

22 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-07-2020 18:00 − Mittwoch 22-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Cybercrime: Der Kampf um die Router ∗∗∗ --------------------------------------------- Router sind für Cyber-Kriminelle eine wichtige Ressource. Das rechtfertigt auch außergewöhnliche Maßnahmen. --------------------------------------------- https://heise.de/-4848764 ∗∗∗ Arbeiterkammer warnt: Bewertungen können zur Falle werden! ∗∗∗ --------------------------------------------- Gesucht: italienische Pizzeria. Gefunden: Pizzeria mit top Bewertungen! Vorsicht! Auch bei Online-Bewertungen gibt es Betrug. So kaufen Unternehmen Fake-Bewertungen, die die Unternehmen besser dastehen lassen sollen als sie sind. Gleichzeitig müssen auch Sie bei Bewertungen darauf achten, was Sie schreiben. Ansonsten könnte eine Klage drohen. Arbeiterkammer (AK) und Internet Ombudsmann haben rechtliche Fragen bei Bewertungsplattformen unter die Lupe genommen. --------------------------------------------- https://www.watchlist-internet.at/news/arbeiterkammer-warnt-bewertungen-koe… ∗∗∗ Phishing-Kampagne nutzt Googles Cloud-Dienste zum Diebstahl von Office-365-Anmeldedaten ∗∗∗ --------------------------------------------- Die Hacker hosten auf Google Drive eine speziell gestaltete PDF-Datei. Die Google Cloud stellt für den Angriff auch eine Phishing-Website bereit. Ähnliche Attacken missbrauchen auch Cloud-Dienste anderer Anbieter wie Microsoft Azur. --------------------------------------------- https://www.zdnet.de/88381697/phishing-kampagne-nutzt-googles-cloud-dienste… ∗∗∗ Emotet botnet is now heavily spreading QakBot malware ∗∗∗ --------------------------------------------- Researchers tracking Emotet botnet noticed that the malware started to push QakBot banking trojan at an unusually high rate, replacing the longtime TrickBot payload. --------------------------------------------- https://www.bleepingcomputer.com/news/security/emotet-botnet-is-now-heavily… ∗∗∗ Format String Vulnerabilities ∗∗∗ --------------------------------------------- C++ and strings The C++ programming language has a couple of different variable types designed to manage text data. These include C strings, which are defined as arrays of characters, and the C++ string data type. These types of variables can be used for a variety of different purposes. The most visible is printing messages [...] --------------------------------------------- https://resources.infosecinstitute.com/format-string-vulnerabilities/ ∗∗∗ Command Injection Vulnerabilities ∗∗∗ --------------------------------------------- What is a command injection vulnerability? Many applications are not designed to be wholly self-contained. They often access external systems as well, including databases, application programming interfaces (APIs) and others. Some applications are designed to run commands within the terminal of the system that they are running on. For example, a program may wish to [...] --------------------------------------------- https://resources.infosecinstitute.com/command-injection-vulnerabilities/ ∗∗∗ How to configure Internet Options for Local Group Policy ∗∗∗ --------------------------------------------- Does this sound familiar? “Welcome to Monopoly!” “All right, now we’re going to go with auctions if you don’t buy.” “Why? That’s so annoying!” “Because if we don’t, it takes forever.” “All right, fine, but I want money if I land on Free Parking.” “Fine, if that’s what it takes. But I want ‘even [...] --------------------------------------------- https://resources.infosecinstitute.com/how-to-configure-internet-options-fo… ∗∗∗ MATA: Multi-platform targeted malware framework ∗∗∗ --------------------------------------------- The MATA malware framework possesses several components, such as loader, orchestrator and plugins. The framework is able to target Windows, Linux and macOS operating systems. --------------------------------------------- https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/ ∗∗∗ A few IoCs related to CVE-2020-5092, (Wed, Jul 22nd) ∗∗∗ --------------------------------------------- I know I am a bit late to the game, but a couple of weeks ago I responded to an incident resulting from an F5 compromise related to CVE-2020-5092. As I responded I captured a number if indicators of compromise. While I have not had a lot of time to dig into them, hopefully they will be of use to somebody. --------------------------------------------- https://isc.sans.edu/diary/rss/26378 ∗∗∗ Malicious Magento User Creator ∗∗∗ --------------------------------------------- We recently found a simple malicious script leveraging Magento’s internal functions to create a new admin user with the admin role “Inchoo” ⁠— probably referring to a Croatian Magento consulting company. The script is simple but very effective and can easily be overlooked as another Magento file without closer inspection. It’s based on a sample that has been circulating the Internet since 2012 and provides a boilerplate for attackers to easily specify user [...] --------------------------------------------- https://blog.sucuri.net/2020/07/malicious-magento-user-creator.html ===================== = Vulnerabilities = ===================== ∗∗∗ Shadow Attacks: Forscher hebeln PDF-Signaturprüfung erneut aus ∗∗∗ --------------------------------------------- 2019 umgingen Forscher von der Ruhr-Universität Bochum die Signatur-Überprüfung von PDF-Software. Nun entwickelten sie erfolgreich drei neue Angriffe. --------------------------------------------- https://heise.de/-4849183 ∗∗∗ Jetzt updaten: Exploit-Code für Patchday-Lücke in SharePoint Server verfügbar ∗∗∗ --------------------------------------------- Gegen eine kritische Lücke in SharePoint Server, Visual Studio und dem .NET Framework gibt es seit dem MS-Patchday Updates. Die Gefahr eines Angriffs steigt. --------------------------------------------- https://heise.de/-4849584 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (librsvg and squid), Fedora (mailman, mingw-LibRaw, php-horde-kronolith, and targetcli), openSUSE (openconnect), Red Hat (cloud-init, container-tools:rhel8, dbus, java-1.8.0-openjdk, java-11-openjdk, jbig2dec, kernel, kpatch-patch, mod_auth_openidc:2.3, nodejs:10, openstack-keystone, rh-nodejs10-nodejs, sane-backends, thunderbird, and virt:rhel), SUSE (webkit2gtk3 and xrdp), and Ubuntu (evolution-data-server, linux, linux-aws, linux-aws-hwe, [...] --------------------------------------------- https://lwn.net/Articles/826713/ ∗∗∗ Raining SYSTEM Shells with Citrix Workspace app ∗∗∗ --------------------------------------------- TL;DR Citrix Workspace is vulnerable to a remote command execution attack running under the context of the SYSTEM account. By sending a crafted message over a named pipe and spoofing [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/raining-system-shells-with-ci… ∗∗∗ Security Advisory - fastjson Injection Vulnerability in Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200722-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in jackson-databind shipped with IBM Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Verify Gateway does not hide a cryptographic key in one of its binary files (CVE-2020-4385) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-does-n… ∗∗∗ Security Bulletin: IBM WebSphere Application Server Network Deployment security vulnerability in IBM Content Foundation on Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application… ∗∗∗ Security Bulletin: WebSphere network security vulnerability in IBM Content Foundation on Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-network-securit… ∗∗∗ Security Bulletin: SB0003748 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sb0003748/ ∗∗∗ Security Bulletin: SB0003749 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sb0003749/ ∗∗∗ Security Bulletin: WebSphere Application Server security vulnerability in FileNet Content Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Verify Gateway does not hide client secrets when debug tracing is active (CVE-2020-4372) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-does-n… ∗∗∗ Security Bulletin: IBM Verify Gateway PAM components default to cleartext storage of client secret (CVE-2020-4369) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-pam-co… ∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0746 ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0745 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.07.2020
by Daily end-of-shift report 21 Jul '20

21 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Montag 20-07-2020 18:00 − Dienstag 21-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Microsoft will disable insecure TLS in Office 365 on Oct 15 ∗∗∗ --------------------------------------------- Microsoft has set the official retirement date for the insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols in Office 365 starting with October 15, 2020, after temporarily halting deprecation enforcement for commercial customers due to COVID-19. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-will-disable-inse… ∗∗∗ Sextortion Update: The Final Final Chapter, (Mon, Jul 20th) ∗∗∗ --------------------------------------------- Even though the Sextortion emails which began in the July of 2018 are old news, and old hat, I am still tracking the BTC Addresses that were holding the money from the successful transactions. --------------------------------------------- https://isc.sans.edu/diary/rss/26334 ∗∗∗ Couple of interesting Covid-19 related stats, (Tue, Jul 21st) ∗∗∗ --------------------------------------------- It is nothing new that Covid-19 forced many organizations around the world to quickly adopt the "work from home" model, which in turn resulted in an increased number of machines offering remote access services and protocols accessible from the internet. --------------------------------------------- https://isc.sans.edu/diary/rss/26374 ∗∗∗ Understanding the Benefits of the Capability Maturity Model Integration (CMMI) ∗∗∗ --------------------------------------------- “Cybersecurity is the leading corporate governance challenge today, yet 87% of C-suite professionals and board members lack confidence in their company’s cybersecurity capabilities. Many CISOs and CSOs focus on implementing standards and frameworks, but what good is compliance if it does not improve your overall cybersecurity resilience? --------------------------------------------- https://www.tripwire.com/state-of-security/featured/understanding-benefits-… ∗∗∗ Kleinanzeigenbetrug: Das können Opfer tun ∗∗∗ --------------------------------------------- Sie haben auf einer Kleinanzeigenplattform, wie ebay, willhaben und Co ein Produkt an einen Kriminellen verkauft? Sie haben den Betrug zu spät erkannt – das Paket wurde bereits aufgegeben? Mit ein wenig Glück, viele Recherche, Kommunikation und Hartnäckigkeit können Sie das Paket möglicherweise stoppen und wieder zurückbekommen! --------------------------------------------- https://www.watchlist-internet.at/news/kleinanzeigenbetrug-das-koennen-opfe… ===================== = Vulnerabilities = ===================== ∗∗∗ Citrix Workspace app for Windows Security Update ∗∗∗ --------------------------------------------- A vulnerability has been identified in the automatic update service of Citrix Workspace app for Windows that could result in: A local user escalating their privilege level to that of an administrator on the computer running Citrix Workspace app for Windows. A remote compromise of the computer running Citrix Workspace app when Windows file sharing (SMB) is enabled. --------------------------------------------- https://support.citrix.com/article/CTX277662 ∗∗∗ Notfallpatches: Adobe stopft kritische Lücken in Bridge, Prelude und Photoshop ∗∗∗ --------------------------------------------- Der Softwarehersteller Adobe hat Sicherheitsupdates außer der Reihe für Android- und Windows-Anwendungen veröffentlicht. --------------------------------------------- https://heise.de/-4849092 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ksh), openSUSE (ant, chromium, ldb, samba, and LibVNCServer), Red Hat (dbus, kernel, kernel-rt, and NetworkManager), and SUSE (cni-plugins, firefox, openexr, Salt, salt, SUSE Manager Client Tools, and tomcat). --------------------------------------------- https://lwn.net/Articles/826603/ ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Oct 2019 CPU ( CVE-2019-2949) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: WML CE: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-sqlite-through-3-3… ∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (July 2020v1) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: SB003732 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sb003732/ ∗∗∗ Security Bulletin: WML CE: TensorFlow: In SQLite before 3.32.3, select.c mishandles query-flattener optimization ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-tensorflow-in-sqli… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect B2B API of IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht XXE ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0740 ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0741 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.07.2020
by Daily end-of-shift report 20 Jul '20

20 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 17-07-2020 18:00 − Montag 20-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Emotet: Erste Angriffswelle nach fünfmonatiger Pause ∗∗∗ --------------------------------------------- Nach mehrmonatiger Pause haben Forscher eine neue Emotet-Angriffswelle beobachtet. Die Ziele lagen vor allem in den USA sowie im Vereinigten Königreich. --------------------------------------------- https://heise.de/-4847070 ∗∗∗ How to use Windows 10 File History to make secure backups ∗∗∗ --------------------------------------------- With File History feature on Windows, you can back up copies of files that are in the Documents, Music, Pictures, Videos, and Desktop folders. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/how-to-use-windows-10-file-… ∗∗∗ Zone.Identifier: A Coupe Of Observations, (Sat, Jul 18th) ∗∗∗ --------------------------------------------- In diary entry "Sysmon and Alternate Data Streams", we reported that Sysmon records the content of small Alternate Data Streams (containing text) in the event log. This is useful for the Zone.Identifier ADS, a stream that is added by many browsers to mark a file as orginating from the Internet. Modern browsers will include extra information in Zone.Identifier, like the URL: [...] --------------------------------------------- https://isc.sans.edu/diary/rss/26366 ∗∗∗ Online-Shop-Software: Zwei-Faktor-Authentifizierung für Magento-Shops verfügbar ∗∗∗ --------------------------------------------- Admins können Online-Shops auf Magento-Basis nun effektiver gegen feindliche Übernahmen absichern. --------------------------------------------- https://heise.de/-4847660 ===================== = Vulnerabilities = ===================== ∗∗∗ Windows 10 Store wsreset tool lets attackers bypass antivirus ∗∗∗ --------------------------------------------- A technique that exploits Windows 10 Microsoft Store called wsreset.exe can delete files to bypass antivirus protection on a host without being detected. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-10-store-wsreset-too… ∗∗∗ Scanning Activity for ZeroShell Unauthenticated Access, (Sun, Jul 19th) ∗∗∗ --------------------------------------------- In the past 36 hours, an increase in scanning activity to exploit and compromise ZeroShell Linux router began. This router software had several unauthenticated remote code execution released in the past several years, the last one was CVE-2019-12725. The router latest software version can be dowloaded here. --------------------------------------------- https://isc.sans.edu/diary/rss/26368 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libopenmpt, nginx, nss, qemu, rails, redis, ruby-sanitize, and tomcat9), Fedora (glibc, libldb, nspr, nss, samba, and webkit2gtk3), openSUSE (cairo, firefox, google-compute-engine, LibVNCServer, mumble, ntp, openconnect, openexr, openldap2, pdns-recursor, python-ipaddress, rubygem-puma, samba, singularity, slirp4netns, thunderbird, xen, and xrdp), and Oracle (.NET Core, .NET Core 3.1, java-1.8.0-openjdk, java-11-openjdk, kernel, and thunderbird). --------------------------------------------- https://lwn.net/Articles/826537/ ∗∗∗ 3 Vulnerabilities Found on AvertX IP Cameras ∗∗∗ --------------------------------------------- Security cameras make up 5% of enterprise IoT devices but account for 33% of all security issues. We found three vulnerabilities in AvertX IP cameras. --------------------------------------------- https://unit42.paloaltonetworks.com/avertx-ip-cameras-vulnerabilities/ ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: WML CE: Pillow before 7.1.0 has multiple out-of-bounds reads ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-pillow-before-7-1-… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2020 – Includes Oracle Jan 2020 CPU affect IBM Content Classification ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-wo… ∗∗∗ Security Bulletin: WML CE: In Pillow before 7.1.0, there is a Buffer Overflow ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-in-pillow-before-7… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: WML CE: libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-libjpeg-turbo-2-0-… ∗∗∗ Security Bulletin: WML CE: SQLite through 3.32.2 has has a use-after-free problem. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-sqlite-through-3-3… ∗∗∗ Security Bulletin: A vulnerability in Jackson Databind affects IBM Operations Analytics Predictive Insights (CVE-2020-8840) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-jackso… ∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Rails ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.07.2020
by Daily end-of-shift report 17 Jul '20

17 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 16-07-2020 18:00 − Freitag 17-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ MMS Exploit Part 1: Introduction to the Samsung Qmage Codec and Remote Attack Surface ∗∗∗ --------------------------------------------- This post is the first of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. New posts will be published as they are completed and will be linked here when complete. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-1-introduct… ∗∗∗ Zoom Addresses Vanity URL Zero-Day ∗∗∗ --------------------------------------------- A previously undisclosed bug in Zoom’s customizable URL feature has been addressed that could have offered a hacker a perfect social-engineering avenue for stealing credentials or sensitive information. --------------------------------------------- https://threatpost.com/zoom-vanity-url-zero-day/157510/ ∗∗∗ Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors ∗∗∗ --------------------------------------------- Fake WordPress plugins appear to be trending as an effective way of establishing a foothold on compromised websites. During a recent investigation, we discovered a fake component which was masquerading as a legitimate plugin. Named SiteSpeed, it contained a lot of interesting malicious capabilities. --------------------------------------------- https://blog.sucuri.net/2020/07/fake-wordpress-plugin-sitespeed-malware-bac… ∗∗∗ capa: Automatically Identify Malware Capabilities ∗∗∗ --------------------------------------------- capa is the FLARE team’s newest open-source tool for analyzing malicious programs. Our tool provides a framework for the community to encode, recognize, and share behaviors that we’ve seen in malware. Regardless of your background, when you use capa, you invoke decades of cumulative reverse engineering experience to figure out what a program does. In this post you will learn how capa works, how to install and use the tool, and why you should integrate it into your triage workflow [...] --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/07/capa-automatically-iden… ∗∗∗ Threat modelling and IoT hubs ∗∗∗ --------------------------------------------- IoT hubs are increasingly being used to provide a single point of access to the myriad of smart devices in the home. One ring to rule them all, if rather [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/threat-modelling-and-iot-hubs/ ∗∗∗ Diese Betrugsmaschen sollten GamerInnen kennen (Teil 2) ∗∗∗ --------------------------------------------- Ob Phishing-Versuche oder Fake-Shops: Die Betrugsmaschen im Gaming-Bereich unterscheiden sich teilweise kaum von anderen Betrügereien im Internet. Wir sammeln die häufigsten Betrugsmaschen und erklären, wie Sie diese erkennen und dagegen vorgehen können. Im zweiten Teil zeigen wir Ihnen Betrugsmaschen rund um Schadsoftware, Fake-Shops und betrügerische Apps. --------------------------------------------- https://www.watchlist-internet.at/news/diese-betrugsmaschen-sollten-gamerin… ∗∗∗ Diebold Nixdorf warns of a new class of ATM black box attacks across Europe ∗∗∗ --------------------------------------------- New ATM black box (jackpotting) attacks have been spotted in Belgium. --------------------------------------------- https://www.zdnet.com/article/diebold-nixdorf-warns-of-a-new-class-of-atm-b… ∗∗∗ Mac cryptocurrency trading application rebranded, bundled with malware ∗∗∗ --------------------------------------------- ESET researchers lure GMERA malware operators to remotely control their Mac honeypots --------------------------------------------- https://www.welivesecurity.com/2020/07/16/mac-cryptocurrency-trading-applic… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (bashtop and python39), openSUSE (openexr), Red Hat (java-1.8.0-openjdk), and Scientific Linux (thunderbird). --------------------------------------------- https://lwn.net/Articles/826367/ ∗∗∗ Security Bulletin: Vulnerabilities in Dojo affect IBM Spectrum Protect for Virtual Environments (CVE-2020-5259, CVE-2020-5258) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-dojo-a… ∗∗∗ Security Bulletin: IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments are vulnerabile to Logjam (CVE-2015-4000) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-back… ∗∗∗ Security Bulletin: IBM Spectrum Protect Snapshot for VMware is vulnerable to Logjam (CVE-2015-4000) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-snap… ∗∗∗ Security Bulletin: Vulnerabilities in Dojo affect IBM Spectrum Protect Snapshot for VMware (CVE-2020-5259, CVE-2020-5258) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-dojo-a… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java JRE, 8.0-1.1 affect IBM Netezza Platform Software clients. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Addressing the Sqlite Vulnerability CVE-2020-11656, CVE-2020-11655 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-addressing-the-sqlite-vul… ∗∗∗ Security Bulletin: IBM Java Runtime Vulnerability affects IBM Spectrum Protect Snapshot for VMware (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerab… ∗∗∗ Security Bulletin: IBM WebSphere Application Server Liberty XSS Vulnerabilities Affect IBM Control Center (CVE-2020-4303, CVE-2020-4304) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application… ∗∗∗ Security Bulletin: Apache CXF XSS Vulnerability Affects IBM Control Center (CVE-2019-17573) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-xss-vulnerabil… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.07.2020
by Daily end-of-shift report 16 Jul '20

16 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 15-07-2020 18:00 − Donnerstag 16-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ BlackRock - the Trojan that wanted to get them all ∗∗∗ --------------------------------------------- Around May 2020 ThreatFabric analysts have uncovered a new strain of banking malware dubbed BlackRock that looked pretty familiar. After investigation, it became clear that this newcomer is derived from the code of the Xerxes banking malware, which itself is a strain of the LokiBot Android banking Trojan. The source code of the Xerxes malware was made public by its author around May 2019, which means that it is accessible to any threat actor. --------------------------------------------- https://www.threatfabric.com/blogs/blackrock_the_trojan_that_wanted_to_get_… ∗∗∗ Windows Server Containers Are Open, and Here’s How You Can Break Out ∗∗∗ --------------------------------------------- We demonstrate a complete technique to escalate privileges and escape Windows Server Containers.The post Windows Server Containers Are Open, and Here’s How You Can Break Out appeared first on Unit42. --------------------------------------------- https://unit42.paloaltonetworks.com/windows-server-containers-vulnerabiliti… ===================== = Vulnerabilities = ===================== ∗∗∗ Xen Security Advisory XSA-329 - Linux ioperm bitmap context switching issues ∗∗∗ --------------------------------------------- IO port permissions dont get rescinded when context switching to an unprivileged task. Therefore, all userspace can use the IO ports granted to the most recently scheduled task with IO port permissions. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-329.html ∗∗∗ Schadcode-Lücken gefährden Router von Cisco ∗∗∗ --------------------------------------------- Der Netzwerkausrüster Cisco holt zum Rundumschlag aus und veröffentlicht quer durch die eigenen Produktreihen Sicherheitsupdates. --------------------------------------------- https://heise.de/-4845109 https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&first… ∗∗∗ 2 Million Users Affected by Vulnerability in All in One SEO Pack ∗∗∗ --------------------------------------------- On July 10, 2020, our Threat Intelligence team discovered a vulnerability in All In One SEO Pack, a WordPress plugin installed on over 2 million sites. This flaw allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim accessed the wp-admin panel's [...] --------------------------------------------- https://www.wordfence.com/blog/2020/07/2-million-users-affected-by-vulnerab… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (evolution-data-server and webkit2gtk), Fedora (kernel, snapd, and xen), openSUSE (thunderbird and xen), Oracle (dbus and thunderbird), Red Hat (java-1.8.0-openjdk, java-11-openjdk, jbig2dec, sane-backends, and thunderbird), Scientific Linux (kernel), SUSE (cairo, containerd, docker, docker-runc, golang-github-docker-libnetwork, google-compute-engine, mailman, mercurial, openconnect, openexr, and xrdp), and Ubuntu (libvpx and snapd). --------------------------------------------- https://lwn.net/Articles/826288/ ∗∗∗ Synology-SA-20:18 DSM ∗∗∗ --------------------------------------------- Multiple vulnerabilities allow remote attackers to conduct man-in-the-middle attacks via a susceptible version of Synology DiskStation Manager (DSM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_18 ∗∗∗ Trend Micro Internet Security: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0724 ∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0721 ∗∗∗ macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211289 ∗∗∗ iOS 13.6 and iPadOS 13.6 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211288 ∗∗∗ tvOS 13.4.8 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211290 ∗∗∗ watchOS 6.2.8 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211291 ∗∗∗ Security Advisory - Windows DNS Server Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200716-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Oct 2019 CPU (CVE-2019-2949) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: XML External Entity Injection (XXE) Vulnerability Affects IBM Secure External Authentication Server (CVE-2020-4462) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-xml-external-entity-injec… ∗∗∗ Security Bulletin: Cross-site Scripting and Vulnerable library – JQuery v1.11.1 affects IBM Engineering Workflow Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-and-… ∗∗∗ Security Bulletin: Missing Cookie Attribute Vulnerability Affects IBM Secure Proxy ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-missing-cookie-attribute-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Jan 2020 CPU (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Java Runtime Vulnerability Affects IBM Secure External Authentication Server (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerab… ∗∗∗ Security Bulletin: : HTTP Header Weakness Affects IBM Secure External Authentication Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-http-header-weakness-affe… ∗∗∗ Security Bulletin: Cross-site scripting vulnerability affects IBM Jazz Foundation and IBM Engineering products. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Jan 2020 CPU (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.07.2020
by Daily end-of-shift report 15 Jul '20

15 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 14-07-2020 18:00 − Mittwoch 15-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Windows Server: Sigred ist eine wurmartige kritische Lücke in Windows DNS ∗∗∗ --------------------------------------------- Der Bug betrifft alle Maschinen mit Windows Server 2003 bis 2019. Microsoft rät zum Patch, da sich Malware darüber selbst ausbreiten kann. --------------------------------------------- https://www.golem.de/news/windows-server-sigred-ist-eine-wurmartige-kritisc… ∗∗∗ Spamdexing (SEO spam malware) ∗∗∗ --------------------------------------------- Introduction: About SEO spam - is my website a target? You’ve spent time and energy in positioning your website high in search engine rankings through good SEO practices. You realize, however, that someone has hijacked your site by inserting their own spam. You are a victim of SEO spam, otherwise known as spamdexing, web spam, [...] --------------------------------------------- https://resources.infosecinstitute.com/spamdexing-seo-spam-malware/ ∗∗∗ Word docs with macros for IcedID (Bokbot), (Wed, Jul 15th) ∗∗∗ --------------------------------------------- Today's diary reviews Microsoft Word documents with macros to infect vulnerable Windows hosts with IcedID malware (also known as Bokbot) on Tuesday 2020-07-14. This campaign has previously pushed Valak or Ursnif, often with IcedID as the follow-up malware to these previous infections. --------------------------------------------- https://isc.sans.edu/diary/rss/26352 ∗∗∗ Simple DGA Spotted in a Malicious PowerShell ∗∗∗ --------------------------------------------- DGA (“Domain Generation Algorithm“) is a technique implemented in some malware families to defeat defenders and to make the generation of IOC’s (and their usage – example to implement black lists) more difficult. When a piece of malware has to contact a C2 server, it uses domain names or IP [...] --------------------------------------------- https://blog.rootshell.be/2020/07/14/simple-dga-spotted-in-a-malicious-powe… ∗∗∗ Website misconfigurations and other errors to avoid ∗∗∗ --------------------------------------------- Website misconfigurations can lead to hacking, malfunction, and worse. We take a look at recent mishaps and advise site owners on how to lock down their platforms. --------------------------------------------- https://blog.malwarebytes.com/how-tos-2/2020/07/website-misconfigurations-a… ∗∗∗ Diese Betrugsmaschen sollten GamerInnen kennen (Teil 1) ∗∗∗ --------------------------------------------- Ob Phishing-Versuche oder Fake-Shops: Die Betrugsmaschen im Gaming-Bereich unterscheiden sich teilweise kaum von anderen Betrügereien im Internet. Wir sammeln die häufigsten Betrugsmaschen und erklären, wie Sie diese erkennen und dagegen vorgehen können. Im ersten Teil zeigen wir Ihnen die betrügerischen Tricks rund um Phishing und Accountdiebstahl. --------------------------------------------- https://www.watchlist-internet.at/news/diese-betrugsmaschen-sollten-gamerin… ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft July 2020 Patch Tuesday - Patch Now!, (Tue, Jul 14th) ∗∗∗ --------------------------------------------- This month we got patches for 123 vulnerabilities. Of these, 17 are critical and 2 were previously disclosed. --------------------------------------------- https://isc.sans.edu/diary/rss/26350 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (dbus), Debian (python3.5), Fedora (podofo and roundcubemail), Oracle (dbus, dovecot, jbig2dec, kernel, nodejs:10, nodejs:12, sane-backends, and thunderbird), Red Hat (.NET Core and kernel), SUSE (ansible, ansible1, ardana-ansible, ardana-cluster, ardana-freezer, ardana-input-model, ardana-logging, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, [...] --------------------------------------------- https://lwn.net/Articles/826181/ ∗∗∗ Security Advisory - Two Vulnerabilities in SaltStack Salt ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200715-… ∗∗∗ Security Advisory - Apache Tomcat File Inclusion Vulnerability ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200715-… ∗∗∗ Security Bulletin: IBM has released a Unified Extensible Firmware Interface (UEFI) fix in response to an Intel escalation of information disclosure vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-released-a-unifie… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Apr 2020 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerabilities in Java affect the IBM FlashSystem 900 (CVE-2019-2989 and CVE-2019-2964) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-a… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Apr 2020 CPU (CVE-2020-2805, CVE-2020-2803, CVE-2020-2757, CVE-2020-2756) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM eDiscovery Analyzer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Apache Tomcat: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0717 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily