Daily

daily@lists.cert.at

1 participants
3183 discussions

Tageszusammenfassung - 26.11.2020
by Daily end-of-shift report 26 Nov '20

26 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 25-11-2020 18:00 − Donnerstag 26-11-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Risk Based Authentication: Die Krücke für Passwörter und wie sie ausgenutzt wird ∗∗∗ --------------------------------------------- Mit der Risikoabschätzung RBA wollen Online-Dienste den Passwortmissbrauch bekämpfen. Doch Cybercrime macht daraus ein Geschäft: mit digitalen Doppelgängern. --------------------------------------------- https://heise.de/-4970547 ∗∗∗ Was ist SIM‑Swapping und wie können Sie sich schützen ∗∗∗ --------------------------------------------- Bei diesem Angriff geht es um ihre Telefonnummer und zwar darum sie Ihnen wegzunehmen. --------------------------------------------- https://www.welivesecurity.com/deutsch/2020/11/26/was-ist-sim-swapping-und-… ∗∗∗ Vorsicht! Der Download dieser Apps entpuppt sich als teure Abo-Falle! ∗∗∗ --------------------------------------------- Es gibt viele hilfreiche Apps für das Handy, die das Leben erleichtern können. Allerdings gibt es auch Apps, die das Leben erschweren. So tauchen immer wieder Apps im Google Play- oder im App-Store auf, bei denen ungewollte und teure Abos abgeschlossen werden. Die Kosten werden dabei entweder gar nicht erwähnt oder kaum sichtbar im Kleingedruckten versteckt. Wir zeigen Ihnen, wie Sie sich vor dieser Betrugsmasche schützen können. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-der-download-dieser-apps-en… ∗∗∗ 71 Opfer seit September: Forscher warnen vor Ransomware Egregor ∗∗∗ --------------------------------------------- Die Hintermänner sind bisher in 19 Ländern aktiv. Die Mehrheit der Opfer befindet sich jedoch in den USA. Dank ausgeklügelter Codeverschleierung können Sicherheitsforscher den Infektionsweg von Egregor bisher nicht vollständig klären. --------------------------------------------- https://www.zdnet.de/88390072/71-opfer-seit-september-forscher-warnen-vor-r… ∗∗∗ Analysis of Kinsing Malwares Use of Rootkit ∗∗∗ --------------------------------------------- The Kinsing malware has been evolving with capabilities added to increase the difficulty of detection. Trend Micro reports on the use of a rootkit in recent samples to carry out these objectives. --------------------------------------------- https://exchange.xforce.ibmcloud.com/collection/6d8ebd5da62cf61982fce04b20b… ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013 ∗∗∗ --------------------------------------------- The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. --------------------------------------------- https://www.drupal.org/sa-core-2020-013 ∗∗∗ Synology: Kritische Lücken aus Disk Station Manager und Safe Access beseitigt ∗∗∗ --------------------------------------------- Über Sicherheitslücken könnten Angreifer aus der Ferne Programmcode auf verwundbaren Geräten ausführen. Abgesicherte Versionen stehen teilweise noch aus. --------------------------------------------- https://heise.de/-4971807 ∗∗∗ Forscher entdeckt zufällig Zero-Day-Lücke in Windows 7 und Server 2008 ∗∗∗ --------------------------------------------- Sie erlaubt eine nicht autorisierte Ausweitung von Benutzerrechten. Neuere Windows-Versionen sind nicht betroffen. Der Forscher stößt bei der Arbeit an einem Update für sein Sicherheitstool PrivescCheck auf den Fehler. --------------------------------------------- https://www.zdnet.de/88390077/forscher-entdeckt-zufaellig-zero-day-luecke-i… ∗∗∗ BlackBerry Powered by Android Security Bulletin - November 2020 ∗∗∗ --------------------------------------------- https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumbe… ∗∗∗ BigBlueButton E-mail Validation Bypass ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2020110211 ∗∗∗ BigBlueButton Meeting Access Code Brute Force Vulnerability ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2020110210 ∗∗∗ Security Bulletin: IBM Cloud Pak for Security (CP4S) could reveal sensitive information to authenticated user (CVE-2020-4626) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-securit… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Cloud Pak for Security (CP4S) uses weaker than expected cryptographic algorithms (CVE-2020-4624) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-securit… ∗∗∗ Security Bulletin: IBM Network Performance Insight is affected by Apache Commons Codec vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-i… ∗∗∗ Security Bulletin: IBM Cloud Pak for Security (CP4S) vulnerable to session handling issue (CVE-2020-4696) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-securit… ∗∗∗ Security Bulletin: CP4S 1.3.0.1 fails to use HTTPOnly flag (CVE-2020-4625) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cp4s-1-3-0-1-fails-to-use… ∗∗∗ Security Bulletin: IBM Cloud Pak for Security (CP4S) is potentially vulnerable to CVS injection (CVE-2020-4627) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-securit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.11.2020
by Daily end-of-shift report 25 Nov '20

25 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 24-11-2020 18:00 − Mittwoch 25-11-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Light-Based Attacks Expand in the Digital Home ∗∗∗ --------------------------------------------- The team that hacked Amazon Echo and other smart speakers using a laser pointer continue to investigate why MEMS microphones respond to sound. --------------------------------------------- https://threatpost.com/light-based-attacks-digital-home/161583/ ∗∗∗ [SANS ISC] Live Patching Windows API Calls Using PowerShell ∗∗∗ --------------------------------------------- I published the following diary on isc.sans.edu: “Live Patching Windows API Calls Using PowerShell“: It’s amazing how attackers can be imaginative when it comes to protecting themselves and preventing security controls to do their job. Here is an example of a malicious PowerShell script that patches live a DLL function [...] --------------------------------------------- https://blog.rootshell.be/2020/11/25/sans-isc-live-patching-windows-api-cal… ∗∗∗ IBM: Aktuelle Security-Updates sichern diverse Produkte gegen Angriffe ab ∗∗∗ --------------------------------------------- Schwachstellen von "Low" bis "High" wurden aus Netezza Host Management, aus Resilient, Spectrum Protect (Plus), TNPM Wireline und weiteren Produkten beseitigt. --------------------------------------------- https://heise.de/-4970430 ∗∗∗ Stantinko Proxy Trojan Masquerades as Apache Servers ∗∗∗ --------------------------------------------- A threat group tracked as Stantinko was observed using a new version of a Linux proxy Trojan that poses as Apache servers to remain undetected. --------------------------------------------- https://www.securityweek.com/stantinko-proxy-trojan-masquerades-apache-serv… ∗∗∗ This critical software flaw is now being used to break into networks - so update fast ∗∗∗ --------------------------------------------- A vulnerability in MobileIron mobile device management software is being used by state-backed hackers and organised crime, warns security agency. --------------------------------------------- https://www.zdnet.com/article/this-software-flaw-is-being-used-to-break-int… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücken in McAfee Endpoint Security machen Windows angreifbar ∗∗∗ --------------------------------------------- Es gibt wichtige Updates für McAfee Endpoint Security. Unter bestimmten Voraussetzungen könnten Angreifer Schadcode ausführen. --------------------------------------------- https://heise.de/-4970655 ∗∗∗ 2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software ∗∗∗ --------------------------------------------- cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection on an account. The issue, tracked as "SEC-575" and discovered by researchers from Digital Defense, has been remedied by the company in versions 11.92.0.2, [...] --------------------------------------------- https://thehackernews.com/2020/11/2-factor-authentication-bypass-flaw.html ∗∗∗ Cisco DNA Spaces Connector Command Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary [...] --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Edge Fog Fabric Resource Exposure Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ VMSA-2020-0023.3 VMware ESXi, Workstation, Fusion and NSX-T updates address multiple security vulnerabilities (CVE-2020-3981, CVE-2020-3982, CVE-2020-3992, CVE-2020-3993, CVE-2020-3994, CVE-2020-3995) ∗∗∗ --------------------------------------------- Updated security advisory to add VMware Cloud Foundation 3.x and 4.x versions in the response matrix of section 3(a). --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0023.html ∗∗∗ VMSA-2020-0026.1 VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) ∗∗∗ --------------------------------------------- Updated security advisory to add VMware Cloud Foundation 3.x and 4.x versions in the response matrix of sections 3(a) and 3(b). --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0026.html ∗∗∗ ICS Advisory (ICSA-20-329-02) Fuji Electric V-Server Lite ∗∗∗ --------------------------------------------- Successful exploitation of this vulnerability could allow for remote code execution on the device. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02 ∗∗∗ ICS Advisory (ICSA-20-329-01) Rockwell Automation FactoryTalk Linx ∗∗∗ --------------------------------------------- Successful exploitation of these vulnerabilities could allow a denial-of-service condition, remote code execution, or leak information that could be used to bypass address space layout randomization (ASLR). --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-20-329-01 ∗∗∗ MISP: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1170 ∗∗∗ Red Hat Virtualization: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1169 ∗∗∗ NETGEAR GS108Ev3 vulnerable to cross-site request forgery ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN27806339/ ∗∗∗ Security Advisory - Command Injection Vulnerability in ManageOne Product ∗∗∗ --------------------------------------------- https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201125… ∗∗∗ Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201125… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.11.2020
by Daily end-of-shift report 24 Nov '20

24 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Montag 23-11-2020 18:00 − Dienstag 24-11-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Warten auf Patches: Kritische VMware-Lücke gefährdet Linux- und Windows-Systeme ∗∗∗ --------------------------------------------- Software von VMware ist über eine Zero-Day-Lücke attackierbar. Bislang gibt es nur Workarounds zur Absicherung. --------------------------------------------- https://heise.de/-4969353 ∗∗∗ Betrügerische Trading-Plattformen: Kriminelle werben mit Kommentaren bei YouTube-Videos ∗∗∗ --------------------------------------------- In den Kommentaren zahlreicher beliebter YouTube-Videos – darunter Last Christmas von Wham! – finden sich Tipps, wie man mit Bitcoin-Handel im Internet reich werden kann. Verpackt in einer hochemotionalen Geschichte berichtet ein Nutzer, wie ihm eine Lyra Holt Dean beim Handel unterstützte. Im Kommentar gibt er auch ihre E-Mail-Adresse an. Schreiben Sie keinesfalls an diese Adresse, es handelt sich um Betrug! --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-trading-plattformen-k… ∗∗∗ Lookalike domains and how to outfox them ∗∗∗ --------------------------------------------- Our approach is more complex than simply registering lookalike domains to the company and enables real-time blocking of attacks that use such domains as soon as they appear. --------------------------------------------- https://securelist.com/lookalike-domains-and-how-to-outfox-them/99539/ ∗∗∗ Blackrota, a heavily obfuscated backdoor written in Go ∗∗∗ --------------------------------------------- Recently, a malicious backdoor program written in the Go language that exploits an unauthorized access vulnerability in the Docker Remote API was caught by the our Anglerfish honeypot. We named it Blackrota, giventhat its C2 domain name is [...] --------------------------------------------- https://blog.netlab.360.com/blackrota-an-obfuscated-backdoor-written-in-go-… ∗∗∗ Hidden SEO Spam Link Injections on WordPress Sites ∗∗∗ --------------------------------------------- Often when a website is injected with SEO spam, the owner is completely unaware of the issue until they begin to receive warnings from search engines or blacklists. This is by design - attackers intentionally try to prevent detection by arranging injected links so they are not visible to average human traffic. One of the techniques attackers use is to “push” the injected SEO spam links off the visible portion of the website. --------------------------------------------- https://blog.sucuri.net/2020/11/hidden-seo-spam-link-injections-on-wordpres… ∗∗∗ MedusaLocker Ransomware Analysis ∗∗∗ --------------------------------------------- The Cybereason Nocturnus Team has published an analysis of the MedusaLocker ransomware. MedusaLocker targets Windows systems and first appeared in 2019. Since then, it has reportedly been involved in many attacks targeting a number of industry sectors, but especially the healthcare sector. --------------------------------------------- https://exchange.xforce.ibmcloud.com/collection/9b5a2bd4954b29920abc8f39f0a… ===================== = Vulnerabilities = ===================== ∗∗∗ Citrix Hypervisor Security Update ∗∗∗ --------------------------------------------- A security issue has been identified that may allow privileged code running in a guest VM to compromise the host. This issue is limited to only those guest VMs where the host administrator has explicitly assigned a PCI passthrough device to the guest VM. --------------------------------------------- https://support.citrix.com/article/CTX286511 ∗∗∗ Xen Security Advisory XSA-355 - stack corruption from XSA-346 change ∗∗∗ --------------------------------------------- A malicious or buggy HVM or PVH guest can cause Xen to crash, resulting in a Denial of Service (DoS) to the entire host. Privilege escalation as well as information leaks cannot be excluded. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-355.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (chromium, microcode_ctl, and seamonkey), Mageia (f2fs-tools, italc, python-cryptography, python-pillow, tcpreplay, and vino), Oracle (thunderbird), Red Hat (bind, kernel, microcode_ctl, net-snmp, and Red Hat Virtualization), Scientific Linux (net-snmp and thunderbird), SUSE (kernel and mariadb), and Ubuntu (atftp, libextractor, pdfresurrect, and pulseaudio). --------------------------------------------- https://lwn.net/Articles/838255/ ∗∗∗ Synology-SA-20:25 Safe Access ∗∗∗ --------------------------------------------- Multiple vulnerabilities allow remote attackers to execute arbitrary code via a susceptible version of Safe Access. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_25 ∗∗∗ Red Hat JBoss Enterprise Application Platform: Schwachstelle ermöglicht SQL-Injection ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1161 ∗∗∗ OTRS: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1159 ∗∗∗ Security Bulletin: IBM TNPM Wireline is vulnerable to Apache Commons Codec. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tnpm-wireline-is-vuln… ∗∗∗ Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities – IBM SDK, Java Technology Edition v8.0.6.11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-usi… ∗∗∗ Security Bulletin: IBM API Connect is vulnerable to arbitrary code execution and security bypass in Drupal (CVE-2020-13664, CVE-2020-13665) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulner… ∗∗∗ [20201107] - Core - Write ACL violation in multiple core views ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/834-20201107-core-write-ac… ∗∗∗ [20201106] - Core - CSRF in com_privacy emailexport feature ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/833-20201106-core-csrf-in-… ∗∗∗ [20201105] - Core - User Enumeration in backend login ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/832-20201105-core-user-enu… ∗∗∗ [20201104] - Core - SQL injection in com_users list view ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/831-20201104-core-sql-inje… ∗∗∗ [20201103] - Core - Path traversal in mod_random_image ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/830-20201103-core-path-tra… ∗∗∗ [20201102] - Core - Disclosure of secrets in Global Configuration page ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/829-20201102-core-disclosu… ∗∗∗ [20201101] - Core - com_finder ignores access levels on autosuggest ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/828-20201101-core-com-find… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.11.2020
by Daily end-of-shift report 23 Nov '20

23 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 20-11-2020 18:00 − Montag 23-11-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Jetzt patchen! Exploit-Code bedroht fast 50.000 Fortinet VPNs ∗∗∗ --------------------------------------------- Die Lage um eine ein Jahr alte Lücke in VPN-Systemen von Fortinet spitzt sich zu. Sicherheitspatches sind schon lange verfügbar. --------------------------------------------- https://heise.de/-4968392 ∗∗∗ GitHub fixes high severity security flaw spotted by Google ∗∗∗ --------------------------------------------- Two weeks after Google disclosed a security flaw in GitHub, the Microsoft-owned site has fixed the issue. --------------------------------------------- https://www.zdnet.com/article/github-fixes-high-severity-security-flaw-spot… ∗∗∗ Botnetze suchen massenhaft nach Anmeldedaten in ungesicherten ENV-Dateien ∗∗∗ --------------------------------------------- Die speichern Konfigurationsdaten von Umgebungen wie Docker, Node.js und Symfony. Sicherheitsanbieter finden zuletzt mehr als 1100 aktive Scanner für ENV-Dateien. Hacker erhalten darüber unter Umständen Zugang zu Servern, um Daten zu stehlen und Malware einzuschleusen. --------------------------------------------- https://www.zdnet.de/88389948/botnetze-suchen-massenhaft-nach-anmeldedaten-… ∗∗∗ FBI warns of increasing Ragnar Locker ransomware activity ∗∗∗ --------------------------------------------- The U.S. Federal Bureau of Investigation (FBI) Cyber Division has warned private industry partners of increased Ragnar Locker ransomware activity following a confirmed attack from April 2020. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fbi-warns-of-increasing-ragn… ∗∗∗ LightBot: TrickBot’s new reconnaissance malware for high-value targets ∗∗∗ --------------------------------------------- The notorious TrickBot has gang has released a new lightweight reconnaissance tool used to scope out an infected victims network for high-value targets. --------------------------------------------- https://www.bleepingcomputer.com/news/security/lightbot-trickbot-s-new-reco… ∗∗∗ TrickBot turns 100: Latest malware released with new features ∗∗∗ --------------------------------------------- The TrickBot cybercrime gang has released the hundredth version of the TrickBot malware with additional features to evade detection. --------------------------------------------- https://www.bleepingcomputer.com/news/security/trickbot-turns-100-latest-ma… ∗∗∗ PYSA/Mespinoza Ransomware ∗∗∗ --------------------------------------------- Over the course of 8 hours the PYSA/Mespinoza threat actors used Empire and Koadic as well as RDP to move laterally throughout the environment, grabbing credentials from as many [...] --------------------------------------------- https://thedfirreport.com/2020/11/23/pysa-mespinoza-ransomware/ ===================== = Vulnerabilities = ===================== ∗∗∗ ICS Advisory (ICSA-20-324-05) Mitsubishi Electric MELSEC iQ-R Series ∗∗∗ --------------------------------------------- Successful exploitation of this vulnerability could cause a denial-of-service condition for the affected product. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-20-324-05 ∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2020-0008 ∗∗∗ --------------------------------------------- Date Reported: November 23, 2020 Advisory ID: WSA-2020-0008 CVE identifiers: CVE-2020-13584, CVE-2020-9948,CVE-2020-9951, CVE-2020-9952,CVE-2020-9983. Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. --------------------------------------------- https://webkitgtk.org/security/WSA-2020-0008.html ∗∗∗ Multiple Vulnerabilities in ZTE WLAN router MF253V ∗∗∗ --------------------------------------------- https://sec-consult.com/./en/blog/advisories/multiple-vulnerabilities-in-zt… ∗∗∗ HCL Domino: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1155 ∗∗∗ Opera Mini für Android: Schwachstelle ermöglicht Darstellen falscher Informationen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1152 ∗∗∗ Trend Micro ServerProtect: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1150 ∗∗∗ WordPress Fancy Product Designer For WooCommerce 4.5.1 File Upload ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2020110179 ∗∗∗ [webapps] TP-Link TL-WA855RE V5_200415 - Device Reset Auth Bypass ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/49092 ∗∗∗ Security Bulletin: IBM Spectrum Protect Server allows Triple DES (3DES) ciphers to be used (CVE-2018-1785) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-serv… ∗∗∗ Security Bulletin: Improper Authentication of Websocket Endpoint in IBM Spectrum Protect Operations Center ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-improper-authentication-o… ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime, IBM WebSphere Application Server Liberty, and Apache Commons affect IBM Spectrum Protect Operations Center and IBM Spectrum Protect Client Management Service ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ Security Bulletin: Vulnerabilities in IBM Db2 and IBM Java Runtime affect IBM Spectrum Protect Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-db… ∗∗∗ Security Bulletin: Vulnerabilities in jQuery, Spring, Dom4j, MongoDB, Linux Kernel, Targetcli-fb, Jackson, Node.js, and Apache Commons affect IBM Spectrum Protect Plus ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery… ∗∗∗ Security Bulletin: Static Credential Vulnerability in IBM Spectrum Protect Plus (CVE-2020-4854) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-static-credential-vulnera… ∗∗∗ Security Bulletin: IBM Spectrum Protect Plus allows use of TLS Version 1.1 protocols (CVE-2020-4783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-plus… ∗∗∗ Security Bulletin: Vulnerability in Python affects IBM Spectrum Protect Plus Microsoft Windows File Systems agent (CVE-2020-15801) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-python-a… ∗∗∗ Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-webs… ∗∗∗ Security Bulletin: Vulnerabilities in Apache Commons and Log4j affect IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache… ∗∗∗ Security Bulletin: IBM Java Runtime Vulnerabilities affect the IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerab… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.11.2020
by Daily end-of-shift report 20 Nov '20

20 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 19-11-2020 18:00 − Freitag 20-11-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ IAM-Driven Biometrics: The Security Issues with Biometric Identity and Access Management ∗∗∗ --------------------------------------------- The increase of cybersecurity incidents brings along a higher demand for enhanced security protections. Thus, in the attempt of preventing unauthorized third parties from accessing their accounts and sensitive data, companies are increasingly turning to biometric authentication. Contemporary Identity and Access Management (IAM) technologies have moved beyond basic login methods based on usernames and passwords. --------------------------------------------- https://heimdalsecurity.com/blog/iam-driven-biometrics/ ∗∗∗ [SANS ISC] Malicious Python Code and LittleSnitch Detection ∗∗∗ --------------------------------------------- I published the following diary on isc.sans.edu: “Malicious Python Code and LittleSnitch Detection“: We all run plenty of security tools on our endpoints. Their goal is to protect us by preventing infection (or trying to prevent it). But all those security tools are present on our devices like normal applications --------------------------------------------- https://blog.rootshell.be/2020/11/20/sans-isc-malicious-python-code-and-lit… ∗∗∗ The malware that usually installs ransomware and you need to remove right away ∗∗∗ --------------------------------------------- [...] This article focuses on the known malware strains that have been used over the past two years to install ransomware. [...] Once any of these malware strains are detected, system administrators should drop everything, take systems offline, and audit and remove the malware as a top priority. ZDNet will keep the list up to date going forward. --------------------------------------------- https://www.zdnet.com/article/the-malware-that-usually-installs-ransomware-… ∗∗∗ Exploiting dynamic rendering engines to take control of web apps ∗∗∗ --------------------------------------------- tl;dr: - Dynamic rendering is a technique used to serve prerendered web site pages to crawlers (e.g., Google search engine, Slack or Twitter bots, etc.) - The most popular open source applications for dynamic rendering are Rendertron and Prerender; both of which may introduce vulnerabilities to a network if used improperly. --------------------------------------------- https://r2c.dev/blog/2020/exploiting-dynamic-rendering-engines-to-take-cont… ∗∗∗ Consul by HashiCorp: from Infoleak to RCE ∗∗∗ --------------------------------------------- Consul is a software first released in 2014 for DNS-based service discovery. It provides distributed key-value storage, segmentation, and configuration. Registered services and nodes can be queried using a DNS interface or an HTTP interface. [...] An attacker can use public access to the system to obtain information about the infrastructure and its configuration. --------------------------------------------- https://lab.wallarm.com/consul-by-hashicorp-from-infoleak-to-rce/ ∗∗∗ WordPress Malware Setting Up SEO Shops ∗∗∗ --------------------------------------------- While recently looking over my honeypots, I discovered an infection where a malicious actor added a storefront on top of my existing WordPress installation. For background, this particular honeypot is a full instance of WordPress running on a Docker image. The administrator credentials are intentionally weak, in order to give those with malicious intent easy access. This way I can examine what attacks the vulnerable site will undergo and what the login access will be used for. --------------------------------------------- https://blogs.akamai.com/sitr/2020/11/wordpress-malware-setting-up-seo-shop… ∗∗∗ Purgalicious VBA: Macro Obfuscation With VBA Purging ∗∗∗ --------------------------------------------- Malicious Office documents remain a favorite technique for every type of threat actor, from red teamers to FIN groups to APTs. In this blog post, we will discuss "VBA Purging", a technique we have increasingly observed in the wild and that was first publicly documented by Didier Stevens in February 2020. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/11/purgalicious-vba-macro-… ∗∗∗ Demystifying two common misconceptions with e-commerce security ∗∗∗ --------------------------------------------- HTTPS and iframe containers augment security, but are not a panacea for online shoppers and merchants. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2020/11/demystifying-two-common-mi… ∗∗∗ Vorsicht: Zahlreiche Fake-Shops werben mit Black Friday Deals ∗∗∗ --------------------------------------------- In einer Woche ist es soweit: Der Black Friday lässt das Herz von Schnäppchenjägern höherschlagen. Ab Montag beginnt die Cyber Week, bei denen sich KonsumentInnen schon vor dem Black Friday über Rabatte im Online-Handel freuen können. Doch seien Sie vorsichtig auf der Schnäppchenjagd. Denn zu dieser Zeit macht nicht nur der Online-Handel ein gutes Geschäft, sondern auch BetrügerInnen. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-zahlreiche-fake-shops-werbe… ∗∗∗ IAMFinder: Open Source Tool to Identify Information Leaked from AWS IAM Reconnaissance ∗∗∗ --------------------------------------------- IAMFinder is a custom open-source tool that can identify users and IAM roles in AWS accounts, showing where to harden IAM configurations. --------------------------------------------- https://unit42.paloaltonetworks.com/iamfinder/ ===================== = Vulnerabilities = ===================== ∗∗∗ About the security content of macOS Big Sur 11.0.1 ∗∗∗ --------------------------------------------- The macOS Big Sur 11.0.1 software update is available for Mac mini (M1, 2020), MacBook Air (M1, 2020), and MacBook Air (13-inch, 2020), and together with macOS 11.0 includes the security content listed in this advisory. --------------------------------------------- https://support.apple.com/en-us/HT211982 ∗∗∗ VMSA-2020-0026 VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) ∗∗∗ --------------------------------------------- Multiple vulnerabilities in VMware ESXi, Workstation and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0026.html ∗∗∗ VMSA-2020-0023 Updates ∗∗∗ --------------------------------------------- Updated security advisory to add Workstation 15.x version in the response matrix of section 3(c) and 3(d). --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0023.html ∗∗∗ VMSA-2020-0020 Updates ∗∗∗ --------------------------------------------- Updated security advisory to add Fusion 11.x version in the response matrix of section 3(a) and Workstation 15.x version in the response matrix of section 3(b), 3(c) & 3(d). --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0020.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Fedora (chromium, microcode_ctl, mingw-libxml2, seamonkey, and xen), openSUSE (slurm_18_08 and tor), Oracle (thunderbird), SUSE (buildah, firefox, go1.14, go1.15, krb5, microcode_ctl, perl-DBI, podman, postgresql12, thunderbird, ucode-intel, wireshark, wpa_supplicant, and xen), and Ubuntu (firefox and phpmyadmin). --------------------------------------------- https://lwn.net/Articles/837915/ ∗∗∗ CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance ∗∗∗ --------------------------------------------- A vulnerability has been identified in Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway that, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution. --------------------------------------------- https://support.citrix.com/article/CTX267027 ∗∗∗ Security Bulletin: Cryptographic Vulnerability Affects Map Editor in IBM Sterling B2B Integrator (CVE-2020-4937) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cryptographic-vulnerabili… ∗∗∗ Security Bulletin: Vulnerability CVE-2020-4788 in the IBM Power9 processor affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2020-47… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: InfoSphere Master Data Management 11.6 affected due to vulnerability in OpenSSL ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-infosphere-master-data-ma… ∗∗∗ Security Bulletin: IBM® Db2® could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. (CVE-2020-4739) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-could-allow-a-loc… ∗∗∗ Security Bulletin: IBM has released AIX and VIOS iFixes in response to a vulnerability in IBM POWER9 (CVE-2020-4788) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-released-aix-and-… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Apr 2020 – Includes Oracle Apr 2020 CPU minus CVE-2020-2773 affects IBM MQ ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.11.2020
by Daily end-of-shift report 19 Nov '20

19 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 18-11-2020 18:00 − Donnerstag 19-11-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Android chat app with 100 million installs exposes private messages ∗∗∗ --------------------------------------------- GO SMS Pro, an Android instant messaging application with over 100 million installs, is publicly exposing private multimedia files shared between its users. --------------------------------------------- https://www.bleepingcomputer.com/news/security/android-chat-app-with-100-mi… ∗∗∗ CodeQL: Github findet Sicherheitslücke in Corona-Warn-App-Server ∗∗∗ --------------------------------------------- Das Sicherheitsteam von Github hat eine Remote Code Execution im Server-Code der Corona-Warn-App gefunden --------------------------------------------- https://www.golem.de/news/codeql-github-findet-sicherheitsluecke-in-corona-… ∗∗∗ Egregor-Ransomware bombardiert Nutzer mit gedruckten Lösegeldforderungen ∗∗∗ --------------------------------------------- Die Cyberkriminellen wenden die Taktik erstmals bei einem Angriff auf einen chilenischen Handelskonzern an. Sie begnügen sich nicht nur mit Office-Druckern und geben ihre Lösegeldforderung sogar auf Quittungsdruckern aus. Unklar ist, wie die Hacker dabei vorgehen. --------------------------------------------- https://www.zdnet.de/88389908/egregor-ransomware-bombardiert-nutzer-mit-ged… ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal core - Critical - Remote code execution - SA-CORE-2020-012 ∗∗∗ --------------------------------------------- Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting [...] --------------------------------------------- https://www.drupal.org/sa-core-2020-012 ∗∗∗ SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-038 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2020-038 ∗∗∗ Ink Filepicker - Critical - Unsupported - SA-CONTRIB-2020-037 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2020-037 ∗∗∗ Media: oEmbed - Critical - Remote Code Execution - SA-CONTRIB-2020-036 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2020-036 ∗∗∗ Examples for Developers - Critical - Remote Code Execution - SA-CONTRIB-2020-035 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2020-035 ∗∗∗ VMware SD-WAN Orchestrator updates address multiple security vulnerabilities ∗∗∗ --------------------------------------------- Multiple vulnerabilities in SD-WAN Orchestrator were privately reported to VMware. Patches and workarounds are available to remediate or workaround this vulnerability in affected VMware products. VMware-hosted SD-WAN Orchestrators have been patched for these issues. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0025.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium and firefox), CentOS (bind, curl, fence-agents, kernel, librepo, libvirt, microcode_ctl, python, python3, qt and qt5-qtbase, resource-agents, and tomcat), Debian (drupal7, firefox-esr, jupyter-notebook, packer, python3.5, and rclone), Fedora (firefox), Mageia (firefox, nss), openSUSE (gdm, kernel-firmware, and moinmoin-wiki), Oracle (net-snmp), SUSE (libzypp, zypper), and Ubuntu (c-ares). --------------------------------------------- https://lwn.net/Articles/837767/ ∗∗∗ ICS Advisory (ICSA-20-324-03) Real Time Automation EtherNet/IP ∗∗∗ --------------------------------------------- The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-20-324-03 ∗∗∗ Trend Micro Apex One: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1136 ∗∗∗ F5 BIG-IP: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1140 ∗∗∗ [webapps] Nagios Log Server 2.1.7 - Persistent Cross-Site Scripting ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/49082 ∗∗∗ Security Advisory - Improper Buffer Operation Restrictions Vulnerability on Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201118-… ∗∗∗ Security Advisory - Command Injection Vulnerability in Huawei FusionCompute Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201118-… ∗∗∗ Security Bulletin: TLS Protocol DHE_EXPORT Ciphers Downgrade MitM (Logjam) vulnerability in IBM Cloud Pak for Data Streams ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-tls-protocol-dhe_export-c… ∗∗∗ Security Bulletin: The web server or application server are configured in an insecure way in IBM Cloud Pak for Data Streams ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-the-web-server-or-applica… ∗∗∗ Security Bulletin: CVE-2020-14782 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-14782-may-affect… ∗∗∗ Security Bulletin: App Connect for Manufacturing 2.0 is affected by vulnerabilities of ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.6 (CVE-2019-17359) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-for-manufactu… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow (CVE-2020-4701) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2020-4718) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-af… ∗∗∗ Security Bulletin: Lucky 13 Attack Vulnerability in IBM Cloud Pak for Data Streams ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-lucky-13-attack-vulnerabi… ∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssh-… ∗∗∗ Security Bulletin: CVE-2019-17638 jetty double-release of a byte buffer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-17638-jetty-doub… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.11.2020
by Daily end-of-shift report 18 Nov '20

18 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 17-11-2020 18:00 − Mittwoch 18-11-2020 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ When Security Controls Lead to Security Issues, (Wed, Nov 18th) ∗∗∗ --------------------------------------------- The job of security professionals is to protect customers assets and, even more, today, customers data. The security landscape is full of solutions that help to improve security by detecting (and blocking) threats knocking on the organizations doors. Sometimes, such solutions have side effects that go to the opposite direction and make customers more vulnerable to attacks. --------------------------------------------- https://isc.sans.edu/diary/rss/26804 ∗∗∗ Evasive Maneuvers in Data Stealing Gateways ∗∗∗ --------------------------------------------- We have already shared examples of many kinds of malware that rely on an external gateway to receive or return data, such as different malware payloads. During a recent investigation, we came across this example of a PHP script that attackers use for many different purposes. What makes the sample interesting is that alongside this PHP, we also found a few data-stealing scripts indicating that the code might have been used to send sensitive data to the attackers. Continue reading Evasive --------------------------------------------- https://blog.sucuri.net/2020/11/evasive-maneuvers-in-data-stealing-gateways… ∗∗∗ WebNavigator Chromium browser published by search hijackers ∗∗∗ --------------------------------------------- A mystery Chromium browser recently made a sudden appearance, and is certainly proving popular. But what is it, and where did it come from? --------------------------------------------- https://blog.malwarebytes.com/pups/2020/11/webnavigator-chromium-browser-pu… ∗∗∗ Nibiru ransomware variant decryptor ∗∗∗ --------------------------------------------- The Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Nibiru uses a hard-coded string "Nibiru" to compute the 32-byte key and 16-byte IV values. The decryptor program leverages this weakness to decrypt files encrypted by this variant. --------------------------------------------- https://blog.talosintelligence.com/2020/11/Nibiru-ransomware.html ∗∗∗ Large-Scale Attacks Target Epsilon Framework Themes ∗∗∗ --------------------------------------------- On November 17, 2020, our Threat Intelligence team noticed a large-scale wave of attacks against recently reported Function Injection vulnerabilities in themes using the Epsilon Framework, which we estimate are installed on over 150,000 sites. So far today, we have seen a surge of more than 7.5 million attacks against more than 1.5 million sites ... For the time being, the vast majority of these attacks appear to be probing attacks, designed to determine whether a site has a vulnerable theme installed rather than to perform an exploit chain, though full Remote Code Execution(RCE) leading to site takeover is possible with these vulnerabilities. --------------------------------------------- https://www.wordfence.com/blog/2020/11/large-scale-attacks-target-epsilon-f… ∗∗∗ Vorsicht vor COVID-19-Hilfsfonds: Unterstützungszahlungen in Millionenhöhe sind Betrug! ∗∗∗ --------------------------------------------- Die Corona-Krise ist für viele Menschen auch eine finanzielle Krise. Verschiedene Unterstützungsangebote sollen daher helfen, durch diese Zeit zu kommen. Aber Achtung! Werfen Sie einen genauen Blick darauf, wer Ihnen Geld anbietet. Denn: Derzeit werden betrügerische E-Mails von angeblichen COVID-19 Hilfsfonds versendet, in denen hohe Geldbeträge versprochen werden. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-covid-19-hilfsfonds-unt… ===================== = Vulnerabilities = ===================== ∗∗∗ iTunes 12.11 for Windows ∗∗∗ --------------------------------------------- Foundation Impact: A local user may be able to read arbitrary files ImageIO Impact: Processing a maliciously crafted image may lead to arbitrary code execution libxml2 Impact: Processing maliciously crafted web content may lead to code execution libxml2 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Windows Security Impact: A malicious application may be able to access local users Apple IDs --------------------------------------------- https://support.apple.com/kb/HT211933 ∗∗∗ Tails 4.13: Anonymisierendes Betriebssystem bekommt wichtige Sicherheitsupdates ∗∗∗ --------------------------------------------- Die neue Version des Debian-basierten Live-Systems umfasst ein wenig Feinschliff an der Oberfläche, vor allem aber wichtige Security-Fixes. --------------------------------------------- https://heise.de/-4963955 ∗∗∗ Tor Browser: Desktop-Version 10.0.5 mit Firefox-Sicherheitsupdates verfügbar ∗∗∗ --------------------------------------------- Für Windows, Linux und macOS steht eine neue Version des anonymisierenden Webbrowsers bereit. Die Android-Ausgabe soll bald folgen. --------------------------------------------- https://heise.de/-4964177 ∗∗∗ Cisco Expressway Software Unauthorized Access Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Secure Web Appliance Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings API Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings and Cisco Webex Meetings Server Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings and Cisco Webex Meetings Server Unauthorized Audio Information Exposure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings and Cisco Webex Meetings Server Ghost Join Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Telepresence CE Software and RoomOS Software Unauthorized Token Generation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco DNA Spaces Connector Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Improper Domain Access Control Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network REST API Insufficient Input Validation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Unprotected Storage of Credentials Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director File Overwrite Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Improper Access Control Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Unauthenticated REST API Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IoT Field Network Director Missing API Authentication Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Privilege Escalation Vulnerability in FusionCompute Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201118-… ∗∗∗ Security Bulletin: An unspecified vulnerability in Java SE or Oracle Java SE could allow an unauthenticated attacker ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerabil… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14621) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: App Connect Enterprise Certified Container Dashboard is vulnerable to (CVE-2020-15168) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-ce… ∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a data corruption vulnerability (CVE-2020-4592) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec… ∗∗∗ Security Bulletin: IBM MQ is affected by a vulnerability in IBM Runtime Environment Java (deferred from Oracle Jan 2020 CPU) CVE-2020-2654 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-v… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.11.2020
by Daily end-of-shift report 17 Nov '20

17 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Montag 16-11-2020 18:00 − Dienstag 17-11-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücke: Mit Hardware für 30 Dollar Intels sichere Enklave geknackt ∗∗∗ --------------------------------------------- Intels Enklave SGX soll Daten selbst vor Rechenzentrumsbetreibern mit physischem Zugang verbergen. Doch Forscher konnten auf diese Weise RSA-Schlüssel auslesen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-mit-hardware-fuer-30-dollar-int… ∗∗∗ Firewall-Umgehung in macOS 11: Malware kann Apples Ausschlussliste missbrauchen ∗∗∗ --------------------------------------------- Apple-Dienste bleiben für lokale Firewalls in macOS 11 unsichtbar. Auch Malware könne so nach Hause telefonieren, warnt ein Sicherheitsforscher. --------------------------------------------- https://heise.de/-4963227 ∗∗∗ Be Very Sparing in Allowing Site Notifications ∗∗∗ --------------------------------------------- An increasing number of websites are asking visitors to approve "notifications," browser modifications that periodically display messages on the users mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters. --------------------------------------------- https://krebsonsecurity.com/2020/11/be-very-sparing-in-allowing-site-notifi… ∗∗∗ YouTube: Betrügerische Werbung verlockt zu hohen Investitionen ∗∗∗ --------------------------------------------- Aktuell wird auf YouTube der Bitcoin-Handel auf unseriösen Trading-Plattformen beworben. Wer sich für die Werbung interessiert, landet bei einem gefälschten Zeitungsartikel auf einer gefälschten Kronen Zeitung Website. Dort ist ein frei erfundenes Interview mit dem Geschäftsmann Richard Lugner zu lesen, in dem er erklärt, wie man mit Bitcoin-Investitionen in nur wenigen Tagen zum Millionär wird. --------------------------------------------- https://www.watchlist-internet.at/news/youtube-betruegerische-werbung-verlo… ∗∗∗ Jupyter trojan: Newly discovered malware stealthily steals usernames and passwords ∗∗∗ --------------------------------------------- Morphisec researchers detail campaign that steals Chromium, Firefox, and Chrome browser data. --------------------------------------------- https://www.zdnet.com/article/jupyter-trojan-newly-discovered-trojan-malwar… ∗∗∗ vjw0rm Leveraging New Obfuscation Technique ∗∗∗ --------------------------------------------- Summaryvjw0rm is a malicious JavaScript program capable of propagating across removable storage devices and receiving instructions from a C2 server. A SANS Internet Storm Center (ISC) researcher has identified a sample of this worm leveraging new obfuscation techniques. --------------------------------------------- https://exchange.xforce.ibmcloud.com/collection/bfbf7b77d8cbc57d1a94e7bc291… ===================== = Vulnerabilities = ===================== ∗∗∗ Jetzt updaten: Cisco bessert bei der Sicherheit seines "Security Managers" nach ∗∗∗ --------------------------------------------- Dank Lücken mit "High" und "Critical"-Einstufung war Ciscos Security Manager der Sicherheit eher abträglich. Software-Updates sind jetzt teilweise verfügbar. --------------------------------------------- https://heise.de/-4962719 ∗∗∗ Blind Out-Of-Band XML External Entity Injection in Avaya Web License Manager ∗∗∗ --------------------------------------------- By using an XXE injection it is possible to read confidential data like /etc/shadow or private keys. In addition, a special payload can affect the availability of the web application. --------------------------------------------- https://sec-consult.com/en/blog/advisories/blind-out-of-band-xml-external-e… ∗∗∗ TYPO3 Extensions: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in TYPO3 Extensions ausnutzen, um Informationen offenzulegen oder einen Denial of Service zu verursachen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1127 ∗∗∗ TYPO3 Core: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in TYPO3 Core ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1124 ∗∗∗ Trend Micro InterScan Web Security Virtual Appliance < 6.5 SP2 Hotfix 1919 ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Trend Micro InterScan Web Security Virtual Appliance ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1128 ∗∗∗ Apple iTunes: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple iTunes ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen oder einen Denial of Service zu verursachen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1125 ∗∗∗ Node.js: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1126 ∗∗∗ Trend Micro Worry-Free Business Security: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1129 ∗∗∗ Western Digital My Cloud NAS Devices Security Vulnerabilities ∗∗∗ --------------------------------------------- Comparitech researches have published a paper on five vulnerabilities found in Western Digital network-attached storage (NAS) devices. If successfully exploited, the exploitation of these vulnerabilities could lead to remote code execution. Also possible is the [...] --------------------------------------------- https://exchange.xforce.ibmcloud.com/collection/2ee337a7fbea5d145289bcab311… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libdatetime-timezone-perl, openldap, pacemaker, and restic), Fedora (libmediainfo, mediainfo, mingw-python3, and seamonkey), Gentoo (libexif), openSUSE (raptor), Oracle (kernel and microcode_ctl), Scientific Linux (firefox), SUSE (kernel-firmware, postgresql, postgresql96, postgresql10 and postgresql12, and raptor), and Ubuntu (openldap and postgresql-10, postgresql-12, postgresql-9.5). --------------------------------------------- https://lwn.net/Articles/837538/ ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to Multiple Jackson-Databind CVEs – February 2020 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: Cross-site scripting vulnerability affects IBM Business Automation Workflow – CVE-2020-4672 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: IBM API Connect is vulnerable to arbitrary code execution and security bypass in Drupal (CVE-2020-13664, CVE-2020-13665) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulner… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.11.2020
by Daily end-of-shift report 16 Nov '20

16 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 13-11-2020 18:00 − Montag 16-11-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Stories from the SOC – Multi-layered defense detects Windows Trojan ∗∗∗ --------------------------------------------- Malware infections are common and are often missed by antivirus software. Their impact to critical infrastructure and applications can be devastating to an organizations network, brand and customers if not remediated. With the everchanging nature of [...] --------------------------------------------- https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-so… ∗∗∗ New TroubleGrabber Discord malware steals passwords, system info ∗∗∗ --------------------------------------------- TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-troublegrabber-discord-m… ∗∗∗ Windows Kerberos authentication breaks due to security updates ∗∗∗ --------------------------------------------- Microsoft is investigating a new known issue causing enterprise domain controllers to experience Kerberos authentication problems after installing security updates released during this months Patch Tuesday, on November 10. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentica… ∗∗∗ Schneider Electric Warns Customers of Drovorub Linux Malware ∗∗∗ --------------------------------------------- One of the security bulletins released this week by Schneider Electric warns customers about Drovorub, a piece of Linux malware that was recently detailed by the NSA and the FBI. --------------------------------------------- https://www.securityweek.com/schneider-electric-warns-customers-drovorub-li… ∗∗∗ Ok Google: please publish your DKIM secret keys ∗∗∗ --------------------------------------------- The Internet is a dangerous place in the best of times. Sometimes Internet engineers find ways to mitigate the worst of these threats, and sometimes they fail. Every now and then, however, a major Internet company finds a solution that actually makes the situation worse for just about everyone. Today I want to talk about [...] --------------------------------------------- https://blog.cryptographyengineering.com/2020/11/16/ok-google-please-publis… ∗∗∗ The ransomware landscape is more crowded than you think ∗∗∗ --------------------------------------------- More than 25 Ransomware-as-a-Service (RaaS) portals are currently renting ransomware to other criminal groups. --------------------------------------------- https://www.zdnet.com/article/the-ransomware-landscape-is-more-crowded-than… ∗∗∗ Ngioweb Botnet Targeting IoT Devices ∗∗∗ --------------------------------------------- A new version of the Ngioweb botnet malware was discovered and analyzed by Netlab 360 researchers. Their blog post details the changes observed in these newer samples. --------------------------------------------- https://exchange.xforce.ibmcloud.com/collection/e4becb0bc47fb9b7ad74c9fb579… ===================== = Vulnerabilities = ===================== ∗∗∗ Heartbleed, BlueKeep and other vulnerabilities that didnt disappear just because we dont talk about them anymore, (Mon, Nov 16th) ∗∗∗ --------------------------------------------- Since new critical vulnerabilities are discovered and published nearly every day, it is no wonder that we (i.e. security professionals and security-oriented media) tend to focus on these and dont return to the ones that came before too often. Unless there is a massive exploitation campaign, that is. This doesnt present any problems for organizations, which manage to patch vulnerabilities on time, but for many others [...] --------------------------------------------- https://isc.sans.edu/diary/rss/26798 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libdatetime-timezone-perl and libvncserver), Fedora (chromium, kernel, kernel-headers, kernel-tools, krb5, libexif, libxml2, and thunderbird), Gentoo (chromium, libmaxminddb, and mit-krb5), Mageia (arpwatch, bluez, chromium-browser-stable, firefox and thunderbird, golang, java-1.8.0-op, kdeconnect-kde, kleopatra, libexif, lilypond, microcode, packagekit, ruby, and tpm2-tss), openSUSE (chromium, firefox, ImageMagick, kernel, openldap2, python-waitress, SDL, u-boot, ucode-intel, and zeromq), Oracle (fence-agents, firefox, freetype, kernel, python, python3, and thunderbird), Red Hat (rh-postgresql10-postgresql, rh-postgresql12-postgresql, and virt:8.2 and virt-devel:8.2), Slackware (seamonkey), and SUSE (firefox, gdm, kernel, and kernel-firmware). --------------------------------------------- https://lwn.net/Articles/837431/ ∗∗∗ SIGE (Joomla) 3.4.1 & 3.5.3 Pro - Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2020110113 ∗∗∗ Opera Touch for iOS: Schwachstelle ermöglicht Darstellen falscher Informationen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1123 ∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1122 ∗∗∗ Security Bulletin: Information Disclosure Vulnerability Affects EBICS Client of IBM Sterling B2B Integrator (CVE-2020-4475) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: Information Disclosure Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4476) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: CKEditor XSS Vulnerability Affects IBM Sterling B2B Integrator (CVE-2018-17960) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ckeditor-xss-vulnerabilit… ∗∗∗ Security Bulletin: XSS Vulnerability Affects IBM Sterling B2B Integrator (CVE-2020-4705) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-xss-vulnerability-affects… ∗∗∗ Security Bulletin: SQL Injection Vulnerability Affects EBICS in IBM Sterling B2B Integrator (CVE-2020-4655) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerabili… ∗∗∗ Security Bulletin: B2B API Information Disclosure Vulnerability Affects IBM Sterling B2B Integrator (CVE-2020-4566) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-b2b-api-information-discl… ∗∗∗ Security Bulletin: Cross-site scripting vulnerability affects IBM Business Automation Workflow – CVE-2020-4672 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Apache Struts Affect IBM Sterling File Gateway (CVE-2019-0233, CVE-2019-0230) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Cookie Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4763) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cookie-vulnerability-affe… ∗∗∗ Security Bulletin: Cookie Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4665) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cookie-vulnerability-affe… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.11.2020
by Daily end-of-shift report 13 Nov '20

13 Nov '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 12-11-2020 18:00 − Freitag 13-11-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Ubuntu Linux schließt Lücken: Im Handumdrehen zum Systemverwalter ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher stolperte über eine Lücken-Kombo, mit der einfache Nutzer einen Account mit Sudo-Rechten anlegen konnten. Ubuntu hat diese nun gefixt. --------------------------------------------- https://heise.de/-4960051 ∗∗∗ Unbreak My Heart: What I Learned About Building Better Medical Devices While Troubleshooting My Pacemaker ∗∗∗ --------------------------------------------- This blog outlines the story of Veronica Schmitts journey to fixing her ICD/Pacemaker using Medical Device Forensics. --------------------------------------------- https://www.sans.org/blog/unbreak-my-heart-what-i-learned-about-building-be… ∗∗∗ A new skimmer uses WebSockets and a fake credit card form to steal sensitive data ∗∗∗ --------------------------------------------- A new skimmer attack was discovered this week, targeting various online e-commerce sites built with different frameworks. As of the writing of this blog post, the attack is still active and exfiltrating data. --------------------------------------------- https://blogs.akamai.com/2020/11/a-new-skimmer-uses-websockets-and-a-fake-c… ∗∗∗ DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels ∗∗∗ --------------------------------------------- SAD DNS is a revival of the classic DNS cache poisoning attack (which no longer works since 2008) leveraging novel network side channels that exist in all modern operating systems, including Linux, Windows, macOS, and FreeBSD. This represents an important milestone -- the first weaponizable network side channel attack that has serious security impacts. The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache (e.g., in BIND, Unbound, dnsmasq). --------------------------------------------- https://www.saddns.net/ ∗∗∗ Surviving college distance learning during the pandemic: a cybersecurity guide ∗∗∗ --------------------------------------------- Students in higher education are exposed to online risks more than ever. Keep yourself secure while distance learning from home with this practical guide. --------------------------------------------- https://blog.malwarebytes.com/how-tos-2/2020/11/surviving-college-distance-… ===================== = Vulnerabilities = ===================== ∗∗∗ Schneider Electric sichert diverse ICS-Komponenten gegen Schwachstellen ab ∗∗∗ --------------------------------------------- Für Hard- und Software zur Konfiguration und Verwaltung industrieller Steuerungssysteme von Schneider Electric sind wichtige Sicherheitsupdates verfügbar. --------------------------------------------- https://heise.de/-4959299 ∗∗∗ ICS Advisory (ICSA-20-317-01) Mitsubishi Electric MELSEC iQ-R Series ∗∗∗ --------------------------------------------- A denial-of-service vulnerability due to uncontrolled resource consumption exists in MELSEC iQ-R series CPU modules. This vulnerability does not affect products when the "To Use or Not to Use Web Server" parameter of CPU modules is set to "Not Use." The default setting is "Not Use." --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-20-317-01 ∗∗∗ PostgreSQL 13.1, 12.5, 11.10, 10.15, 9.6.20, and 9.5.24 Released! ∗∗∗ --------------------------------------------- The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 13.1, 12.5, 11.10, 10.15, 9.6.20, and 9.5.24. This release closes three security vulnerabilities and fixes over 65 bugs reported over the last three months. Due to the nature of CVE-2020-25695, we advise you to update as soon as possible. Additionally, this is the second-to-last release of PostgreSQL 9.5. If you are running PostgreSQL 9.5 in a production environment, we [...] --------------------------------------------- https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libproxy, pacemaker, and thunderbird), Fedora (nss), openSUSE (kernel), Oracle (curl, librepo, qt and qt5-qtbase, and tomcat), Red Hat (firefox), SUSE (firefox, java-1_7_0-openjdk, and openldap2), and Ubuntu (apport, libmaxminddb, openjdk-8, openjdk-lts, and slirp). --------------------------------------------- https://lwn.net/Articles/837105/ ∗∗∗ Citrix Hypervisor Security Update ∗∗∗ --------------------------------------------- A security issue has been identified in Citrix Hypervisor that may allow privileged code running in a guest VM to infer details of some computations occurring in other VMs on the host. This may, for example, be used to infer a secret encryption key used [...] --------------------------------------------- https://support.citrix.com/article/CTX285937 ∗∗∗ Citrix SDWAN Center Security Update ∗∗∗ --------------------------------------------- Multiple vulnerabilities have been discovered in Citrix SD-WAN Center that, if exploited, could allow an unauthenticated attacker with network access to SD-WAN Center to perform arbitrary code execution as root. --------------------------------------------- https://support.citrix.com/article/CTX285061 ∗∗∗ Security Bulletin: App Connect Enterprise Certified Container Designer instances may be vulnerable to CVE-2020-7760 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-ce… ∗∗∗ Security Bulletin: Novalink is impacted by Vulnerability in Hibernate Validator affects WebSphere Application Server Liberty (CVE-2020-10693) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-v… ∗∗∗ Security Bulletin: Novalink is impacted running oauth-2.0 or openidConnectServer-1.0 server features vulnerability in WebSphere Application Server Liberty (CVE-2020-4590) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-runn… ∗∗∗ Security Bulletin: Vulnerability in icu CVE-2020-10531. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-icu-cve-… ∗∗∗ Security Bulletin: Vulnerability in Open Source Python affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-8492) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-open-sou… ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java SDK affecting IBM Application Discovery and Delivery Intelligence V5.1.0.7 and V5.1.0.8 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ Security Bulletin: Vulnerabilities in Tivoli Netcool/OMNIbus ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-tivoli… ∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-… ∗∗∗ Security Bulletin: Samba for IBM i is affected by CVE-2020-14323 and CVE-2020-14318 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-samba-for-ibm-i-is-affect… ∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM Spectrum Control (CVE-2020-8201, CVE-2020-8252) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-j… ∗∗∗ Security Bulletin: CVE-2020-4482 ADD SNAPSHOT STATUS REST CALL DOESN'T CHECK THE USER ROLE ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-4482-add-snapsho… ∗∗∗ Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-struts-publicly-di… ∗∗∗ Security Bulletin: CVE-2018-10886 ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2018-10886-ant-before… ∗∗∗ Security Bulletin: IBM Security Directory Suite is affected by a security vulnerability (CVE-2018-4441) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-directory-su… ∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by IBM SDK, Java Technology Edition Quarterly CPU – Apr 2020 vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins… ∗∗∗ Security Bulletin:Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache HttpClient ( CVE-2020-13956) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletinsecurity-bulletin-ibm-cont… ∗∗∗ Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2019-16779). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ruby-o… ∗∗∗ macOS Big Sur 11.0.1 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211931 ∗∗∗ Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211946 ∗∗∗ Safari 14.0.1 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211934 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily