Daily

daily@lists.cert.at

1 participants
3086 discussions

Tageszusammenfassung - 14.07.2020
by Daily end-of-shift report 14 Jul '20

14 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Montag 13-07-2020 18:00 − Dienstag 14-07-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ SCANdalous! (External Detection Using Network Scan Data and Automation) ∗∗∗ --------------------------------------------- Real Quick In case you’re thrown by that fantastic title, our lawyers made us change the name of this project so we wouldn’t get sued. SCANdalous—a.k.a. Scannah Montana a.k.a. Scanny McScanface a.k.a. “Scan I Kick It? (Yes You Scan)”—had another name before today that, for legal reasons, we’re keeping to ourselves. A special thanks to our legal team who is always looking out for us, this blog post would be a lot less fun without them. Strap in folks. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/07/scandalous-external-det… ∗∗∗ Vorsicht vor betrügerischer Werbung auf Facebook ∗∗∗ --------------------------------------------- Facebook und Instagram, durchaus lukrative Werbekanäle. Dass haben auch Kriminelle erkannt. Mit der Botschaft, dass die Shops luvpatient.com, liebesfreund.de und colorootd.com die Corona-Krise angeblich nicht überstanden haben, werden Produkte zu sehr günstigen Preisen im Feed oder zwischen den Stories beworben. Doch Vorsicht: Die bestellte Ware kommt nicht oder nur in minderwertiger Qualität an! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-betruegerischer-werbung… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Creative Cloud Desktop Application (APSB20-33), Adobe Media Encoder (APSB20-36), Adobe Genuine Service (APSB20-37), Adobe ColdFusion (APSB20-43) and Adobe Download Manager (APSB20-49). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1893 ∗∗∗ SAP Patchday Juli 2020 ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in mehreren SAP Produkten ausnutzen, um die Kontrolle über SAP Anwendungen zu übernehmen, um Informationen offenzulegen, um einen Cross-Site Scripting Angriff durchzuführen und um weitere, nicht spezifizierte Auswirkungen zu erreichen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0690 ∗∗∗ SSA-305120 (Last Update: 2020-07-14): Vulnerabilities in SICAM MMU, SICAM T and SICAM SGU ∗∗∗ --------------------------------------------- SICAM MMU, SICAM T and the discontinued SICAM SGU devices are affected by multiple security vulnerabilities which could allow an attacker to perform a variety of attacks. This may include unauthenticated firmware installation, remote code execution and leakage of confidential data like passwords. Siemens has released updates to introduce authentication to the web application. It is still recommended to implement further mitigations, as most of the vulnerabilities might not be sufficiently [...] --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-305120.txt ∗∗∗ SSA-364335 (Last Update: 2020-07-14): Clear Text Transmission Vulnerability on SIMATIC HMI Panels ∗∗∗ --------------------------------------------- A clear text transmission vulnerability in SIMATIC HMI panels could allow an attacker to access sensitive information under certain circumstances.Siemens recommends specific countermeasures to mitigate this vulnerability. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-364335.txt ∗∗∗ SSA-573753 (Last Update: 2020-07-14): Remote Code Execution in Siemens LOGO! Web Server ∗∗∗ --------------------------------------------- The latest update for LOGO! 8 BM devices fixes a vulnerability that could allow remote code execution in the web server functionality.Siemens provides a firmware update for the latest versions of LOGO! BM. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-573753.txt ∗∗∗ SSA-589181 (Last Update: 2020-07-14): Denial-Of-Service in SIMATIC S7-200 SMART CPU Family Devices ∗∗∗ --------------------------------------------- The latest update for SIMATIC S7-200 SMART fixes a vulnerability that could allow an attacker to cause a permanent Denial-of-Service of an affected device by sending a large number of crafted packets.Siemens has released an update for the SIMATIC S7-200 SMART CPU family and recommends that customers update to the latest version. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-589181.txt ∗∗∗ SSA-604937 (Last Update: 2020-07-14): Multiple Web Server Vulnerabilities in Opcenter Execution Core ∗∗∗ --------------------------------------------- The latest update of Opcenter Execution Core fixes multiple vulnerabilities where the most severe could allow an attacker to perform a cross-site scripting (XSS) attack under certain conditions.Siemens has released an update for the Opcenter Execution Core and recommends that customers update to the latest version. Siemens recommends specific countermeasures as there are currently no further fixes available. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-604937.txt ∗∗∗ SSA-631949 (Last Update: 2020-07-14): Ripple20 and Intel SPS Vulnerabilities in SPPA-T3000 Solutions ∗∗∗ --------------------------------------------- SPPA-T3000 solutions are affected by vulnerabilities that were recently dislosed by JSOF research lab (“Ripple20”) for the TCP/IP stack used in APC UPS systems, and by Intel for the Server Platform Services (SPS) used in SPPA-T3000 Application Server and Terminal Server hardware.The advisory provides information to what amount SPAA-T3000 solutions are affected. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-631949.txt ∗∗∗ SSA-841348 (Last Update: 2020-07-14): Multiple Vulnerabilities in the UMC Stack ∗∗∗ --------------------------------------------- The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative privileges to execute code with SYSTEM level privileges. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-841348.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (mingw-podofo and python-rsa), openSUSE (LibVNCServer, mozilla-nss, nasm, openldap2, and permissions), Red Hat (dovecot, sane-backends, and thunderbird), Scientific Linux (dbus), and SUSE (firefox and thunderbird). --------------------------------------------- https://lwn.net/Articles/826113/ ∗∗∗ [20200706] - Core - System Information screen could expose redis or proxy credentials ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/823-20200706-core-system-i… ∗∗∗ [20200705] - Core - Escape mod_random_image link ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/822-20200705-core-escape-m… ∗∗∗ [20200704] - Core - Variable tampering via user table class ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/821-20200704-core-variable… ∗∗∗ [20200703] - Core - CSRF in com_privacy remove-request feature ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/820-20200703-core-csrf-in-… ∗∗∗ [20200702] - Core - Missing checks can lead to a broken usergroups table record ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/819-20200702-core-missing-… ∗∗∗ [20200701] - Core - CSRF in com_installer ajax_install endpoint ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/818-20200701-core-csrf-in-… ∗∗∗ Security Bulletin: Apache Tika as used by IBM QRadar SIEM is vulnerable to a denial of service (CVE-2020-1951, CVE-2020-1950) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-tika-as-used-by-ib… ∗∗∗ Security Bulletin: IBM QRadar is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2020-4510) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-is-vulnerable-… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (CVE-2020-4513) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: Vulnerabilities in Java affect the IBM FlashSystem 900 (CVE-2019-2989 and CVE-2019-2964) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-a… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to denial of service (CVE-2020-4511) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to command injection (CVE-2020-4512) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (CVE-2020-4364) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.07.2020
by Daily end-of-shift report 13 Jul '20

13 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 10-07-2020 18:00 − Montag 13-07-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Malware adds online sandbox detection to evade analysis ∗∗∗ --------------------------------------------- Malware developers are now checking if their malware is running in the Any.Run malware analysis service to prevent their malware from being easily analyzed by researchers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malware-adds-anyrun-sandbox-… ∗∗∗ Hidden Miners ∗∗∗ --------------------------------------------- It is always a good idea to have multiple options when it comes to making a profit. This is especially true for criminals. Having a backdoor is nice, but having the backdoored system directly make money is even better. --------------------------------------------- https://www.gdatasoftware.com/blog/2020/07/36122-hidden-miners ∗∗∗ Scanning Home Internet Facing Devices to Exploit, (Sat, Jul 11th) ∗∗∗ --------------------------------------------- In the past 45 days, I noticed a surge of activity in my honeypot logs for home router exploitation. This is a summary of the various hosts and IP addresses with potential exploit packages available for download. What is also interesting is the fact that most URL were only IP based, no hostname associated with them. --------------------------------------------- https://isc.sans.edu/diary/rss/26340 ∗∗∗ Injecting Magecart into Magento Global Config ∗∗∗ --------------------------------------------- At the beginning of June 2020, we were contacted about a Magento website breach that caused a leak of credit card numbers. A thorough analysis of the website identified the webpage’s footer had malicious code added to it. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/injecting-m… ∗∗∗ Introducing Winbindex - the Windows Binaries Index ∗∗∗ --------------------------------------------- I indexed all Windows files which appear in Windows update packages, and created a website which allows to quickly view information about the files and download some of them from Microsoft servers. The files that can be downloaded are executable files (currently exe, dll and sys files). --------------------------------------------- https://m417z.com/Introducing-Winbindex-the-Windows-Binaries-Index/ ∗∗∗ Threat spotlight: WastedLocker, customized ransomware ∗∗∗ --------------------------------------------- WastedLocker ransomware, attributed to the Russian Evil Corp gang, is such a targeted threat, you might call it a custom-built ransomware family. --------------------------------------------- https://blog.malwarebytes.com/threat-spotlight/2020/07/threat-spotlight-was… ∗∗∗ TrickBot Malware Warning Victims of Infection by Mistake ∗∗∗ --------------------------------------------- Security researchers observed some variants of the TrickBot malware family mistakenly warning victims that they had suffered an infection. Advanced Intel’s Vitali Kremez traced the mistake to “password-stealing grabber.dll.” This module is responsible for stealing browser credentials and cookies from Google Chrome, Microsoft Edge and other web browsers that are stored on a victim’s machine. --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/trickbo… ∗∗∗ TrickBots new API-Hammering explained ∗∗∗ --------------------------------------------- As usual, at Joe Security, we keep a close eye on evasive malware. Some days ago we detected an interesting sample, MD5: b32d28ebab62e99cd2d46aca8b2ffb81. It turned out to be a new TrickBot sample using API hammering to bypass analysis. In this blog post, we will outline the evasion and explain how it works. --------------------------------------------- http://blog.joesecurity.org/2020/07/trickbots-new-api-hammering-explained.h… ∗∗∗ Researchers create magstripe versions from EMV and contactless cards ∗∗∗ --------------------------------------------- Banking industry loophole reported more than a decade ago still remains open and ripe for exploitation today. --------------------------------------------- https://www.zdnet.com/article/researchers-create-magstripe-versions-of-emv-… ∗∗∗ This botnet has surged back into action spreading a new ransomware campaign via phishing emails ∗∗∗ --------------------------------------------- Theres been a big jump in Phorpiex botnet activity - but its a trojan malware attack that was the most common malware campaign in June. --------------------------------------------- https://www.zdnet.com/article/this-botnet-has-surged-back-into-action-sprea… ===================== = Vulnerabilities = ===================== ∗∗∗ Popular TP-Link Family of Kasa Security Cams Vulnerable to Attack ∗∗∗ --------------------------------------------- Researcher warns the highly-rated Kasa family of security cameras have bugs that gives hackers access to private video feeds and settings. --------------------------------------------- https://threatpost.com/popular-tp-link-family-of-kasa-security-cams-vulnera… ∗∗∗ macOS-Sicherheitslücke: Komplettes Dateisystem ohne Zugriffsrechte auslesbar ∗∗∗ --------------------------------------------- In mount_apfs steckte ein Bug, der Apples Systemschutz zumindest read-only aushebeln konnte. Ein Fix ist da, doch der ist eher ungewöhnlich. --------------------------------------------- https://heise.de/-4841670 ∗∗∗ Remote Code Execution Vulnerability in Zoom Client for Windows (0day) ∗∗∗ --------------------------------------------- [Update 7/13/2020: Zoom only took one (!) day to issue a new version of Client for Windows that fixes this vulnerability, which is remarkable. We have reviewed their fix and can confirm that it efficiently resolves the vulnerability. --------------------------------------------- https://blog.0patch.com/2020/07/remote-code-execution-vulnerability-in.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, mailman, openjpeg2, ruby-rack, squid3, tomcat8, and xen), Fedora (botan2, kernel, LibRaw, mingw-OpenEXR, mingw-podofo, podofo, seamonkey, squid, and webkit2gtk3), Mageia (ffmpeg, mbedtls, mediawiki, and xpdf), Oracle (kernel), Red Hat (bind, dbus, jbig2dec, and rh-nodejs12-nodejs), and SUSE (graphviz and xen). --------------------------------------------- https://lwn.net/Articles/826038/ ∗∗∗ Sophos XG Firewall: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0686 ∗∗∗ Atlassian Jira Software: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0688 ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0687 ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.8 ESR) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.1.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Addressing the Sqlite Vulnerability CVE-2020-11656, CVE-2020-11655 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-addressing-the-sqlite-vul… ∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM StoredIQ InstaScan ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM StoredIQ InstaScan (CVE-2019-17495) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM StoredIQ InstaScan ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability identified in Apache ActiveMQ used in Cloud Pak System (CVE-2020-1941) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-identified-… ∗∗∗ Security Bulletin: IBM StoredIQ is affected by a vulnerability in NGINX (CVE-2019-20372) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-storediq-is-affected-… ∗∗∗ Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM StoredIQ (CVE-2019-17495) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.07.2020
by Daily end-of-shift report 10 Jul '20

10 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 09-07-2020 18:00 − Freitag 10-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ tag2domain - a system for labeling DNS domains ∗∗∗ --------------------------------------------- Tag2domain - doing proper statistics on domain names In the course of nic.at’s Connecting Europe Facilities (CEF) project CEF-TC-2018-3 we were able to focus on some long overdue but relevant research: a tagging / labeling database of domain names. --------------------------------------------- https://cert.at/en/blog/2020/7/tag2domain ∗∗∗ Conti ransomware shows signs of being a Ryuk successor ∗∗∗ --------------------------------------------- The Conti Ransomware is an upcoming threat targeting corporate networks with new features that allow it to perform quicker and more targeted attacks. There are also indications that this ransomware shares the same malware code as Ryuk, who has slowly been fading away, while Contis distribution is increasing. --------------------------------------------- https://www.bleepingcomputer.com/news/security/conti-ransomware-shows-signs… ∗∗∗ How to unc0ver a 0-day in 4 hours or less ∗∗∗ --------------------------------------------- By Brandon Azad, Project Zero. At 3 PM PDT on May 23, 2020, the unc0ver jailbreak was released for iOS 13.5 (the latest signed version at the time of release) using a zero-day vulnerability and heavy obfuscation. By 7 PM, I had identified the vulnerability and informed Apple. By 1 AM, I had sent Apple a POC and my analysis. This post takes you along that journey. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/07/how-to-unc0ver-0-day-in-4-ho… ∗∗∗ Report: Most Popular Home Routers Have ‘Critical’ Flaws ∗∗∗ --------------------------------------------- Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates don’t fix. --------------------------------------------- https://threatpost.com/report-most-popular-home-routers-have-critical-flaws… ∗∗∗ Excel spreasheet macro kicks off Formbook infection, (Fri, Jul 10th) ∗∗∗ --------------------------------------------- Today's diary covers a Formbook infection from Thursday, June 9th 2020. --------------------------------------------- https://isc.sans.edu/diary/rss/26332 ∗∗∗ Fintechs im Visier – Analyse der Evilnum‑Malware ∗∗∗ --------------------------------------------- Bei der Analyse der Angriffe auf Fintech-Unternehmen fanden ESET Forscher selbstentwickelte Tools und interessante Parallelen zu anderen APT-Gruppen. --------------------------------------------- https://www.welivesecurity.com/deutsch/2020/07/08/fintechs-im-visier-analys… ===================== = Vulnerabilities = ===================== ∗∗∗ Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data ∗∗∗ --------------------------------------------- The backdoor accounts grant access to a secret Telnet admin account running on the devices external WAN interface. --------------------------------------------- https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devic… ∗∗∗ VMSA-2020-0017 ∗∗∗ --------------------------------------------- A privilege escalation vulnerability in VMware Fusion, VMRC for Mac and Horizon Client for Mac was privately reported to VMware. Updates are available to address this vulnerability. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0017.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (curl, LibRaw, python-pillow, and python36), Mageia (coturn, samba, and vino), openSUSE (opera), and Ubuntu (openssl). --------------------------------------------- https://lwn.net/Articles/825850/ ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2020 – Includes Oracle Jan 2020 CPU affect IBM Content Classification ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java™ Technology Edition for IBM Content Classification ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-2949-may-affect-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.07.2020
by Daily end-of-shift report 09 Jul '20

09 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 08-07-2020 18:00 − Donnerstag 09-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Active Exploit Attempts Targeting Recent Citrix ADC Vulnerabilities CTX276688 , (Thu, Jul 9th) ∗∗∗ --------------------------------------------- I just can't get away from vulnerabilities in perimeter security devices. In the last couple of days, I spent a lot of time with our F5 BigIP honeypot. But looks like I have to revive the Citrix honeypot again. As of today, my F5 honeypot is getting hit by attempts to exploit two of the Citrix vulnerabilities disclosed this week [1]. Details with proof of concept code snippets were released yesterday [2]. --------------------------------------------- https://isc.sans.edu/diary/rss/26330 ∗∗∗ Citrix provides context on Security Bulletin CTX276688 ∗∗∗ --------------------------------------------- [...] Standard procedure for most software companies in advising customers of vulnerabilities is limited to the publication of the bulletin and related CVEs. In this case, however, to avoid confusion and limit the potential for misinterpretation in the industry and our customer set, I am using this space to provide brief additional context. --------------------------------------------- https://www.citrix.com/blogs/2020/07/07/citrix-provides-context-on-security… ∗∗∗ Protecting your remote workforce from application-based attacks like consent phishing ∗∗∗ --------------------------------------------- [...] Today developers are building apps by integrating user and organizational data from cloud platforms to enhance and personalize their experiences. These cloud platforms are rich in data but in turn have attracted malicious actors seeking to gain unwarranted access to this data. One such attack is consent phishing, where attackers trick users into granting a malicious app access to sensitive data or other resources. --------------------------------------------- https://www.microsoft.com/security/blog/?p=91507 ∗∗∗ Unerwartete Kreditkartenabbuchung von shockdeals247.com? ∗∗∗ --------------------------------------------- Wurde von Ihrer Kreditkarte unerwartet Geld von shockdeals247.com abgebucht obwohl Sie dort keine Mitgliedschaft abgeschlossen haben? Können Sie sich nicht erklären, warum dieses Unternehmen Monat für Monat einen Betrag von Ihrem Konto abbucht? Sie sind höchstwahrscheinlich in eine Abo-Falle getappt! Hier erfahren Sie, wie Sie das Problem lösen können. --------------------------------------------- https://www.watchlist-internet.at/news/unerwartete-kreditkartenabbuchung-vo… ===================== = Vulnerabilities = ===================== ∗∗∗ Palo-Alto-Firewalls: Root-Lücke lässt Schadcode passieren ∗∗∗ --------------------------------------------- Es gibt erneut wichtige Sicherheitsupdates für das Betriebssystem von Palo-Alto-Firewalls. Derzeit soll es noch keine Attacken geben. --------------------------------------------- https://heise.de/-4839716 ∗∗∗ Remote Code Execution Vulnerability in Zoom Client for Windows (0day) ∗∗∗ --------------------------------------------- [...] We analyzed the issue and determined it to be only exploitable on Windows 7 and older Windows systems. While Microsoft's official support for Windows 7 has ended this January, there are still millions of home and corporate users out there prolonging its life with Microsoft's Extended Security Updates or with 0patch. --------------------------------------------- https://blog.0patch.com/2020/07/remote-code-execution-vulnerability-in.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (ffmpeg, fwupd, ruby2.5, and shiro), Fedora (freerdp, gssdp, gupnp, mingw-pcre2, remmina, and xrdp), openSUSE (chocolate-doom), Oracle (firefox and kernel), and Ubuntu (linux, linux-lts-xenial, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon and thunderbird). --------------------------------------------- https://lwn.net/Articles/825723/ ∗∗∗ Citrix Hypervisor Security Update ∗∗∗ --------------------------------------------- Two issues have been identified in Citrix Hypervisor that may, if exploited, allow privileged code in an HVM guest VM to compromise or crash the host. These issues only apply in specific configurations; furthermore, Citrix believes that there would be [...] --------------------------------------------- https://support.citrix.com/article/CTX277456 ∗∗∗ Security advisory 2020-07-08 ∗∗∗ --------------------------------------------- OpenPGP application Resetting Code bug --------------------------------------------- https://www.yubico.com/support/security-advisories/ysa-2020-05/ ∗∗∗ Security advisory 2020-07-08 ∗∗∗ --------------------------------------------- Access code not checked for NDEF updates --------------------------------------------- https://www.yubico.com/support/security-advisories/ysa-2020-04/ ∗∗∗ Security advisory 2020-07-08 ∗∗∗ --------------------------------------------- Out of bounds read in libykpiv --------------------------------------------- https://www.yubico.com/support/security-advisories/ysa-2020-02/ ∗∗∗ Security Bulletin: Missing or insecure "Content-Security-Policy" header affecting Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-missing-or-insecure-conte… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by a remote code execution vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio… ∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins… ∗∗∗ JSA11024 - 2020-07 Security Bulletin: Junos OS: Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash. (CVE-2020-1640) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11024&actp=RSS ∗∗∗ JSA11023 - 2020-07 Security Advisory: Junos Space and Junos Space Security Director: Multiple vulnerabilities resolved in 20.1R1 release ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11023&actp=RSS ∗∗∗ JSA11025 - 2020-07 Security Bulletin: Junos OS and Junos OS Evolved: OpenSSL Security Advisory [20 Dec 2019] ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11025&actp=RSS ∗∗∗ JSA11027 - 2020-07 Security Bulletin: Junos OS: A race condition on receipt of crafted LLDP packets leads to a memory leak and an LLDP crash. (CVE-2020-1641) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11027&actp=RSS ∗∗∗ JSA11026 - 2020-07 Security Bulletin: Junos OS: NFX150: Multiple vulnerabilities in BIOS firmware (INTEL-SA-00241) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11026&actp=RSS ∗∗∗ JSA11028 - 2020-07 Security Bulletin: Junos OS: MX Series: Services card might restart when DNS filtering is enabled (CVE-2020-1645) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11028&actp=RSS ∗∗∗ JSA11030 - 2020-07 Security Bulletin: Junos OS: RPD crash when executing specific "show ospf interface" commands from the CLI with OSPF authentication configured (CVE-2020-1643) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11030&actp=RSS ∗∗∗ JSA11031 - 2020-07 Security Bulletin: Junos OS: SRX Series: processing a malformed HTTP message when ICAP redirect service is enabled may can lead to flowd process crash or remote code execution (CVE-2020-1654) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11031&actp=RSS ∗∗∗ JSA11033 - 2020-07 Security Bulletin: Junos OS and Junos OS Evolved: RPD crash while processing a specific BGP update information. (CVE-2020-1646) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11033&actp=RSS ∗∗∗ JSA11032 - 2020-07 Security Bulletin: Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets (CVE-2020-1644) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11032&actp=RSS ∗∗∗ JSA11023 - 2020-07 Security Bulletin: Junos Space and Junos Space Security Director: Multiple vulnerabilities resolved in 20.1R1 release ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11023&actp=RSS -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.07.2020
by Daily end-of-shift report 08 Jul '20

08 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 07-07-2020 18:00 − Mittwoch 08-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ „Ihre Site wurde gehackt“: Unternehmen werden per Mail erpresst ∗∗∗ --------------------------------------------- Zahlen Sie 3.000 USD in Form von Bitcoins oder der Ruf Ihres Unternehmens wird geschädigt. Damit drohen BetrügerInnen in einer aktuellen Welle von Erpressungsmails. Anstatt zu bezahlen, sollten Sie diese Mails einfach ignorieren! --------------------------------------------- https://www.watchlist-internet.at/news/ihre-site-wurde-gehackt-unternehmen-… ∗∗∗ Redirect auction ∗∗∗ --------------------------------------------- Weve already looked at links under old YouTube videos or in Wikipedia articles which at some point turned bad and began pointing to partner program pages, phishing sites, or even malware. It was as if the attackers were purposely buying up domains, but such a scenario always seemed to us too complicated. --------------------------------------------- https://securelist.com/redirect-auction/96944/ ∗∗∗ F5 BigIP vulnerability exploitation followed by a backdoor implant attempt, (Tue, Jul 7th) ∗∗∗ --------------------------------------------- While monitoring SANS Storm Center's honeypots today, I came across the second F5 BIGIP CVE-2020-5902 vulnerability exploitation followed by a backdoor deployment attempt. The first one was seen by Johannes yesterday [1]. --------------------------------------------- https://isc.sans.edu/diary/rss/26322 ∗∗∗ Configuring a Windows Domain to Dynamically Analyze an ObfuscatedLateral Movement Tool ∗∗∗ --------------------------------------------- We recently encountered a large obfuscated malware sample that offered several interesting analysis challenges. It used virtualization that prevented us from producing a fully-deobfuscated memory dump for static analysis. Statically analyzing a large virtualized sample can take anywhere from several days to several weeks. Bypassing this time-consuming step presented an opportunity for collaboration between the FLARE reverse engineering team and [...] --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/07/configuring-windows-dom… ∗∗∗ Mac ThiefQuest malware may not be ransomware after all ∗∗∗ --------------------------------------------- We discovered a new Mac malware, ThiefQuest, that appeared to be ransomware at first glance. However, once we dug in deeper, we found out its true identity—and intention. --------------------------------------------- https://blog.malwarebytes.com/mac/2020/07/mac-thiefquest-malware-may-not-be… ∗∗∗ Ransomware Characteristics and Attack Chains – What you Need to Know about Recent Campaigns ∗∗∗ --------------------------------------------- Ransomware has been around for decades going back all the way to 1989. Since then it has only magnified in scope and complexity. Now at a time when working remotely is becoming more universal and the world is trying to overcome the Covid-19 pandemic, ransomware has never been more prominent. --------------------------------------------- https://www.tripwire.com/state-of-security/featured/ransomware-characterist… ===================== = Vulnerabilities = ===================== ∗∗∗ Mitigating critical F5 BIG-IP RCE flaw not enough, bypass found ∗∗∗ --------------------------------------------- F5 BIG-IP customers who only applied recommended mitigations and havent yet patched their devices against the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability are now advised to update them against a recently found bypass. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mitigating-critical-f5-big-i… ∗∗∗ VMSA-2020-0016 ∗∗∗ --------------------------------------------- VMware SD-WAN by VeloCloud updates address SQL-injection vulnerability (CVE-2020-3973) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0016.html ∗∗∗ Multiple Critical Vulnerabilities in Multiple Rittal Products Based on Same Software ∗∗∗ --------------------------------------------- Several devices from the manufacturer Rittal are vulnerable to Privilege Escalation, Least Privilege or Command Injection vulnerabilities. In addition, root backdoors and incorrectly configured system files are present on the devices. --------------------------------------------- https://sec-consult.com/./en/blog/advisories/multiple-critical-vulnerabilit… ∗∗∗ Critical Vulnerabilities Patched in Adning Advertising Plugin ∗∗∗ --------------------------------------------- On June 24, 2020, our Threat Intelligence team was made aware of a possible vulnerability in the Adning Advertising plugin, a premium plugin with over 8,000 customers. We eventually discovered 2 vulnerabilities, one of which was a critical vulnerability that allowed an unauthenticated attacker to upload arbitrary files, leading to Remote Code Execution(RCE), which could [...] --------------------------------------------- https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (roundcube), Fedora (chromium, firefox, and ngircd), Oracle (firefox and thunderbird), Scientific Linux (firefox), Slackware (seamonkey), SUSE (djvulibre, ffmpeg, firefox, freetds, gd, gstreamer-plugins-base, icu, java-11-openjdk, libEMF, libexif, librsvg, LibVNCServer, libvpx, Mesa, nasm, nmap, opencv, osc, perl, php7, python-ecdsa, SDL2, texlive-filesystem, and thunderbird), and Ubuntu (cinder, python-os-brick). --------------------------------------------- https://lwn.net/Articles/825587/ ∗∗∗ Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Contract Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-ser… ∗∗∗ Security Bulletin: Third party vulnerable library Jackson-Databind affects IBM Engineering Lifecycle Optimization – Publishing ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-third-party-vulnerable-li… ∗∗∗ Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Program Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-ser… ∗∗∗ Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-ser… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Open Source used in IBM Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in OpenSSL library affect OS Pattern Kit used in IBM Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-… ∗∗∗ Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-ser… ∗∗∗ Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-ser… ∗∗∗ Security Bulletin: Carbon Black Response application add on to IBM QRadar SIEM is vulnerable to cross site scripting (CVE-2020-4275) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-carbon-black-response-app… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.07.2020
by Daily end-of-shift report 07 Jul '20

07 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Montag 06-07-2020 18:00 − Dienstag 07-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ HTTPS/TLS: Zwischenzertifikate von Tausenden Webseiten fehlerhaft ∗∗∗ --------------------------------------------- Viele Webseiten müssen ihre Zertifikate tauschen, da sie von Zwischenzertifikaten ausgestellt wurden, die ein Sicherheitsrisiko darstellen. --------------------------------------------- https://www.golem.de/news/https-tls-zwischenzertifikate-von-tausenden-webse… ∗∗∗ Company web names hijacked via outdated cloud DNS records ∗∗∗ --------------------------------------------- Why hack into a server when you can just send vistors to a fake alternative instead? --------------------------------------------- https://nakedsecurity.sophos.com/2020/07/07/company-web-names-hijacked-via-… ∗∗∗ Summary of CVE-2020-5902 F5 BIG-IP RCE Vulnerability Exploits, (Mon, Jul 6th) ∗∗∗ --------------------------------------------- Our honeypots have been busy collecting exploit attempts for CVE-2020-5902, the F5 Networks Bit IP vulnerability patched last week. Most of the exploits can be considered recognizance. We only saw one working exploit installing a backdoor. Badpackets reported seeing a DDoS bot being installed. --------------------------------------------- https://isc.sans.edu/diary/rss/26316 ∗∗∗ Vulnerability Management Maturity Model ∗∗∗ --------------------------------------------- I get it. You dread going into the office sometimes. It isn’t that you don’t like the people or the location. It’s that beast, waiting for you when you arrive, and it never seems to go away. You work hard at it, but you never seem to get ahead. You are responsible for the vulnerability management program within your organization. Either as part of a formal program or on an ad-hoc basis, it’s your baby. Except that it isn’t a baby, it is more of an untameable monster, a minotaur in the labyrinth, waiting to surprise you as you turn the corner. --------------------------------------------- https://www.sans.org/blog/vulnerability-management-maturity-model ∗∗∗ Vulnerabilities Digest: June 2020 ∗∗∗ --------------------------------------------- Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and issues surrounding user input data sanitization. Massive local file inclusion (LFI) attempts have been discovered attempting to harvest WordPress and Magento credentials. Attackers continue to target old plugins with known vulnerabilities in an ongoing malware campaign targeting WordPress websites. --------------------------------------------- https://blog.sucuri.net/2020/07/vulnerabilities-digest-june-2020.html ∗∗∗ Passwortmanager gegen die Vergesslichkeit ∗∗∗ --------------------------------------------- Die Kennwortvorgaben von Webdiensten machen es fast unmöglich, alle Kennwörter im Kopf zu behalten. Passwortmanager machen das Leben leichter. --------------------------------------------- https://heise.de/-4798284 ∗∗∗ Credit card skimmer targets ASP.NET sites ∗∗∗ --------------------------------------------- This unusual web skimmer campaign goes after sites running Microsofts IIS servers with an outdated version of the ASP.NET framework. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2020/07/credit-card-skimmer-t… ∗∗∗ Free Microsoft Service Looks at OS Memory Snapshots to Find Malware ∗∗∗ --------------------------------------------- Microsoft on Monday unveiled Project Freta, a free service that allows users to find rootkits and other sophisticated malware in operating system memory snapshots. --------------------------------------------- https://www.securityweek.com/free-microsoft-service-looks-os-memory-snapsho… ∗∗∗ Purple Fox Exploit Kit Targets Vulnerabilities Linked to DarkHotel Group ∗∗∗ --------------------------------------------- The developers of the Purple Fox exploit kit (EK) have added two new exploits to their arsenal, including one for a vulnerability addressed in February this year. --------------------------------------------- https://www.securityweek.com/purple-fox-exploit-kit-targets-vulnerabilities… ∗∗∗ Pwning smart garage door openers ∗∗∗ --------------------------------------------- TL;DR We reversed a smart garage door opener, which appeared pretty secure at first: The firmware was encrypted, debug access was restricted, the web server wasn’t running as root, it [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/pwning-smart-garage-door-open… ∗∗∗ Vorsicht vor knuth-kredit.online: Vorschussbetrug statt Kreditvergabe ∗∗∗ --------------------------------------------- Die Watchlist Internet erreichen Meldungen verzweifelter KonsumentInnen, die auf ihre Kreditauszahlungen warten. Während die Beantragung eines Kredites auf knuth-kredit.online noch äußerst einfach abläuft, werden anschließend unzählige Gebühren vorab in Rechnung gestellt. So fallen beispielsweise Versicherungs-, Aktivierungs- und Anwaltsgebühren, Kautionen oder sonstige Kosten an. Ein Kredit wird nie ausbezahlt und alle Zahlungen sind verloren. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-knuth-kreditonline-vors… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (php7.3), Fedora (gst), Mageia (libvirt, mariadb, pdns-recursor, and ruby), openSUSE (chocolate-doom, coturn, kernel, live555, ntp, python3, and rust, rust-cbindgen), Oracle (virt:ol), Red Hat (file, firefox, gettext, kdelibs, kernel, kernel-alt, microcode_ctl, nghttp2, nodejs:10, nodejs:12, php, qemu-kvm, ruby, and tomcat), SUSE (libjpeg-turbo, mozilla-nspr, mozilla-nss, mozilla-nss, nasm, openldap2, and permissions), and Ubuntu (coturn, glibc, nss, [...] --------------------------------------------- https://lwn.net/Articles/825504/ ∗∗∗ Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update ∗∗∗ --------------------------------------------- Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could result in a number of security issues including: [...] --------------------------------------------- https://support.citrix.com/article/CTX276688 ∗∗∗ Android/Pixel Patchday Juli ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0671 ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: BIND for IBM i is affected by CVE-2020-8616 and CVE-2020-8617 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-bind-for-ibm-i-is-affecte… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for ACH Services (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4387) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: An Information Disclosure vulnerability in IBM Websphere Libtery affects IBM License Key Server Administration & Reporting Tool and Administration Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-an-information-disclosure… ∗∗∗ XSA-328 - non-atomic modification of live EPT PTE ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-328.html ∗∗∗ XSA-327 - Missing alignment check in VCPUOP_register_vcpu_info ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-327.html ∗∗∗ XSA-321 - insufficient cache write-back under VT-d ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-321.html ∗∗∗ XSA-319 - inverted code paths in x86 dirty VRAM tracking ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-319.html ∗∗∗ XSA-317 - Incorrect error handling in event channel port allocation ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-317.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.07.2020
by Daily end-of-shift report 06 Jul '20

06 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 03-07-2020 18:00 − Montag 06-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Neue Welle an betrügerischen Spam-Anrufen in Österreich ∗∗∗ --------------------------------------------- Die Zahl an ungewollten Anrufen ist aktuell wieder am Steigen, auch Robocalls werden mittlerweile in Österreich verzeichnet. --------------------------------------------- https://futurezone.at/digital-life/neue-welle-an-betruegerischen-spam-anruf… ∗∗∗ Pig in a poke: smartphone adware ∗∗∗ --------------------------------------------- Our support team continues to receive more and more requests from users complaining about intrusive ads on their smartphones from unknown sources. --------------------------------------------- https://securelist.com/pig-in-a-poke-smartphone-adware/97607/ ∗∗∗ The Gafgyt variant vbot seen in its 31 campaigns ∗∗∗ --------------------------------------------- Gafgyt botnets have a long history of infecting Linux devices to launch DDoS attacks. While dozens of variants have been detected, new variants are constantly emerging with changes in terms of register message, exploits, and attacking methods. --------------------------------------------- https://blog.netlab.360.com/the-gafgyt-variant-vbot-and-its-31-campaigns/ ∗∗∗ Intel Owl 1.0.0 released ∗∗∗ --------------------------------------------- Intel Owl is an Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale. It integrates a number of analyzers available online and is for everyone who needs a single point to query for info about a specific file or observable. --------------------------------------------- https://www.honeynet.org/2020/07/05/intel-owl-release-v1-0-0/ ∗∗∗ Sicherheitsupdates F5 BIG-IP: Schadcode-Lücke im Konfigurationstool ∗∗∗ --------------------------------------------- BIG-IP Appliances von F5 sind über mehrere Lücken attackierbar. Darunter findet sich eine kritische Schwachstelle mit Höchstwertung, die Angreifer ausnutzen. --------------------------------------------- https://heise.de/-4836220 ∗∗∗ Let Me Out of Your Net - Egress Testing ∗∗∗ --------------------------------------------- Use-cases:IT Admin, Firewall Admin, or Security staff at a company and want to confirm what ports and protocols are allowed of your network.Pentester that intends to identify ports and protocols that can be used for a pentest to gain C2 outbound.Purple Team testing ports and protocol detection for C2.Egress testing is an exciting problem due to the uniqueness of most networks. You may find fully open networks like those found in many Silicon Valley companies or companies attempting to move to a [...] --------------------------------------------- https://malicious.link/post/2020/lmo-egress-testing/ ∗∗∗ Patchless AMSI bypass using SharpBlock ∗∗∗ --------------------------------------------- Introduction For those that followed my personal blog posts on Creating an EDR and Bypassing It, I developed a new tool called SharpBlock. The tool implements a Windows debugger to [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/patchless-amsi-bypass-using-s… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates: Samba-Software für DoS-Attacken anfällig ∗∗∗ --------------------------------------------- In bestimmten Situationen könnten Angreifer Computer mit Samba-Software lahmlegen. --------------------------------------------- https://heise.de/-4836294 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, php7.0, and thunderbird), Fedora (ceph, gssdp, gupnp, libfilezilla, libldb, mediawiki, python-pillow, python36, samba, and xpdf), Mageia (curl, docker, firefox, libexif, libupnp, libvncserver, libxml2, mailman, ntp, perl-YAML, python-httplib2, tcpreplay, tomcat, and vlc), openSUSE (chocolate-doom, python3, and Virtualbox), Slackware (libvorbis), and SUSE (mozilla-nspr, mozilla-nss, systemd, tomcat, and zstd). --------------------------------------------- https://lwn.net/Articles/825412/ ∗∗∗ Security Bulletin: Security Vulnerabilities in IBM® Java SDK April 2020 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.07.2020
by Daily end-of-shift report 03 Jul '20

03 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 02-07-2020 18:00 − Freitag 03-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Unternehmen aufgepasst: Versand gefährlicher Mails im Namen des Bundeskanzleramts ∗∗∗ --------------------------------------------- „Die Entscheidung, Ihr Unternehmen aufgrund von Covid-19 zu schließen“ – unter diesem Betreff werden derzeit betrügerische Mails verschickt, die sich gezielt an Unternehmerinnen und Unternehmer richten. Die Kriminellen, die hinter dieser E-Mail stehen, geben sich dabei als Bundeskanzleramt aus und verschicken Schadsoftware. Öffnen Sie daher auf keinen Fall den Anhang! --------------------------------------------- https://www.watchlist-internet.at/news/unternehmen-aufgepasst-versand-gefae… ∗∗∗ Ransomware EKANS nimmt Industriekontrollsysteme ins Visier ∗∗∗ --------------------------------------------- Die Schadsoftware funktioniert trotz zahlreicher Programmierfehler. Eine neue Variante verschlüsselt nicht nur Dateien, sie verändert auch die Einstellungen von Industriekontrollsystemen. EKANS ist zudem auf bestimmte Ziele ausgerichtet und greift Opfer nicht wahllos an. --------------------------------------------- https://www.zdnet.de/88381196/ransomware-ekans-nimmt-industriekontrollsyste… ∗∗∗ Still Scanning IP Addresses? You’re Doing it Wrong ∗∗∗ --------------------------------------------- The traditional approach to a vulnerability scan or penetration test is to find the IP addresses that you want tested, throw them in and kick things off. But doing a test based purely on IP addresses is a bad idea and can often miss things. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/still-scann… ∗∗∗ GoldenSpy Chapter 3: New and Improved Uninstaller ∗∗∗ --------------------------------------------- This blog shows our analysis of a new binary, now being distributed by Intelligent Tax software, that is identical in operations to the original GoldenSpy Uninstallers, but specifically designed to evade detection by the YARA rule provided in our blog. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-c… ∗∗∗ Dangerous Website Backups ∗∗∗ --------------------------------------------- It’s a well-known fact that website backups are important for mitigating a plethora of site issues. They can help restore a site after a compromise or even facilitate the investigative process by providing a clean code base to compare the current site state to. However, if a backup is not set up correctly, it can have the opposite effect — and may instead impose a security threat to your website. --------------------------------------------- https://blog.sucuri.net/2020/07/dangerous-website-backups.html ∗∗∗ Living Off Windows Land – A New Native File "downldr" ∗∗∗ --------------------------------------------- There are only a couple of default system-signed executables that let you download a file from a Web Server, and every security product and threat hunter specifically looks for them for signs of misuse or abuse by threat actors. --------------------------------------------- https://labs.sentinelone.com/living-off-windows-land-a-new-native-file-down… ∗∗∗ Try2Cry: Ransomware tries to worm ∗∗∗ --------------------------------------------- Try2Cry ransomware adopts USB flash drive spreading using LNK files. The last ransomware that did the same was the infamous Spora. The code of Try2Cry looks oddly familiar, though. --------------------------------------------- https://www.gdatasoftware.com/blog/2020/07/36200-ransomware-tries-to-worm ===================== = Vulnerabilities = ===================== ∗∗∗ Would you like some RCE with your Guacamole? ∗∗∗ --------------------------------------------- [...] Apache Guacamole is a popular infrastructure for remote work, with more than 10 Million docker downloads worldwide. In our research, we discovered that Apache Guacamole is vulnerable to several critical Reverse RDP Vulnerabilities, and is also impacted by a few new vulnerabilities found in FreeRDP. In short, these vulnerabilities allow an attacker, who has already successfully compromised a computer inside the organization, to launch an attack on the Guacamole gateway when an unsuspecting [...] --------------------------------------------- https://research.checkpoint.com/2020/apache-guacamole-rce/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (docker.io and imagemagick), Fedora (alpine, firefox, hostapd, and mutt), openSUSE (opera), Red Hat (rh-nginx116-nginx), SUSE (ntp, python3, and systemd), and Ubuntu (firefox, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-gcp, linux-kvm, linux-oracle, linux-riscv, linux, linux-azure, linux-gcp, linux-gcp-5.3, linux-hwe, [...] --------------------------------------------- https://lwn.net/Articles/825212/ ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.7 ESR ) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.1.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.6.1 ESR) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.1.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.6.1 ESR + CVE-2020-6820) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.1.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Content Navigator is vulnerable to a Prototype Pollution vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-… ∗∗∗ Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-… ∗∗∗ Atlassian Jira Software: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0664 ∗∗∗ Red Hat JBoss Enterprise Application Platform: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0666 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.07.2020
by Daily end-of-shift report 02 Jul '20

02 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 01-07-2020 18:00 − Donnerstag 02-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ TrickBot malware now checks screen resolution to evade analysis ∗∗∗ --------------------------------------------- The infamous TrickBot trojan has started to check the screen resolutions of victims to detect whether the malware is running in a virtual machine. --------------------------------------------- https://www.bleepingcomputer.com/news/security/trickbot-malware-now-checks-… ∗∗∗ GoldenSpy backdoor installed by tax software gets remotely removed ∗∗∗ --------------------------------------------- As soon as security researchers uncovered the activity of GoldenSpy backdoor, the actor behind it fell back and delivered an uninstall tool to remove all traces of the malware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/goldenspy-backdoor-installed… ∗∗∗ FakeSpy Android Malware Spread Via ‘Postal-Service’ Apps ∗∗∗ --------------------------------------------- New ‘smishing’ campaigns from the Roaming Mantis threat group infect Android users with the FakeSpy infostealer. --------------------------------------------- https://threatpost.com/fakespy-android-malware-spread-via-postal-service-ap… ∗∗∗ Setting up the Dshield honeypot and tcp-honeypot.py, (Wed, Jul 1st) ∗∗∗ --------------------------------------------- After Johannes did his Tech Tuesday presentation last week on setting up Dshield honeypots, I thought I'd walk you through how I setup my honeypots. --------------------------------------------- https://isc.sans.edu/diary/rss/26302 ∗∗∗ PhishINvite with Malicious ICS Files ∗∗∗ --------------------------------------------- Employing a popular type of file as an attachment to malicious emails is a common trick by cybercriminals to boost the success rate of their cyber-attacks. As iCalendars files are not included in the list of automatically blocked attachments by email clients like Outlook, the possibility of the maliciously crafted iCalendar falling to the targets’ mailbox is increased. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishinvite… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium and firefox-esr), Fedora (chromium and ntp), SUSE (ntp and unbound), and Ubuntu (libvncserver). --------------------------------------------- https://lwn.net/Articles/825070/ ∗∗∗ Cisco AnyConnect Secure Mobility Client for Mac OS File Corruption Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business Smart and Managed Switches Session Management Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business RV042 and RV042G Routers Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Digital Network Architecture Center Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Customer Voice Portal Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Products Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business Smart and Managed Switches Session Management Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects Rational Asset Analyzer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-aff… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Asset Analyzer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-aff… ∗∗∗ Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-aff… ∗∗∗ Security Bulletin: Asset Analyzer (RAA) is affected by two WebSphere Application Server vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-aff… ∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Netcool Impact (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-r… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect Rational Asset Analyzer. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.07.2020
by Daily end-of-shift report 01 Jul '20

01 Jul '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 30-06-2020 18:00 − Mittwoch 01-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC) ∗∗∗ --------------------------------------------- In this blog post we will revisit CVE-2019-19781, a Remote Code Execution vulnerability affecting Citrix NetScaler / ADC. We will explore how this issue has been widely abused by various actors and how a hacker turf war led to some actors "adversary patching" the vulnerability in order to prevent secondary compromise by competing adversaries – hiding the true number of vulnerable and compromised devices in the wild. --------------------------------------------- https://blog.fox-it.com/2020/07/01/a-second-look-at-cve-2019-19781-citrix-n… ∗∗∗ Massive Sicherheitsprobleme durch offene Git-Repositorys ∗∗∗ --------------------------------------------- In Deutschland sind Git-Repositorys auf tausenden Servern ungeschützt per Webbrowser zugänglich und Angreifer haben leichtes Spiel beim Abgreifen der Daten. --------------------------------------------- https://heise.de/-4795181 ∗∗∗ Vorsicht beim E-Bike-Kauf: Fake-Shop ebike-quadrat.com bietet günstige E-Bikes an! ∗∗∗ --------------------------------------------- Sommerzeit ist Fahrradzeit. Das denken sich wohl auch BetrügerInnen. Zum Beispiel die unseriösen BetreiberInnen des Fake-Shops ebike-quadrat.com. Auch wenn der Online-Shop auf den ersten Blick vertrauenswürdig wirkt, sollten Sie hier lieber nichts bestellen. Die angegebenen Kontaktdaten existieren genauso wenig wie die Firma selbst. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-beim-e-bike-kauf-fake-shop-… ∗∗∗ EvilQuest: Neue Ransomware für macOS im Umlauf ∗∗∗ --------------------------------------------- Es ist erst die dritte Erpressersoftware, die exklusiv für Macs entwickelt wurde. Die Lösegeldforderung fällt mit 50 Dollar recht moderat aus. Dafür hinterlässt EvilQuest zusätzlich einen Keylogger und eine Reverse Shell. --------------------------------------------- https://www.zdnet.de/88381156/evilquest-neue-ransomware-fuer-macos-im-umlau… https://blog.malwarebytes.com/mac/2020/06/new-mac-ransomware-spreading-thro… ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft verteilt wichtige Updates für Remote-Lücken in Windows 10 und Server ∗∗∗ --------------------------------------------- Außerplanmäßige, über den Microsoft Store verteilte Updates beseitigen zwei aus der Ferne ausnutzbare Sicherheitslücken in der Windows Codecs Library. --------------------------------------------- https://heise.de/-4800675 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (bind, chromium, freerdp, imagemagick, sqlite, and tomcat8), Debian (coturn, imagemagick, jackson-databind, libmatio, mutt, nss, and wordpress), Fedora (libEMF, lynis, and php-PHPMailer), Red Hat (httpd24-nghttp2), and SUSE (ntp, openconnect, squid, and transfig). --------------------------------------------- https://lwn.net/Articles/824955/ ∗∗∗ PHOENIX CONTACT: Two Vulnerabilities in Automation Worx Suite ∗∗∗ --------------------------------------------- PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-023 ∗∗∗ Cellebrite EPR Decryption Hardcoded AES Key Material ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2020070003 ∗∗∗ Reflected Cross-site scripting (XSS) in EQDKP Plus CMS ∗∗∗ --------------------------------------------- https://sec-consult.com/./en/blog/advisories/reflected-cross-site-scripting… ∗∗∗ F5 BIG-IP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0647 ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-… ∗∗∗ Security Advisory - Race Condition Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-… ∗∗∗ Security Advisory - Type Confusion Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-… ∗∗∗ Security Advisory - Use After Free Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-… ∗∗∗ Security Advisory - Use After Free Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-… ∗∗∗ Security Advisory - CallStranger Vulnerability in UPnP Protocol ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200415-… ∗∗∗ Security Bulletin: Rational Asset Analyzer is affected by a vulnerability in Websphere Application Server. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-i… ∗∗∗ Security Bulletin: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: IBM MQ for HPE NonStop Server is affected by vulnerability CVE-2020-4376 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-se… ∗∗∗ Security Bulletin: Potential vulnerability (SSRF) in Apache Solr affect IBM Operations Analytics – Log Analysis (CVE-2017-3164) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-s… ∗∗∗ Security Bulletin: Host Header Injection vulnerability in IBM Operations Analytics – Log Analysis (pre-login scenario) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-host-header-injection-vul… ∗∗∗ Security Bulletin: A security vulnerabilities has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 . ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerabilitie… ∗∗∗ Security Bulletin: Insecure Path Attribute in IBM Operations Analytics – Log Analysis (CSRFToken , LtpaToken2) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-insecure-path-attribute-i… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure and denial of service (CVE-2020-4414) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily