Daily

daily@lists.cert.at

1 participants
3150 discussions

Tageszusammenfassung - 05.06.2020
by Daily end-of-shift report 05 Jun '20

05 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 04-06-2020 18:00 − Freitag 05-06-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Ongoing eCh0raix ransomware campaign targets QNAP NAS devices ∗∗∗ --------------------------------------------- After remaining relatively quiet over the past few months, the threat actors behind the eCh0raix Ransomware have launched a brand new campaign targeting QNAP storage devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ongoing-ech0raix-ransomware-… ∗∗∗ Understanding the Payload-Less Email Attacks Evading Your Security Team ∗∗∗ --------------------------------------------- Business email compromise (BEC) attacks represent a small percentage of email attacks, but disproportionately represent the greatest financial risk. --------------------------------------------- https://threatpost.com/understanding-payload-less-email-attacks/156299/ ∗∗∗ Botnet blasts WordPress sites with configuration download attacks ∗∗∗ --------------------------------------------- A million sites attacked by 20,000 different computers. --------------------------------------------- https://nakedsecurity.sophos.com/2020/06/05/botnet-blasts-wordpress-sites-w… ∗∗∗ Not so FastCGI!, (Fri, Jun 5th) ∗∗∗ --------------------------------------------- This past month, we've seen some new and different scans targeting tcp ports between 8000 and 10,000. The first occurrence was on 30 April 2020 and originated from ip address 23.95.67.187 and containing payload: [...] --------------------------------------------- https://isc.sans.edu/diary/rss/26208 ∗∗∗ IBM Releases Open Source Toolkits for Processing Data While Encrypted ∗∗∗ --------------------------------------------- IBM this week announced the availability of open source toolkits that allow for data to be processed while it’s still encrypted. --------------------------------------------- https://www.securityweek.com/ibm-releases-open-source-toolkits-processing-d… ∗∗∗ Achtung: Gewinn24.de fordert hohe Geldsummen am Telefon ∗∗∗ --------------------------------------------- „Guten Tag, Inkassobüro XY spricht. Sie haben einen Abo-Vertrag mit Gewinn24 abgeschlossen und sind mit Ihrer Zahlung im Rückstand“. So oder so ähnlich beginnen BetrügerInnen, die im Auftrag von Gewinn24.de anrufen, das Telefongespräch. Ein vermeintliches Inkassobüro erklärt am Telefon, dass die Kosten für ein Abo mit Gewinn24.de nicht bezahlt wurden. Die Opfer wissen jedoch selten von so einem Abo. Das ist auch nicht verwunderlich: [...] --------------------------------------------- https://www.watchlist-internet.at/news/achtung-gewinn24de-fordert-hohe-geld… ∗∗∗ New Sandbox Evasions spot in VBS samples ∗∗∗ --------------------------------------------- While hidden Macro 4.0 samples are on the rise, we recently spotted some very interesting evasive VBS samples. In this short blog post, we will look at sample files#_56117.vbs, MD5: 147091e61ec59f67ab598d26f15ad0e7 and outline some of the evasive tricks. --------------------------------------------- http://blog.joesecurity.org/2020/06/new-evasive-vbs-samples-spot.html ∗∗∗ Ransomware nimmt Windows- und Linux-Systeme mit neuartigem Angriff ins Visier ∗∗∗ --------------------------------------------- Die Hintermänner programmieren die Erpressersoftware in Java. Die Verteilung erfolgt über eine Java-Image-Datei. Sicherheitsforschern zufolge hilft das Vorgehen bei der Verschleierung der Aktivitäten der Malware. --------------------------------------------- https://www.zdnet.de/88380548/ransomware-nimmt-windows-und-linux-systeme-mi… ===================== = Vulnerabilities = ===================== ∗∗∗ Security: Sicherheitslücken betreffen praktisch alle Qnap-NAS-Systeme ∗∗∗ --------------------------------------------- Gleich drei Security-Probleme sind von Qnap gemeldet worden. Das Unternehmen rät zu einem sofortigen Update des Betriebssystems. --------------------------------------------- https://www.golem.de/news/security-sicherheitsluecken-betreffen-praktisch-a… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (bind, firefox, and freerdp), Debian (netqmail and python-django), Fedora (cacti, cacti-spine, dbus, firefox, gjs, mbedtls, mozjs68, and perl), Oracle (freerdp and kernel), Scientific Linux (bind and firefox), Slackware (mozilla), SUSE (krb5-appl, libcroco, libexif, libreoffice, libxml2, qemu, transfig, and vim), and Ubuntu (firefox, freerdp, and python-django). --------------------------------------------- https://lwn.net/Articles/822342/ ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4449) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Session is not invalidated After Logout ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-session-is-not-invalidate… ∗∗∗ Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-remote-code-execution-vul… ∗∗∗ Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by multiple vulnerabilities in libssh2 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management… ∗∗∗ Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server that is installed with IBM SPSS Analytic Server (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-c… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4450) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by a vulnerability in libssh2 (CVE-2016-0787) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.06.2020
by Daily end-of-shift report 04 Jun '20

04 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 03-06-2020 18:00 − Donnerstag 04-06-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sophisticated Info-Stealer Targets Air-Gapped Devices via USB ∗∗∗ --------------------------------------------- The newly discovered USBCulprit malware is part of the arsenal of an APT known as Cycldek, which targets government entities. --------------------------------------------- https://threatpost.com/info-stealer-air-gapped-devices-usb/156262/ ∗∗∗ AddTrust: Auswirkungen auf E-Mail-Dienste durch abgelaufenes Zertifkat ∗∗∗ --------------------------------------------- Obwohl das abgelaufene AddTrust-Zwischenzertifikat in erster Linie alte Clients betrifft, kann es durchaus Auswirkungen auf den regulären E-Mail-Betrieb haben. --------------------------------------------- https://heise.de/-4774588 ∗∗∗ Bekannte stecken coronabedingt im Ausland und brauchen Geld? ∗∗∗ --------------------------------------------- Kriminelle nützen gehackte E-Mail-Accounts, übernommene Facebook-Konten und Ähnliches, um ihren Opfern Geld aus der Tasche zu ziehen. So kann es passieren, dass Sie scheinbar von einer guten Freundin oder einem guten Freund eine Nachricht bekommen. Diese säßen im Ausland fest und könnten wegen Covid-19 nicht zurück nach Hause kommen. Um ihnen zu helfen, sollen Sie ihnen Geld per Bargeldtransferdienst schicken. Vorsicht: es handelt sich um einen Betrugsversuch! --------------------------------------------- https://www.watchlist-internet.at/news/bekannte-stecken-coronabedingt-im-au… ===================== = Vulnerabilities = ===================== ∗∗∗ Updates für IOS, NX-OS und Co. – Cisco flickt seine Netzwerkbetriebssysteme ∗∗∗ --------------------------------------------- Ein ganzes Bündel frisch veröffentlichter Updates behebt zahlreiche Sicherheitsprobleme, von denen viele als "High" bis "Critical" eingestuft wurden. --------------------------------------------- https://heise.de/-4774667 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr), Fedora (firefox and prboom-plus), Oracle (bind), Red Hat (firefox), and SUSE (osc). --------------------------------------------- https://lwn.net/Articles/822220/ ∗∗∗ MISP 2.4.126 released (Spring release edition) ∗∗∗ --------------------------------------------- [...] This version includes a security fix and various quality of life improvements.Security fix - fixed XSSFixed a persistent XSS (CVE-2020-13153) that could be triggered by correlating an attribute via the freetext import tool with an attribute that contains a javascript payload in the comment field. --------------------------------------------- https://www.misp-project.org/2020/06/04/MISP.2.4.126.released.html ∗∗∗ HPESBHF04005 rev.1 - HPE Edgeline EL300 Converged Edge System Running HPE Integrated System Manager (iSM), Remote Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ GnuTLS: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0532 ∗∗∗ Services - Moderately critical - Access bypass - SA-CONTRIB-2020-022 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2020-022 ∗∗∗ Security Bulletin: IBM QRadar is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2020-4509) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-is-vulnerable-… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services v2.1.1 (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OS Command Injection vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: A vulnerability in Python affects IBM Cloud App Management (CVE-2020-8492) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-python… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: A vulnerability in Apache CXF affects IBM Cloud App Management (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Use of a Broken or Risky Cryptographic Algorithm vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Three vulnerabilities in Nimbus JOSE+JWT affect IBM Spectrum Conductor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-three-vulnerabilities-in-… ∗∗∗ Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php ∗∗∗ Cayin Content Management Server 11.0 Root Remote Command Injection ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php ∗∗∗ Cayin Signage Media Player 3.0 Root Remote Command Injection ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5569.php -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.06.2020
by Daily end-of-shift report 03 Jun '20

03 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 02-06-2020 18:00 − Mittwoch 03-06-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Mukashi malware: What it is, how it works and how to prevent it | Malware spotlight ∗∗∗ --------------------------------------------- Learning from the past can be an important part of future success in any endeavor, including cyberattacks. Attack groups observe this concept and apply it when they create new attack campaigns before they are released into the wild. Mukashi is an example of a malware that uses what has worked well for attackers in [...] --------------------------------------------- https://resources.infosecinstitute.com/mukashi-malware-what-it-is-how-it-wo… ∗∗∗ System Takeover Through New SAP ASE Vulnerabilities ∗∗∗ --------------------------------------------- Organizations often store their most critical data in databases, which, in turn, are often necessarily exposed in untrusted or publicly exposed environments. This makes vulnerabilities like these essential to address and test quickly since they not only threaten the data in the database but potentially the full host that it is running on. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/system-take… ∗∗∗ Jetzt patchen! Weltweit immer noch mehr als 1 Millionen Exim-Server attackierbar ∗∗∗ --------------------------------------------- Die National Security Agency (NSA) warnt vor Attacken auf Exim-Mailserver. Sicherheitsupdates sind schon länger verfügbar. --------------------------------------------- https://heise.de/-4772712 ∗∗∗ Large Scale Attack Campaign Targets Database Credentials ∗∗∗ --------------------------------------------- Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files. The peak of this attack campaign occurred on May 30, 2020. At this point, attacks from this campaign accounted for 75% of all attempted exploits of [...] --------------------------------------------- https://www.wordfence.com/blog/2020/06/large-scale-attack-campaign-targets-… ∗∗∗ Zahlreiche China-Shops werben auf Facebook mit günstiger Damenmode ∗∗∗ --------------------------------------------- Das Unternehmen „Chicv International Holding Limited“ ist schon länger bekannt, da es für zahlreiche Online-Shops verantwortlich ist. Laut Erfahrungsberichten von KonsumentInnen treffen die bestellten Produkte von diesen Shops – wenn überhaupt – sehr spät ein. Sind die Waren schließlich angekommen, zeigt sich schnell, dass diese nichts mit den Bildern und Beschreibungen im Online-Shop zu tun haben. --------------------------------------------- https://www.watchlist-internet.at/news/zahlreiche-china-shops-werben-auf-fa… ∗∗∗ Sophos Web Appliance: Certificate validation failed for sites signed by Sectigo root CA ∗∗∗ --------------------------------------------- Websites that are signed by Sectigo root CA may fail to connect and a certificate validation failed due to certificate AddTrust External CA Root expired on May 30th 2020. --------------------------------------------- https://community.sophos.com/kb/en-US/135544 ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates: Firefox und Tor Browser könnten private Schlüssel leaken ∗∗∗ --------------------------------------------- Mehrere Sicherheitslücken in den Webbrowsern Firefox, Firefox ESR und Tor Browser gefährden Computer. --------------------------------------------- https://heise.de/-4772615 ∗∗∗ Vulnerability Spotlight: Two vulnerabilities in Zoom could lead to code execution ∗∗∗ --------------------------------------------- Cisco Talos recently discovered two vulnerabilities in the popular Zoom video chatting application that could allow a malicious user to execute arbitrary code on victims’ machines. --------------------------------------------- https://blog.talosintelligence.com/2020/06/vuln-spotlight-zoom-code-executi… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (java-11-openjdk, perl-Email-MIME, perl-Email-MIME-ContentType, and slurm), openSUSE (imapfilter, mailman, and python-rpyc), Red Hat (bind and firefox), SUSE (evolution-data-server, python, qemu, and w3m), and Ubuntu (python-django). --------------------------------------------- https://lwn.net/Articles/822136/ ∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200603-… ∗∗∗ Security Advisory - Improper Handling of Exceptional Condition Vulnerability in Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200603-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by Use of Hard-Coded Credentials vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Improper Access Control vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Hard-coded passwords vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OS Command Injection vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2020-4303, CVE-2020-4304) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: The vanruability (net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact) found Network Performance Insight (CVE-2019-17571) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-the-vanruability-net-sf-e… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ June 2, 2020 TNS-2020-04 [R1] Nessus Network Monitor 5.11.1 Fixes One Third-party Vulnerability ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2020-04 ∗∗∗ docker: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0524 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.06.2020
by Daily end-of-shift report 02 Jun '20

02 Jun '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 29-05-2020 18:00 − Dienstag 02-06-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Critical Exim bugs being patched but many servers still at risk ∗∗∗ --------------------------------------------- Patching Exim mail servers is not going fast enough and members of the Russian hacker group Sandworm are actively exploiting three critical vulnerabilities that allow executing remote command or code remotely. --------------------------------------------- https://www.bleepingcomputer.com/news/security/critical-exim-bugs-being-pat… ∗∗∗ How to scan email headers for phishing and malicious content ∗∗∗ --------------------------------------------- Phishing emails are one of the most common attack vectors used by cybercriminals. They can be used to deliver a malicious payload or steal user credentials from their target. Spearphishing emails are designed to be more specifically targeted and more believable to their intended victims. By crafting a pretext that is extremely personal to [...] --------------------------------------------- https://resources.infosecinstitute.com/how-to-scan-email-headers-for-phishi… ∗∗∗ In-depth analysis of the new Team9 malware family ∗∗∗ --------------------------------------------- Publicly discovered in late April 2020, the Team9 malware family (also known as ‘Bazar [1]’) appears to be a new malware being developed by the group behind Trickbot. Even though the development of the malware appears to be recent, [...] --------------------------------------------- https://blog.fox-it.com/2020/06/02/in-depth-analysis-of-the-new-team9-malwa… ∗∗∗ Apple schließt kritische Lücke in Anmeldedienst "Sign in with Apple" ∗∗∗ --------------------------------------------- In Apples bequemem Anmeldedienst klaffte eine kritische Sicherheitslücke, mit der sich beliebige Nutzerkonten übernehmen ließen. Sie ist inzwischen geschlossen. --------------------------------------------- https://heise.de/-4770560 ∗∗∗ How I tricked Symantec with a Fake Private Key ∗∗∗ --------------------------------------------- Lately, some attention was drawn to a widespread problem with TLS certificates. Many people are accidentally publishing their private keys. Sometimes they are released as part of applications, in Github repositories or with common filenames on web servers. If a private key is compromised, a certificate authority is obliged to revoke it. The Baseline Requirements – a set of rules that browsers and certificate authorities agreed upon – regulate this and say that in such a case a [...] --------------------------------------------- https://blog.hboeck.de:443/archives/888-How-I-tricked-Symantec-with-a-Fake-… ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Unexpected IP in IP Packet Processing Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass certain security boundaries or cause a denial of service (DoS) condition on an affected device.The vulnerability is due to the affected device unexpectedly decapsulating and processing IP in IP packets that are destined to a locally configured IP address. An attacker could exploit this vulnerability by sending a crafted IP in IP packet to an affected device. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (ant, bind, freerdp, and unbound), CentOS (bind, freerdp, and git), Debian (python-httplib2), Fedora (ant, kernel, sqlite, and sympa), openSUSE (java-11-openjdk and qemu), Oracle (bind), Red Hat (freerdp), Scientific Linux (python-pip and python-virtualenv), Slackware (firefox), SUSE (qemu), and Ubuntu (Apache Ant, ca-certificates, flask, and freerdp2). --------------------------------------------- https://lwn.net/Articles/822036/ ∗∗∗ VMware Cloud Director Vulnerability Has Major Impact for Cloud Providers ∗∗∗ --------------------------------------------- A recently patched vulnerability affecting VMware Cloud Director has a major impact for cloud services providers as it can allow an attacker to take full control of all private clouds hosted on the same infrastructure, cybersecurity firm Citadelo revealed on Monday. --------------------------------------------- https://www.securityweek.com/vmware-cloud-director-vulnerability-has-major-… ∗∗∗ Androids June 2020 Patches Fix Critical RCE Vulnerabilities ∗∗∗ --------------------------------------------- Google has started rolling out the June 2020 security patches for the Android operating system, which address a total of 43 vulnerabilities, including several rated critical. --------------------------------------------- https://www.securityweek.com/androids-june-2020-patches-fix-critical-rce-vu… ∗∗∗ [20200604] - Core - XSS in jQuery.htmlPrefilter ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/816-20200604-core-xss-in-j… ∗∗∗ [20200603] - Core - XSS in com_modules tag options ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/815-20200603-core-xss-in-c… ∗∗∗ [20200605] - Core - CSRF in com_postinstall ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/817-20200605-core-csrf-in-… ∗∗∗ [20200602] - Core - Inconsistent default textfilter settings ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/814-20200602-core-inconsis… ∗∗∗ [20200601] - Core - XSS in modules heading tag option ∗∗∗ --------------------------------------------- https://developer.joomla.org:443/security-centre/813-20200601-core-xss-in-m… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Spectrum Conductor and IBM Spectrum Conductor with Spark ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: CVE-2019-4667 Lack of Built in HSTS option ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4667-lack-of-bui… ∗∗∗ Security Bulletin: Vulnerabilities in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager (CVE-2019-18348) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-open-s… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor and IBM Spectrum Conductor with Spark ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-c… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2020 – Includes Oracle Jan 2020 CPU minus CVE-2020-2585, CVE-2020-2654, and CVE-2020-2590 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-… ∗∗∗ Security Bulletin: WebSphere liberty is vulnerable to a DOS (CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-is-vuln… ∗∗∗ Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server Liberty (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-c… ∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-wo… ∗∗∗ NTP vulnerability CVE-2020-11868 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K44305703?utm_source=f5support&utm_mediu… ∗∗∗ PEPPERL+FUCHS, PACTware: Two password vulnerabilities found ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-017 ∗∗∗ PHOENIX CONTACT FL MGUARD, TC MGUARD, TC ROUTER and TC CLOUD CLIENT: PPPD vulnerable to CVE-2020-8597 ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-018 ∗∗∗ Red Hat OpenShift Application Runtimes: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0516 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.05.2020
by Daily end-of-shift report 29 May '20

29 May '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 28-05-2020 18:00 − Freitag 29-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ 200K sites with buggy WordPress plugin exposed to wipe attacks ∗∗∗ --------------------------------------------- Two high severity security vulnerabilities found in the PageLayer plugin can let attackers to potentially wipe the contents or take over WordPress sites using vulnerable plugin versions. --------------------------------------------- https://www.bleepingcomputer.com/news/security/200k-sites-with-buggy-wordpr… ∗∗∗ Sicherheit: OpenSSH kündigt RSA mit SHA-1 ab ∗∗∗ --------------------------------------------- Obwohl SHA-1 angreifbar ist, kommt es immer noch häufig zum Einsatz. Auch bei SSH. Das soll sich ändern. --------------------------------------------- https://www.golem.de/news/sicherheit-openssh-kuendigt-rsa-mit-sha-1-an-2005… ∗∗∗ Inside the Hoaxcalls Botnet: Both Success and Failure ∗∗∗ --------------------------------------------- The DDoS group sets itself apart by using exploits -- but it doesnt always pan out. --------------------------------------------- https://threatpost.com/inside-hoaxcalls-botnet-success-failure/156107/ ∗∗∗ Goodbye Mworm, Hello Nworm: TrickBot Updates Propagation Module ∗∗∗ --------------------------------------------- TrickBot, one of the most commonly distributed malwares used in phishing emails, just updated its mworm module, making it harder to detect. --------------------------------------------- https://unit42.paloaltonetworks.com/goodbye-mworm-hello-nworm-trickbot-upda… ∗∗∗ Kaspersky warnt vor Angriffen auf deutsche Industrieunternehmen ∗∗∗ --------------------------------------------- Sie richten sich gegen die Lieferkette. Neben Deutschland sind auch Großbritannien und Japan betroffen. Die unbekannten Täter greifen Firmen mit maßgeschneiderten Phishing-Mails an und schleusen eine Malware ein, die Authentifizierungsdaten für Windows-Konten stiehlt. --------------------------------------------- https://www.zdnet.de/88380387/kaspersky-warnt-vor-angriffen-auf-deutsche-in… ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2020-0011 ∗∗∗ --------------------------------------------- VMware ESXi, Workstation, Fusion, VMware Remote Console and Horizon Client updates address multiple security vulnerabilities (CVE-2020-3957, CVE-2020-3958, CVE-2020-3959) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0011.html ∗∗∗ VMSA-2020-0007.1 ∗∗∗ --------------------------------------------- VMware vRealize Log Insight addresses Cross Site Scripting (XSS) and Open Redirect vulnerabilities (CVE-2020-3953, CVE-2020-3954) [...] 5. Change log 2020-04-14 VMSA-2020-0007 Initial security advisory. 2020-05-28: VMSA-2020-0007.1 It was determined that the fixes for CVE-2020-3953 included in 8.1.0 were not complete. This has been corrected in the 8.1.1 release. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0007.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libexif and tomcat8), Fedora (python38), openSUSE (libxslt), Oracle (git), Red Hat (bind, freerdp, and git), Scientific Linux (git), SUSE (qemu and tomcat), and Ubuntu (apt, json-c, kernel, linux, linux-raspi2, linux-raspi2-5.3, and openssl). --------------------------------------------- https://lwn.net/Articles/821794/ ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: Reverse tabnabbing vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4490 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-reverse-tabnabbing-vulner… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM MQ for HPE NonStop Server is affected by vulnerability CVE-2020-4352 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-se… ∗∗∗ Security Bulletin: IBM Planning Analytics has addressed multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-ha… ∗∗∗ Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0514 ∗∗∗ Red Hat Enterprise Linux: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0513 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.05.2020
by Daily end-of-shift report 28 May '20

28 May '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 27-05-2020 18:00 − Donnerstag 28-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ New Octopus Scanner malware spreads via GitHub supply chain attack ∗∗∗ --------------------------------------------- Security researchers have found a new malware that finds and backdoors open-source NetBeans projects hosted on the GitHub web-based code hosting platform to spread to Windows, Linux, and macOS systems and deploy a Remote Administration Tool (RAT). --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-octopus-scanner-malware-… ∗∗∗ The zero-day exploits of Operation WizardOpium ∗∗∗ --------------------------------------------- Back in October 2019 we detected a classic watering-hole attack that exploited a chain of Google Chrome and Microsoft Windows zero-days. In this blog post we’d like to take a deep technical dive into the attack. --------------------------------------------- https://securelist.com/the-zero-day-exploits-of-operation-wizardopium/97086/ ∗∗∗ Inside a ransomware gang’s attack toolbox ∗∗∗ --------------------------------------------- Ransomwares changed a lot over the years - heres a peek into a criminal gangs current toolbox [...] --------------------------------------------- https://nakedsecurity.sophos.com/2020/05/28/inside-a-ransomware-gangs-attac… ∗∗∗ NetWalker Ransomware – What You Need to Know ∗∗∗ --------------------------------------------- What is NetWalker? NetWalker (also known as Mailto) is the name given to a sophisticated family of Windows ransomware that has targeted corporate computer networks, encrypting the files it finds, and demanding that a cryptocurrency payment is made for the safe recovery of the encrypted data. Ransomware is nothing new. Why should I particularly care [...] --------------------------------------------- https://www.tripwire.com/state-of-security/featured/netwalker-ransomware-wh… ∗∗∗ Massenhaft betrügerische DHL-Nachrichten von SMSinfo ∗∗∗ --------------------------------------------- Unzählige Watchlist Internet Leserinnen und Leser melden uns momentan eine gefälschte SMS-Nachricht von DHL. Die Kriminellen geben sich als Versanddienstleister aus und behaupten in der Nachricht von SMSinfo, dass ein Teil der Portokosten fehlen würde. Die Nachricht muss ignoriert werden, denn die Zahlung des verlangten Betrags führt in eine Abo-Falle! --------------------------------------------- https://www.watchlist-internet.at/news/massenhaft-betruegerische-dhl-nachri… ∗∗∗ Microsoft warns about attacks with the PonyFinal ransomware ∗∗∗ --------------------------------------------- PonyFinal infections have been reported in India, Iran, and the US. --------------------------------------------- https://www.zdnet.com/article/microsoft-warns-about-attacks-with-the-ponyfi… ∗∗∗ Cybereason: Valak-Malware greift Unternehmen und den USA und Deutschland an ∗∗∗ --------------------------------------------- In nur sechs Monaten wird aus einem Malware-Loader eine Schadsoftware mit modularer Architektur. Die Verbreitung von Valak erfolgt derzeit über speziell gestaltete Word-Dateien. Das eigentliche Ziel sind Exchange-Server, um E-Mails und Zertifikate zu stehlen. --------------------------------------------- https://www.zdnet.de/88380246/cybereason-valak-malware-greift-unternehmen-u… ===================== = Vulnerabilities = ===================== ∗∗∗ Apple sends out 11 security alerts – get your fixes now! ∗∗∗ --------------------------------------------- Apples current round of updates have been officially anounced in the companys latest Security Advisory emails. --------------------------------------------- https://nakedsecurity.sophos.com/2020/05/27/apple-sends-out-11-security-ale… ∗∗∗ Password Reset Landing Page (PRLP) - Highly critical - Access bypass - SA-CONTRIB-2020-021 ∗∗∗ --------------------------------------------- This module enables you to force a password update when using password reset link. The module doesnt sufficiently validate the login URL allowing a malicious user to use a specially crafted URL to log in as another user. --------------------------------------------- https://www.drupal.org/sa-contrib-2020-021 ∗∗∗ Drupal Commerce - Moderately critical - Access bypass - SA-CONTRIB-2020-020 ∗∗∗ --------------------------------------------- Drupal Commerce is used to build eCommerce websites and applications. Its possible to configure commerce to permit orders by anonymous users. In this configuration, customers who do not choose to create an account upon checkout completion remain anonymous, and the resulting orders are never assigned an [...] --------------------------------------------- https://www.drupal.org/sa-contrib-2020-020 ∗∗∗ SaltStack FrameWork Vulnerabilities Affecting Cisco Products ∗∗∗ --------------------------------------------- On April 29, 2020, the Salt Open Core team notified their community regarding the following two CVE-IDs: CVE-2020-11651: Authentication Bypass Vulnerability CVE-2020-11652: Directory Traversal Vulnerability Cisco Modeling Labs Corporate Edition (CML) and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities. Cisco has released software updates that address these [...] --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (dovecot, dpdk, knot-resolver, and unbound), Mageia (ant, libexif, and php), SUSE (libmspack), and Ubuntu (php5, php7.0, php7.2, php7.3, php7.4 and unbound). --------------------------------------------- https://lwn.net/Articles/821659/ ∗∗∗ SWARCO: Critical Vulnerability in CPU LS4000 ∗∗∗ --------------------------------------------- A critical Vulnerability was found in SWARCO TRAFFIC SYSTEMS CPU LS4000 --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-016 ∗∗∗ ADVISORY: Phish Threat Outlook plugin reporting non-campaign emails are failing to send ∗∗∗ --------------------------------------------- Reporting non-campaign emails (ie spam or actual phishing emails) through the Phish Threat Report Message add-on are not being delivered to the configured administrators. --------------------------------------------- https://community.sophos.com/kb/en-US/135524 ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4233) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4248) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2018-1058, CVE-2018-10936, CVE-2019-9193) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: Vulnerability in the Apache CXF library used in WebSphere Application Server Liberty Core affect CICS Transaction Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-the-apac… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4231) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2019-11729, CVE-2019-11745) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2020-4419) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-af… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4245) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Trend Micro InterScan Web Security Virtual Appliance: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0510 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.05.2020
by Daily end-of-shift report 27 May '20

27 May '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 26-05-2020 18:00 − Mittwoch 27-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Netgear-Router: Update-Prozess unsicher, Hersteller schweigt ∗∗∗ --------------------------------------------- Der Firmware-Updater einiger Netgear-Router wie dem Nighthawk R7000 ist offenbar unsicher. Dies hat das IoT-Lab der University of Applied Sciences Upper Austria (FH Oberösterreich) herausgefunden. Ob und wie der Hersteller auf das Problem reagiert ist indes völlig unklar – der Hersteller hüllt sich seit Wochen in Schweigen. --------------------------------------------- https://heise.de/-4766025 ∗∗∗ Micropatch Available for User-Mode Power Service Memory Corruption (CVE-2020-1015) ∗∗∗ --------------------------------------------- Windows 7 and Server 2008 R2 users without Extended Security Updates have just received a micropatch for CVE-2020-1015, a memory corruption vulnerability in User-Mode Power Service that could allow a local attacker to execute arbitrary code as Local System.This vulnerability was patched by Microsoft with April 2020 Updates, but Windows 7 and Server 2008 R2 users without Extended Security Updates remained vulnerable. --------------------------------------------- https://blog.0patch.com/2020/05/micropatch-available-for-user-mode.html ∗∗∗ Vorsicht bei Privatverkauf: Betrug mit Speditionen boomt! ∗∗∗ --------------------------------------------- Der Weg über angebliche Speditionen ist eine beliebte Betrugsmasche beim Privatverkauf. Vor allem teure Waren, die auf Kleinanzeigenportale inseriert werden, locken BetrügerInnen an. Die vermeintlichen KäuferInnen erklären, dass sie im Ausland sind und daher der Kauf über eine Spedition abgewickelt werden soll. Hier gilt es vorsichtig zu sein, denn die Opfer werden aufgefordert das Geld für die Spedition zu überweisen. Das Unternehmen existiert jedoch gar --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-privatverkauf-betrug-mi… ∗∗∗ New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD ∗∗∗ --------------------------------------------- Eighteen of the 26 bugs impact Linux. Eleven have been patched already. --------------------------------------------- https://www.zdnet.com/article/new-fuzzing-tool-finds-26-usb-bugs-in-linux-w… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7 and unbound), Fedora (libEMF and transmission), Mageia (dojo, log4net, nginx, nodejs-set-value, sleuthkit, and transmission), Red Hat (rh-maven35-jackson-databind), SUSE (dpdk and mariadb-connector-c), and Ubuntu (thunderbird). --------------------------------------------- https://lwn.net/Articles/821530/ ∗∗∗ BOSCH-SA-363824-BT ∗∗∗ --------------------------------------------- Multiple Vulnerabilities in Bosch Recording Station (BRS) --------------------------------------------- https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-sa-36… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-… ∗∗∗ Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-… ∗∗∗ Security Advisory - Denial of Service Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-… ∗∗∗ Security Advisory - Kr00k Vulnerability in Broadcom Wi-Fi chips ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-… ∗∗∗ Security Advisory - Stack Buffer Overflow Vulnerability in Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-… ∗∗∗ Security Advisory - Information Disclosure Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-… ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-… ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-… ∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by cross-site scripting (CVE-2020-4358) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is… ∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by weak cryptographic algorithm (CVE-2020-4350) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is… ∗∗∗ Security Bulletin: User Credentials submitted using GET method ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-user-credentials-submitte… ∗∗∗ Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud Tiering(CVE-2020-7238) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-… ∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by weak crypto algorithm (CVE-2020-4349) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is… ∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by weak crypto algorithm (CVE-2020-4379) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is… ∗∗∗ Security Bulletin: Multiple vulnerabilities in netty affect IBM Spectrum Scale Transparent Cloud Tiering (CVE-2019-20445, CVE-2019-20444) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by verbose error message (CVE-2020-4357) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is… ∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affects IBM Virtualization Engine TS7700 – January 2020 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud Tiering(CVE-2020-7238) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.05.2020
by Daily end-of-shift report 26 May '20

26 May '20

===================== = End-of-Day report = ===================== Timeframe: Montag 25-05-2020 18:00 − Dienstag 26-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Dumping COVID-19.jar with Java Instrumentation ∗∗∗ --------------------------------------------- There is a generic and easy way to unpack Java malware that is not well-known yet. For demonstration I use a recent JAR malware sample that jumps on the COVID-19 bandwagon. --------------------------------------------- https://www.gdatasoftware.com/blog/2020/05/36083-dumping-covid-19jar-with-j… ∗∗∗ These Aren’t the Phish You’re Looking For ∗∗∗ --------------------------------------------- An Effective Technique for Avoiding Blacklists --------------------------------------------- https://medium.com/@curtbraz/these-arent-the-phish-you-re-looking-for-7374c… ∗∗∗ Fünf Zero-Day-Lücken veröffentlicht – Microsoft will erst später patchen ∗∗∗ --------------------------------------------- Das Team der Zero Day Initiative hat Informationen zu fünf Sicherheitslücken veröffentlicht, nachdem Microsoft die gesetzte Frist nicht einhielt. --------------------------------------------- https://heise.de/-4765191 ∗∗∗ Projekt SiSyPHuS Win10: Ergebnisse der Analyse zu PowerShell ∗∗∗ --------------------------------------------- Im Rahmen der Sicherheitsanalyse von Windows 10 (Projekt SiSyPHuS Win10) hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) die Ergebnisse der Analyse zu PowerShell veröffentlicht. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/SiSyPHuS_Powershe… ∗∗∗ ludwig-therese.net ist Fake ∗∗∗ --------------------------------------------- Auf der Suche nach einem Dirndl oder einer Lederhose? Viele KonsumentInnen gelangen momentan über betrügerische Werbeschaltungen auf Facebook und Instagram zum Fake-Shop ludwig-therese.net. ludwig-therese.net ist eine Kopie des seriösen Shops ludwig-therese.de. Wer bei ludwig-therese.net bestellt, erhält trotz Bezahlung keine Ware. --------------------------------------------- https://www.watchlist-internet.at/news/ludwig-theresenet-ist-fake/ ∗∗∗ RangeAmp attacks can take down websites and CDN servers ∗∗∗ --------------------------------------------- Twelve of thirteen CDN providers said they fixed or planned to fix the problem. --------------------------------------------- https://www.zdnet.com/article/rangeamp-attacks-can-take-down-websites-and-c… ∗∗∗ Do Androids dream of equal security? ∗∗∗ --------------------------------------------- Several pieces of research published by F-Secure Labs demonstrate that region-specific default configurations and settings in some flagship Android devices are creating security problems that affect people in some countries but not others. --------------------------------------------- https://blog.f-secure.com/android-security/ ===================== = Vulnerabilities = ===================== ∗∗∗ New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps ∗∗∗ --------------------------------------------- Remember Strandhogg? A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information. Late last year, at the time of its public disclosure, researchers also confirmed that some attackers were already exploiting the flaw in the [...] --------------------------------------------- https://thehackernews.com/2020/05/stranhogg-android-vulnerability.html ∗∗∗ Apple Mail: iOS-Updates beseitigen offenbar schwere Lücke ∗∗∗ --------------------------------------------- Mit iOS 13.5 und 12.4.7 hat Apple Sicherheitsforschern zufolge Schwachstellen behoben, die eine Manipulation der E-Mail-Inbox ermöglichten. --------------------------------------------- https://heise.de/-4764378 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (sqlite3), Fedora (libarchive and netdata), openSUSE (dom4j, dovecot23, gcc9, and memcached), Red Hat (devtoolset-9-gcc, httpd24-httpd and httpd24-mod_md, ipmitool, kernel, kpatch-patch, openvswitch, openvswitch2.11, openvswitch2.13, rh-haproxy18-haproxy, and ruby), and SUSE (freetds, jasper, libxslt, and sysstat). --------------------------------------------- https://lwn.net/Articles/821441/ ∗∗∗ FortiClient for Windows Insecure Temporary File vulnerability ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-20-040 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.05.2020
by Daily end-of-shift report 25 May '20

25 May '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 22-05-2020 18:00 − Montag 25-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Discord client turned into a password stealer by updated malware ∗∗∗ --------------------------------------------- A threat actor converted the AnarchyGrabber trojan into a new malware that steals passwords and user tokens, disables 2FA, and spreads malware to a victims friends. --------------------------------------------- https://www.bleepingcomputer.com/news/security/discord-client-turned-into-a… ∗∗∗ Portscan: Ebay.de scannt den Rechner auf offene Ports ∗∗∗ --------------------------------------------- Mit einem Javascript werden 14 Ports auf dem lokalen PC abgeklopft. --------------------------------------------- https://www.golem.de/news/portscan-ebay-de-scannt-den-rechner-auf-offene-po… ∗∗∗ 70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs ∗∗∗ --------------------------------------------- A lack of awareness about where and how open-source libraries are being used is problematic, researchers say. --------------------------------------------- https://threatpost.com/70-of-apps-open-source-bugs/156040/ ∗∗∗ New activity of DoubleGuns‘ gang, control hundreds of thousands of bots via public cloud service ∗∗∗ --------------------------------------------- Recently, our DNS data based threat monitoning system DNSmon flagged a suspicious domain pro.csocools.com. The system estimates the scale of infection may well above hundreds of thousands of users. By analyzing the related samples and C2s,We traced its family back to the ShuangQiang(double gun) campaign, [...] --------------------------------------------- https://blog.netlab.360.com/shuangqiang/ ∗∗∗ AgentTesla Delivered via a Malicious PowerPoint Add-In, (Sat, May 23rd) ∗∗∗ --------------------------------------------- Attackers are always trying to find new ways to deliver malicious code to their victims. Microsoft Word and Excel are documents that can be easily weaponized by adding malicious VBA macros. Today, they are one of the most common techniques to compromise a computer. Especially because Microsoft implemented automatically executed macros when the document is opened. In Word, the macro must be named AutoOpen(). In Excel, the name must be Workbook_Open(). However, PowerPoint does not support this [...] --------------------------------------------- https://isc.sans.edu/diary/rss/26162 ∗∗∗ Securing SSH: What To Do and What Not To Do ∗∗∗ --------------------------------------------- The SSH service is critical, ensuring its security is key. This blog will describe how best to secure the SSH service from threat actors. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/securing-ss… ∗∗∗ Thousands of enterprise systems infected by new Blue Mockingbird malware gang ∗∗∗ --------------------------------------------- Hackers are exploiting a dangerous and hard to patch vulnerability to go after enterprise servers. --------------------------------------------- https://www.zdnet.com/article/thousands-of-enterprise-systems-infected-by-n… ∗∗∗ Insidious Android malware gives up all malicious features but one to gain stealth ∗∗∗ --------------------------------------------- ESET researchers detect a new way of misusing Accessibility Service, the Achilles’ heel of Android security --------------------------------------------- https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-u… ===================== = Vulnerabilities = ===================== ∗∗∗ Apples iPhone und iPad: Aktueller Jailbreak für iOS 13.5 nutzt Zero-Day-Lücke aus ∗∗∗ --------------------------------------------- Kurz nach der Veröffentlichung von iOS 13.5 ist ein Jailbreak erschienen. Damit wird das Sicherheitssystem in iOS und iPadOS ausgehebelt. --------------------------------------------- https://www.golem.de/news/apples-iphone-und-ipad-aktueller-jailbreak-fuer-i… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, dovecot, openconnect, and powerdns-recursor), Debian (cracklib2, feh, netqmail, ruby-rack, tomcat7, and transmission), Fedora (dovecot, kernel, log4net, openconnect, python-markdown2, and unbound), Mageia (ansible, clamav, dovecot, file-roller, glpi, kernel, kernel-linus, libntlm, microcode, nmap, pdns-recursor, unbound, viewvc, and wireshark), openSUSE (ant, autoyast2, dpdk, file, freetype2, gstreamer-plugins-base, imapfilter, libbsd, [...] --------------------------------------------- https://lwn.net/Articles/821347/ ∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on FOX615 Multiservice-Multiplexer ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=1KHW003578&Language… ∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on Relion 670, Relion 650, SAM600-IO Series ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=1MRG035816&Language… ∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on AFS66x ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=1MRG000001&Language… ∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on NSD570 Teleprotection Equipment ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=1KHW003577&Language… ∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on ETL600 Power Line Carrier System ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=1KHW003576&Language… ∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on REB500 ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=1KHL501885&Language… ∗∗∗ 2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on RTU500 series ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=1KGT090327&Language… ∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Insights ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-ze ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vyatta-5600-vrouter-softw… ∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Grafana: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0495 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.05.2020
by Daily end-of-shift report 22 May '20

22 May '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 20-05-2020 18:00 − Freitag 22-05-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Drahtlos-Standard: Bluetooth-Sicherheitslücke betrifft praktisch alle Geräte ∗∗∗ --------------------------------------------- Bluetooth erfordert beim Verbindungsaufbau keine beidseitige Authentifizierung. Der Angriff Bias funktioniert als Master und als Slave. --------------------------------------------- https://www.golem.de/news/drahtlos-standard-bluetooth-sicherheitsluecke-bet… ∗∗∗ Sarwent Malware Continues to Evolve With Updated Command Functions ∗∗∗ --------------------------------------------- Sarwent has received little attention from researchers, but this backdoor malware is still being actively developed, with new commands and a focus on RDP. --------------------------------------------- https://labs.sentinelone.com/sarwent-malware-updates-command-detonation/ ∗∗∗ Shining a light on “Silent Night” Zloader/Zbot ∗∗∗ --------------------------------------------- The latest Malwarebytes Threat Intel report focuses on Silent Night, a new banking Trojan recently tracked as Zloader/Zbot. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2020/05/the-silent-night-zloa… ∗∗∗ Vulnerability Spotlight: Memory corruption vulnerability in GNU Glibc leaves smart vehicles open to attack ∗∗∗ --------------------------------------------- Modern automobiles are complex machines, merging both mechanical and computer systems under one roof. As automobiles become more advanced, additional sensors and devices are added to help the vehicle understand its internal and external environments. These sensors provide drivers with real-time information, connect the vehicle to the global fleet network and, in some cases, actively use and interpret this telemetry data to drive the [...] --------------------------------------------- https://blog.talosintelligence.com/2020/05/cve-2020-6096.html ∗∗∗ Bequemlichkeit vs. Sicherheit bei Smart‑Home Geräten ∗∗∗ --------------------------------------------- Trotz der wachsenden Akzeptanz von Smart-Home-Geräten, sollten wir unsere Privatsphäre und Sicherheit nicht der Bequemlichkeit opfern. --------------------------------------------- https://www.welivesecurity.com/deutsch/2020/05/20/bequemlichkeit-vs-sicherh… ∗∗∗ Tools Used in GhostDNS Router Hijack Campaigns Dissected ∗∗∗ --------------------------------------------- The source code of the GhostDNS exploit kit (EK) has been obtained and analyzed by researchers. GhostDNS is used to compromise a wide range of routers to facilitate phishing -- perhaps more accurately, pharming -- for banking credentials. Target routers are mostly, but not solely, located in Latin America. --------------------------------------------- https://www.securityweek.com/tools-used-ghostdns-router-hijack-campaigns-di… ∗∗∗ Ragnar Locker Ransomware Uses Virtual Machines for Evasion ∗∗∗ --------------------------------------------- The Ragnar Locker ransomware has been deploying a full virtual machine to ensure that it can evade detection, Sophos reveals. --------------------------------------------- https://www.securityweek.com/ragnar-locker-ransomware-uses-virtual-machines… ∗∗∗ Free ImmuniWeb Tool Allows Organizations to Check Dark Web Exposure ∗∗∗ --------------------------------------------- Web security company ImmuniWeb this week announced a free tool that allows businesses and government organizations to check their dark web exposure. --------------------------------------------- https://www.securityweek.com/free-immuniweb-tool-allows-organizations-check… ∗∗∗ Wahre Liebe oder Betrug? So finden Sie es heraus! ∗∗∗ --------------------------------------------- Egal ob auf Sozialen Netzwerken wie Facebook oder Instagram, auf Online-Partnerbörsen oder einfach per Mail - immer wieder melden uns LeserInnen sogenannte Love- oder Romance-Scammer. Durch Liebesbeteuerungen und Geschichten aus Ihrem Alltag erschleichen sich die BetrügerInnen das Vertrauen der Opfer. Tatsächlich geht es aber auch bei dieser Betrugsmasche nur um eines: Geld. --------------------------------------------- https://www.watchlist-internet.at/news/wahre-liebe-oder-betrug-so-finden-si… ∗∗∗ Spectra: Neuartiger Angriff überwindet Trennung von WLAN und Bluetooth ∗∗∗ --------------------------------------------- Er richtet sich gegen Combo-Chips der Hersteller Broadcom und Cypress. Sie finden sich unter anderem in iPhones, MacBooks und Galaxy-S-Smartphones. Spectra nutzt Schwachstellen in einer Funktion, die einen schnellen Wechsel von einer Funktechnik zur anderen erlaubt. --------------------------------------------- https://www.zdnet.de/88380022/spectra-neuartiger-angriff-ueberwindet-trennu… ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003 ∗∗∗ --------------------------------------------- Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. The vulnerability is caused by insufficient validation of the destination query parameter in the drupal_goto() function. --------------------------------------------- https://www.drupal.org/sa-core-2020-003 ∗∗∗ Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002 ∗∗∗ --------------------------------------------- The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are [...] security issues in jQuery’s DOM manipulation methods, as in .html(), .append(), and the others. --------------------------------------------- https://www.drupal.org/sa-core-2020-002 ∗∗∗ Apple Security Update: Xcode 11.5 ∗∗∗ --------------------------------------------- Impact: A crafted git URL that contains a newline in it may cause credential information to be provided for the wrong host --------------------------------------------- https://support.apple.com/en-us/HT211183 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (keycloak, qemu, and thunderbird), Debian (dovecot), Fedora (abcm2ps and oddjob), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, and kernel-rt), SUSE (ant, bind, and freetype2), and Ubuntu (bind9 and linux, linux-aws, linux-aws-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3,linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2 ). --------------------------------------------- https://lwn.net/Articles/821093/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox, ipmitool, kernel, squid, and thunderbird), Debian (pdns-recursor), Fedora (php and ruby), Red Hat (dotnet and dotnet3.1), SUSE (dom4j, dovecot23, memcached, and tomcat), and Ubuntu (clamav, libvirt, and qemu). --------------------------------------------- https://lwn.net/Articles/821205/ ∗∗∗ Hackers Can Target Rockwell Industrial Software With Malicious EDS Files ∗∗∗ --------------------------------------------- Rockwell Automation recently patched two vulnerabilities related to EDS files that can allow malicious actors to expand their access within a targeted organization’s OT network. --------------------------------------------- https://www.securityweek.com/hackers-can-target-rockwell-industrial-softwar… ∗∗∗ 2020-05-21: SECURITY ABB Device Library Wizard Information Disclosure Vulnerability (2PAA121681) ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2PAA121681&Language… ∗∗∗ Cisco AMP for Endpoints Linux Connector and AMP for Endpoints Mac Connector Software Memory Buffer Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Contact Center Express Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Collaboration Provisioning Software SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Network Registrar DHCP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco AMP for Endpoints Mac Connector Software File Scan Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ [webapps] PHPFusion 9.03.50 - Persistent Cross-Site Scripting ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/48497 ∗∗∗ CVE-2004-0230 Blind Reset Attack Using the RST/SYN Bit ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-16-039 ∗∗∗ Linux kernel vulnerability CVE-2019-19059 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K06554372 ∗∗∗ Linux kernel vulnerability CVE-2019-19062 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K84797753 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily