Daily

daily@lists.cert.at

1 participants
3252 discussions

Tageszusammenfassung - 02.09.2020
by Daily end-of-shift report 02 Sep '20

02 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 01-09-2020 18:00 − Mittwoch 02-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Attackers abuse Google DNS over HTTPS to download malware ∗∗∗ --------------------------------------------- More details have emerged on a malware sample that uses Google DNS over HTTPS to retrieve the stage 2 malicious payload. --------------------------------------------- https://www.bleepingcomputer.com/news/security/attackers-abuse-google-dns-o… ∗∗∗ Exposed Windows Domain Controllers Used in CLDAP DDoS Attacks, (Tue, Sep 1st) ∗∗∗ --------------------------------------------- LDAP, like many UDP based protocols, has the ability to send responses that are larger than the request. With UDP not requiring any handshake before data is sent, these protocols make ideal amplifiers for reflective distributed denial of service attacks. Most commonly, these attacks abuse DNS and we have talked about this in the past. But LDAP is another protocol that is often abused. --------------------------------------------- https://isc.sans.edu/diary/rss/26526 ∗∗∗ Using assert() to Execute Malware in PHP 7 Environments ∗∗∗ --------------------------------------------- Initially released December 2015, PHP 7 introduced a multitude of performance and security improvements. Approximately 43.7% of websites across the web currently use PHP 7.x, making it an incredibly popular scripting language — which is likely why attackers are creating malware to target environments which leverage it. During a recent investigation, our team stumbled across some malicious code which is used to inject a .user.ini file into a PHP 7 environment and add zend.assertions = 1. --------------------------------------------- https://blog.sucuri.net/2020/09/using-assert-to-execute-malware-php-7.html ∗∗∗ Cloud firewall management API SNAFU put 500k SonicWall customers at risk ∗∗∗ --------------------------------------------- TL;DR I found an IDOR in SonicWall’s cloud management platform API Any user could add themselves to any account at any organisation using it Anyone could create a user account [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/cloud-firewall-management-api… ∗∗∗ Erpressungs-Mail mit Bombendrohung massenhaft versendet ∗∗∗ --------------------------------------------- Vorsicht vor einer betrügerischen Erpressungs-E-Mail: Kriminelle versenden Nachrichten, in denen sie behaupten, dass eine Bombe im Geschäftsgebäude der EmpfängerInnen platziert wurde. Sollten die Unternehmen, die die Nachrichten erhalten haben, nicht binnen 80 Stunden 20.000 Dollar in Bitcoin bezahlen, soll diese explodieren. Die E-Mail ist frei erfunden und es muss nichts bezahlt werden! --------------------------------------------- https://www.watchlist-internet.at/news/erpressungs-mail-mit-bombendrohung-m… ===================== = Vulnerabilities = ===================== ∗∗∗ New Intel microcode updates for Windows 10 fix CPU hardware bugs ∗∗∗ --------------------------------------------- Microsoft has released a new batch of Intel microcode updates for Windows 10 2004, 1909, 1903, and older versions to fix hardware bugs in Intel CPUs. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/new-intel-microcode-updates… ∗∗∗ Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws ∗∗∗ --------------------------------------------- Two flaws - one of them yet to be fixed - are afflicting a third-party plugin used by Magento e-commerce websites. --------------------------------------------- https://threatpost.com/magento-sites-vulnerable-to-rce-stemming-from-magmi-… ∗∗∗ Verschlüsselung: TLS-1.3-Fauxpas gefährdet Embedded-Systeme mit wolfSSL ∗∗∗ --------------------------------------------- Aus Sicherheitsgründen sollten Admins die TLS-Programmbibliothek wolfSSL auf den aktuellen Stand bringen. --------------------------------------------- https://heise.de/-4883741 ∗∗∗ TYPO3-EXT-SA-2020-017: Multiple vulnerabilities in extension "Event management and registration" (sf_event_mgt) ∗∗∗ --------------------------------------------- It has been discovered that the extension "Event management and registration" (sf_event_mgt) is susceptible to Information Disclosure and Broken Access Control. --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2020-017 ∗∗∗ TYPO3-EXT-SA-2020-016: Information Disclosure in extension "Localization Manager" (l10nmgr) ∗∗∗ --------------------------------------------- It has been discovered that the extension "Localization Manager" (l10nmgr) is susceptible to Information Disclosure. --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2020-016 ∗∗∗ 700,000 WordPress Users Affected by Zero-Day Vulnerability in File Manager Plugin ∗∗∗ --------------------------------------------- This morning, on September 1, 2020, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being actively exploited in File Manager, a WordPress plugin with over 700,000 active installations. This vulnerability allowed unauthenticated users to execute commands and upload malicious files on a target site. A patch was released this morning [...] --------------------------------------------- https://www.wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-z… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Mageia (mutt and putty), openSUSE (ldb, samba, libqt5-qtbase, opera, and postgresql10), Red Hat (bash, kernel, and libvncserver), SUSE (apache2, curl, and squid), and Ubuntu (ark, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, [...] --------------------------------------------- https://lwn.net/Articles/830392/ ∗∗∗ Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W ∗∗∗ --------------------------------------------- https://sec-consult.com/./en/blog/advisories/multiple-vulnerabilities-in-re… ∗∗∗ Security Advisory - Command Injection Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200902-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200902-… ∗∗∗ Security Advisory - Information Disclosure Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200902-… ∗∗∗ Security Advisory - Remote Code Execution vulnerability in Apache Struts 2 ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200902-… ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.9.0 ESR) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.2.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Vulnerability in Apache Commons Codec affects IBM Spectrum Scale Transparent Cloud Tiering (177835) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-c… ∗∗∗ Security Bulletin: Code injection vulnerability in IBM Spectrum Protect Operations Center (CVE-2020-4693) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-code-injection-vulnerabil… ∗∗∗ Security Bulletin: Information Disclosure vulnerability in IBM Spectrum Protect Server (CVE-2020-4591) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by Use of Hard-Coded Credentials vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a Java vulnerability (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-transp… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OS Command Injection vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OS Command Injection vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.09.2020
by Daily end-of-shift report 01 Sep '20

01 Sep '20

===================== = End-of-Day report = ===================== Timeframe: Montag 31-08-2020 18:00 − Dienstag 01-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers are backdooring QNAP NAS devices with 3-year old RCE bug ∗∗∗ --------------------------------------------- Hackers are scanning for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions, trying to exploit a remote code execution (RCE) vulnerability addressed by QNAP in a previous release. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-are-backdooring-qnap… ∗∗∗ DLL Fixer leads to Cyrat Ransomware ∗∗∗ --------------------------------------------- A new ransomware uses an unusual symmetric encryption method named "Fernet". It is Python based and appends .CYRAT to encrypted files. --------------------------------------------- https://feeds.feedblitz.com/~/634890360/0/gdatasecurityblog-en~DLL-Fixer-le… ∗∗∗ Notarisierte Mac-Malware: Apple beglaubigte offenbar mehrfach Trojaner ∗∗∗ --------------------------------------------- Apples Notarisierungsdienst soll Mac-Nutzer vor Malware schützen. Nun beglaubigte der Hersteller auch den notorischen Schädling "Shlayer". --------------------------------------------- https://heise.de/-4882770 ∗∗∗ New web skimmer steals credit card data, sends to crooks via Telegram ∗∗∗ --------------------------------------------- Criminals steal payment data from online shoppers by abusing the Telegram instant messaging API, inserting credit card skimming code. --------------------------------------------- https://blog.malwarebytes.com/web-threats/2020/09/web-skimmer-steals-credit… ∗∗∗ Quarterly Report: Incident Response trends in Summer 2020 ∗∗∗ --------------------------------------------- By David Liebenberg and Caitlin Huey. For the fifth quarter in a row, Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape. Infections involved a wide variety of malware families including Ryuk, Maze, LockBit, and Netwalker, among others. In a continuation of trends observed in last quarter’s report, these ransomware attacks have relied much less on commodity trojans such as Emotet and Trickbot. --------------------------------------------- https://blog.talosintelligence.com/2020/09/CTIR-quarterly-trends-Q4-2020.ht… ∗∗∗ Gratis iPhone 11 oder Samsung Galaxy S20 durch Hofer-Umfrage? ∗∗∗ --------------------------------------------- Kriminelle geben sich als Hofer aus und versenden wahllos E-Mails, in denen behauptet wird, Ihre E-Mail- bzw. IP-Adresse sei ausgewählt worden. Sie sollen daher an einer kurzen Umfrage teilnehmen und dadurch ein kostenloses iPhone 11 oder Samsung Galaxy S20 erhalten. Vorsicht: Die E-Mail stammt nicht von Hofer, Sie erhalten kein Smartphone geschenkt und Sie landen in einer teuren Abo-Falle! --------------------------------------------- https://www.watchlist-internet.at/news/gratis-iphone-11-oder-samsung-galaxy… ∗∗∗ Cybersquatting: Attackers Mimicking Domains of Major Brands Including Facebook, Apple, Amazon and Netflix to Scam Consumers ∗∗∗ --------------------------------------------- Our researchers analyzed data on cybersquatting to learn which domains attackers most often mimic and other key details of the practice. --------------------------------------------- https://unit42.paloaltonetworks.com/cybersquatting/ ∗∗∗ "Accessible Ubiquiti Service Discovery": Erster Datenfeed in der Taxonomie "Intrusions" ∗∗∗ --------------------------------------------- Ubiquiti Geräte benutzen ein Discovery Protokoll, um sich gegenseitig automatisch zu erkennen. Während das innerhalb des eigenen Netzwerks nützlich sein kann, machen fehlerhaft konfigurierte Geräte eine Vielzahl an Daten über sich öffentlich abrufbar. Als wäre dieses Problem nicht genug, gab es in älteren Firmware-Versionen eine Schwachstelle, die eine automatisierte Übernahme der betroffenen Systeme ermöglicht(e). --------------------------------------------- https://cert.at/de/blog/2020/9/accessible-ubiquiti-service-discovery-erster… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates: Schutzsoftware von Trend Micro kann PCs gefährden ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitspatches für Trend Micro Apex One und OfficeScan XG. --------------------------------------------- https://heise.de/-4883268 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apache2 and libx11), Fedora (batik, ecj, eclipse, eclipse-cdt, eclipse-ecf, eclipse-emf, eclipse-gef, eclipse-m2e-core, eclipse-mpc, eclipse-mylyn, eclipse-remote, eclipse-webtools, firefox, httpd, jetty, lucene, selinux-policy, and univocity-parsers), Mageia (hylafax+), openSUSE (ark and chromium), Red Hat (virt:8.2 and virt-devel:8.2), SUSE (freeradius-server, freerdp, php7, php72, php74, and xorg-x11-server), and Ubuntu (freerdp2, keystone, [...] --------------------------------------------- https://lwn.net/Articles/830278/ ∗∗∗ QNAP NAS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0857 ∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affect IBM Cloud Manager with OpenStack (CVE-2019-2949) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Vulnerabilities in Faster-XML jackson-databind affects IBM Operations Analytics Predictive Insights ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster… ∗∗∗ Security Bulletin: Vulnerabilities in Faster-XML jackson-databind affect IBM Operations Analytics Predictive Insights ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster… ∗∗∗ Security Bulletin: IBM® Java™ SDK Technology Edition, Oct 2019, affects IBM Security Identity Manager Virtual Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-technology-e… ∗∗∗ Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-… ∗∗∗ Security Bulletin: Vulnerabilities in Faster-XML jackson affect IBM Operations Analytics Predictive Insights (CVE-2019-14060, CVE-2019-14661, CVE-2019-14662) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Apache Struts Affect IBM Sterling File Gateway (CVE-2019-0233, CVE-2019-0230) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Vulnerability in Bash affects IBM Spectrum Protect Plus (CVE-2019-9924) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bash-aff… ∗∗∗ Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities – Apache Thrift (CVE-2019-0205) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-usi… ∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server(Liberty profile) affects IBM Operations Analytics Predictive Insights (CVE-2020-4329) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-we… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.08.2020
by Daily end-of-shift report 31 Aug '20

31 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 28-08-2020 18:00 − Montag 31-08-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Emotet malwares new Red Dawn attachment is just as dangerous ∗∗∗ --------------------------------------------- The Emotet botnet has begun to use a new template for their malicious attachments, and it is just as dangerous as ever. --------------------------------------------- https://www.bleepingcomputer.com/news/security/emotet-malwares-new-red-dawn… ∗∗∗ Finding The Original Maldoc, (Sun, Aug 30th) ∗∗∗ --------------------------------------------- Xavier wrote about a "Malicious Excel Sheet with a NULL VT Score" and I showed how to extract the VBA code from the maldoc cleaned by AV. --------------------------------------------- https://isc.sans.edu/diary/rss/26520 ∗∗∗ Persistent WordPress User Injection ∗∗∗ --------------------------------------------- Our team recently stumbled across an interesting example of malicious code used to add an arbitrary user inside WordPress. The following code was detected at the bottom of the theme’s functions.php. It uses internal WordPress functions like wp_create_user() and add_role() to create a new user and elevate its role to “administrator:” --------------------------------------------- https://blog.sucuri.net/2020/08/persistent-wordpress-user-injection.html ∗∗∗ Its Not Just an Unusual Login: Why Pay Attention to Threats Facing SaaS and Cloud? ∗∗∗ --------------------------------------------- There is a whole category of cyber-attacks largely untouched by the media. With breaking threat discoveries usually focused on targeted spear-phishing campaigns or widespread ransomware, cyber-attacks targeting cloud and SaaS are often overlooked. --------------------------------------------- https://www.securityweek.com/its-not-just-unusual-login-why-pay-attention-t… ∗∗∗ Cisco warns of actively exploited IOS XR zero-day ∗∗∗ --------------------------------------------- Cisco said it discovered the attacks last week during a support case the companys support team was called in to investigate. --------------------------------------------- https://www.zdnet.com/article/cisco-warns-of-actively-exploited-ios-xr-zero… ∗∗∗ Malware in Spiele-API ∗∗∗ --------------------------------------------- Eine Javascript-Malware auf dem npm-Portal, einem Teil von Github, täuschte vor, eine Schnittstelle zum Partyspiel "Fallguys: Ultimate Knockout" zu sein. --------------------------------------------- https://www.zdnet.de/88382359/malware-in-spiele-api/ ===================== = Vulnerabilities = ===================== ∗∗∗ Critical Slack Bug Allows Access to Private Channels, Conversations ∗∗∗ --------------------------------------------- The RCE bug affects versions below 4.4 of the Slack desktop app. --------------------------------------------- https://threatpost.com/critical-slack-bug-access-private-channels-conversat… ∗∗∗ Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, [...] --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- released on 2020-08-28 and 2020-08-29 --------------------------------------------- https://www.ibm.com/blogs/psirt/2020/08/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bind9 and squid), Fedora (libX11 and wireshark), Gentoo (libX11 and redis), Mageia (firefox, libx11, qt4 and qt5base, and x11-server), openSUSE (gettext-runtime, inn, and webkit2gtk3), Oracle (firefox), SUSE (libqt5-qtbase, openvpn, openvpn-openssl1, postgresql10, and targetcli-fb), and Ubuntu (chrony, nss, and squid). --------------------------------------------- https://lwn.net/Articles/829847/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bacula, bind9, freerdp, libvncserver, lilypond, mupdf, ndpi, openexr, php-horde, php-horde-core, php-horde-gollem, php-horde-kronolith, ros-actionlib, thunderbird, and xorg-server), Fedora (golang-github-ulikunitz-xz and qt), Gentoo (bind, chrony, ghostscript-gpl, kleopatra, openjdk, and targetcli-fb), Mageia (ark, evolution-data-server, fossil, kernel, kernel-linus, and thunderbird), openSUSE (apache2, graphviz, grub2, inn, librepo, and [...] --------------------------------------------- https://lwn.net/Articles/830137/ ∗∗∗ Trend Micro Apex One: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0854 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.08.2020
by Daily end-of-shift report 28 Aug '20

28 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 27-08-2020 18:00 − Freitag 28-08-2020 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Zahlen ohne PIN – Forscher knacken Visas NFC-Bezahlfunktion ∗∗∗ --------------------------------------------- Kontaktlos und ohne PIN bezahlten Forscher mit einer Visa-Karte quasi beliebig teure Produkte. --------------------------------------------- https://heise.de/-4881555 ∗∗∗ Achtung vor betrügerischen Werbeanzeigen auf Facebook, Instagram und Google! ∗∗∗ --------------------------------------------- Überall lauert Werbung, die uns dazu bringen will, ein bestimmtes Produkt zu kaufen oder eine Dienstleistung in Anspruch zu nehmen. Doch nicht jede Werbung ist seriös. Unter den vielen legitimen Werbetreibenden finden sich auch immer wieder Kriminelle. Das gilt für Soziale Medien genauso wie für Anzeigen, die bei einer Google-Suche ganz oben auftauchen. Wir zeigen Ihnen auf was Sie achten müssen, um unseriöse Werbeanzeigen zu entlarven! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-betruegerischen-werbeanz… ∗∗∗ Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning ∗∗∗ --------------------------------------------- Microsoft Defender ATP leverages AMSI’s visibility into scripts and harnesses the power of machine learning to detect and stop post-exploitation activities that largely rely on scripts. --------------------------------------------- https://www.microsoft.com/security/blog/2020/08/27/stopping-active-director… ∗∗∗ Exploring the Ubiquiti UniFi Cloud Key Gen2 Plus ∗∗∗ --------------------------------------------- Scoping attack surface, setting up debugging for UniFi Protect and UniFi Management Portal APIs, and finding unauthenticated API vulnerabilities --------------------------------------------- https://medium.com/tenable-techblog/exploring-the-ubiquiti-unifi-cloud-key-… ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple NETGEAR switching hubs vulnerable to cross-site request forgery ∗∗∗ --------------------------------------------- GS716Tv2 and GS724Tv3 provided by NETGEAR contain a cross-site request forgery vulnerability. --------------------------------------------- https://jvn.jp/en/jp/JVN29903998/ ∗∗∗ Cisco NX-OS Software Call Home Command Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of specific Call Home configuration parameters when the software is configured for transport method HTTP. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ [webapps] Wordpress Plugin Autoptimize 2.7.6 - Arbitrary File Upload (Authenticated) ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/48770 ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Resilient users may experience a denial of service of the SOAR Platform due to a insufficient input validation (CVE-2019-4579) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-users-may-e… ∗∗∗ Security Bulletin: Information Disclosure vulnerability in IBM Spectrum Protect Server (CVE-2020-4591) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition for Content Collecor for SAP Applications ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-… ∗∗∗ Security Bulletin: IBM Resilient users may experience a denial of service of the SOAR Platform due to a insufficient input validation (CVE-2019-4533) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-users-may-e… ∗∗∗ Security Bulletin: Information disclosure vulnerability in WebSphere Application Server – Liberty affects IBM MobileFirst Platform Foundation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: Vulnerability exposure ( deferred from Oracle Jan 2020 Java CPU ) in IBM Java SDK affects IBM Operations Analytics Predictive Insights ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-exposure-de… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jul 2020 – Includes Oracle Jul 2020 CPU plus one additional vulnerability affects Content Collecor for SAP Applications ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: Denial of Service vulnerability in IBM Spectrum Protect Server (CVE-2020-4559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnera… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.08.2020
by Daily end-of-shift report 27 Aug '20

27 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 26-08-2020 18:00 − Donnerstag 27-08-2020 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Revamped Qbot Trojan Packs New Punch: Hijacks Email Threads ∗∗∗ --------------------------------------------- New version of trojan is spreading fast and already has claimed 100,000 victims globally, Check Point has discovered. --------------------------------------------- https://threatpost.com/revamped-qbot-trojan-packs-new-punch-hijacks-email-t… ∗∗∗ Security.txt - one small file for an admin, one giant help to a security researcher, (Thu, Aug 27th) ∗∗∗ --------------------------------------------- The draft standard "A File Format to Aid in Security Vulnerability Disclosure" covers the creation of a file called "security.txt" in the /.well-known/ path on a web server, or in its root, which contains information relevant to the security of the server. --------------------------------------------- https://isc.sans.edu/diary/rss/26510 ∗∗∗ Cybercrime: Trickbot droht nun ebenfalls mit Veröffentlichung ∗∗∗ --------------------------------------------- Die mit Emotet verbundene Trickbot-Bande setzt eine neue Ransomware ein und betreibt jetzt auch eine eigene Leak-Plattform. --------------------------------------------- https://heise.de/-4879948 ∗∗∗ Mysteriöse Popup-Meldungen verunsichern Android-Nutzer ∗∗∗ --------------------------------------------- "Test" – das ist der lapidare Inhalt von Push-Nachrichten, die derzeit offenbar in großem Umfang auf Android-Handys auf-poppen. --------------------------------------------- https://heise.de/-4880604 ∗∗∗ Microsoft Warns of New Anubis Info-Stealer Distributed in the Wild ∗∗∗ --------------------------------------------- Microsoft warned on Thursday that a recently uncovered piece of malware designed to help cybercriminals steal information from infected systems is now actively distributed in the wild. --------------------------------------------- https://www.securityweek.com/microsoft-warns-new-anubis-info-stealer-distri… ∗∗∗ Cetus: Cryptojacking Worm Targeting Docker Daemons ∗∗∗ --------------------------------------------- Cetus is a new and improved Docker cryptojacking worm mining for Monero, discovered in a Docker daemon honeypot. --------------------------------------------- https://unit42.paloaltonetworks.com/cetus-cryptojacking-worm/ ===================== = Vulnerabilities = ===================== ∗∗∗ Foxit Studio Photo für Windows: Neue Version gegen Schwachstellen abgesichert ∗∗∗ --------------------------------------------- Version 3.6.6.928 der Bildbearbeitungssoftware Foxit Studio Photo schließt zwei Schwachstellen, deren Ausnutzung eine Nutzerinteraktion erfordert hätte. --------------------------------------------- https://heise.de/-4879609 ∗∗∗ Angreifer könnten F5 BIG-IP Application Security Manager lahmlegen ∗∗∗ --------------------------------------------- F5 hat wichtige Sicherheitsupdates für verschiedene BIG-IP Appliances veröffentlicht. --------------------------------------------- https://heise.de/-4880348 ∗∗∗ Sicherheitsupdates: Cisco sichert Netzwerksoftware NX-OS gegen DoS-Attacken ab ∗∗∗ --------------------------------------------- Aufgrund von mehreren Sicherheitslücken könnten Angreifer verschiedene Switch-Modelle von Cisco attackieren. --------------------------------------------- https://heise.de/-4880654 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr and nginx), Fedora (firefox, firejail, and lua), Gentoo (chromium, docker, firefox and thunderbird, net-snmp, postgresql, and wireshark), openSUSE (chromium, claws-mail, dovecot23, libreoffice, and python3), Oracle (kernel), Scientific Linux (firefox), SUSE (apache2, graphviz, and libxslt), and Ubuntu (firefox, libmysofa, and squid3). --------------------------------------------- https://lwn.net/Articles/829690/ ∗∗∗ Vulnerabilities Expose Popular DVB-T2 Set-Top Boxes to Botnets: Researchers ∗∗∗ --------------------------------------------- Avast security researchers have identified vulnerabilities in DVB-T2 devices that could allow attackers to ensnare them in botnets. --------------------------------------------- https://www.securityweek.com/vulnerabilities-expose-popular-dvb-t2-set-top-… ∗∗∗ Mozilla Thunderbird: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/08/warn… ∗∗∗ Security Bulletin: Vulnerability in Netty 4.1.x before 4.1.46 affects IBM Operations Analytics Predictive Insights (CVE-2020-11612) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-netty-4-… ∗∗∗ Security Bulletin: CVE-2020-2654 in IBM® Runtime Environment Java™ affects TXSeries for Multiplatforms ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-in-ibm-runt… ∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by IBM SDK, Java Technology Edition Quarterly CPU – Apr 2020 vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: WebSphere Application Server ND is vulnerable to cross-site scripting (CVE-2020-4575) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins… ∗∗∗ Security Bulletin: Openstack Keystone vulnerabilities affects IBM Spectrum Scale (CVE-2020-12689) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openstack-keystone-vulner… ∗∗∗ Security Bulletin: A vulnerability in IBM® Java™ Runtime Environment affects IBM CICS TX on Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.08.2020
by Daily end-of-shift report 26 Aug '20

26 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 25-08-2020 18:00 − Mittwoch 26-08-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New SunCrypt Ransomware sheds light on Mazes ransomware cartel ∗∗∗ --------------------------------------------- A new ransomware named SunCrypt has joined the Maze cartel, and with their membership, we get insight into how these groups are working together. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-suncrypt-ransomware-shed… ∗∗∗ Reverse Engineering and observing an IoT botnet ∗∗∗ --------------------------------------------- IoT devices are everywhere around us and some of them are not up to date with todays security standard. A single light bulb exposed to the internet can offer an attacker a variety of possibilities to attack companies or households. The possibilities are endless. --------------------------------------------- https://www.gdatasoftware.com/blog/2020/08/36243-reverse-engineering-and-ob… ∗∗∗ [SANS ISC] Malicious Excel Sheet with a NULL VT Score ∗∗∗ --------------------------------------------- I published the following diary on isc.sans.edu: "Malicious Excel Sheet with a NULL VT Score": Just a quick diary today to demonstrate, once again, that relying only on a classic antivirus solution is not sufficient in 2020. I found a sample that just has a very nice score of 0/57 on VT. --------------------------------------------- https://blog.rootshell.be/2020/08/26/sans-isc-malicious-excel-sheet-with-a-… ∗∗∗ Emulation of Malicious Shellcode With Speakeasy ∗∗∗ --------------------------------------------- In order to enable emulation of malware samples at scale, we have developed the Speakeasy emulation framework. Speakeasy aims to make it as easy as possible for users who are not malware analysts to acquire triage reports in an automated way, as well as enabling reverse engineers to write custom plugins to triage difficult malware families. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/08/emulation-of-malicious-… ∗∗∗ Most organizations have no Active Directory cyber disaster recovery plan ∗∗∗ --------------------------------------------- Although 97% of organizations said that Active Directory (AD) is mission-critical, more than half never actually tested their AD cyber disaster recovery process or do not have a plan in place at all, a Semperis survey of over 350 identity-centric security leaders reveals. "The expanded work-from-home environment makes organizational identity a priority and also increases the attack surface relative to Active Directory," said Charles Kolodgy, Principal at Security Mindsets. --------------------------------------------- https://www.helpnetsecurity.com/2020/08/26/active-directory-cyber-disaster-… ∗∗∗ Vorsicht beim privaten Autokauf: Spedition alo-car.com ist Fake! ∗∗∗ --------------------------------------------- Bei der Suche nach günstigen Gebrauchtautos, Wohnmobilen oder Motorrädern, sind Kleinanzeigenplattformen oftmals die beste Option. Doch seien Sie vorsichtig, wenn Ihr Gegenüber sich angeblich im Ausland befindet und den Kauf über eine Spedition abwickeln will. In vielen Fällen handelt es sich dabei um erfundene Speditionen und um Kriminelle, die nur an Ihr Geld wollen. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-beim-privaten-autokauf-sped… ∗∗∗ Conti (Ryuk) joins the ranks of ransomware gangs operating data leak sites ∗∗∗ --------------------------------------------- More and more ransomware gangs are now operating sites where they leak sensitive data from victims who refuse to pay the ransom demand. --------------------------------------------- https://www.zdnet.com/article/conti-ryuk-joins-the-ranks-of-ransomware-gang… ∗∗∗ Söldner starten APT-Attacken ∗∗∗ --------------------------------------------- Eine Hackergruppe, die sich als Söldner für verschiedene Auftraggeber verdingt, hat laut Erkenntnissen von Bitdefender Cyber-Spionageangriffe per Advanced-Persistent-Threat-(APT) mit Zero-Day-Attacken auf Autodesk 3ds Max genutzt, um geistiges Eigentum zu stehlen. --------------------------------------------- https://www.zdnet.de/88382317/soeldner-starten-apt-attacken/ ===================== = Vulnerabilities = ===================== ∗∗∗ Magento Multiversion (1.x/2.x) Backdoor ∗∗∗ --------------------------------------------- The Magento 1 EOL date has already passed, however it’s evident that a large number of websites will continue to use it for the foreseeable future. Unfortunately, attackers are also aware that many websites are straggling with their Magento migrations and post compromise tools have been created to support deployment for both Magento 1.x and 2.x versions, making it easier for them to exploit a larger number of sites. --------------------------------------------- https://blog.sucuri.net/2020/08/magento-multiversion-1-x-2-x-backdoor.html ∗∗∗ Extensive file permissions on service executable in Eikon Thomson Reuters (CVE-2019-10679) ∗∗∗ --------------------------------------------- SEC Consult found a vulnerability that allows unprivileged users to escalate their privileges to SYSTEM in Eikon of Thomson Reuters. This is possible due to extensive file permissions that allow standard users to modify executable files. --------------------------------------------- https://sec-consult.com/en/blog/advisories/extensive-file-permissions-on-se… ∗∗∗ Huawei Security Advisories ∗∗∗ --------------------------------------------- Huawei has published 20 new or updated Security Advisories. --------------------------------------------- https://www.huawei.com/en/psirt/all-bulletins ∗∗∗ WordPress: Sicherheitslücken in millionenfach installiertem Plugin Autoptimize ∗∗∗ --------------------------------------------- Nutzer des Plugins Autoptimize sollten dieses zügig auf 2.7.7 updaten. Für eine von zwei geschlossenen Lücken soll demnächst Demo-Code veröffentlicht werden. --------------------------------------------- https://heise.de/-4879463 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, ghostscript, php7.0, and proftpd-dfsg), Fedora (mod_http2 and thunderbird), Red Hat (chromium-browser and firefox), and SUSE (apache2, grub2, samba, and xorg-x11-server). --------------------------------------------- https://lwn.net/Articles/829609/ ∗∗∗ F5 BIG-IP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0843 ∗∗∗ Security Bulletin: August 2020 : CVE-2020-2654 in IBM Java Runtime affect CICS Transaction Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-august-2020-cve-2020-2654… ∗∗∗ Security Bulletin: Kerberos vulnerability in IBM Java Runtime affects Collaboration and Deployment Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-kerberos-vulnerability-in… ∗∗∗ Security Bulletin: BEAST security vulnerability in IBM Tivoli Netcool Performance Manager for Wireline( CVE-2011-3389) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-beast-security-vulnerabil… ∗∗∗ Security Bulletin: Vulnerability in Apache Batik affects WebSphere Application Server (CVE-2019-17566) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-b… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.08.2020
by Daily end-of-shift report 25 Aug '20

25 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Montag 24-08-2020 18:00 − Dienstag 25-08-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ iOS & MacOS: Apple will Sicherheitslücke erst nach einem Jahr schließen ∗∗∗ --------------------------------------------- Eine Lücke im Safari Browser ermöglicht das ungewollte Teilen lokaler Dateien. Apple will die nun veröffentlichte Lücke erst im Frühjahr 2021 schließen. --------------------------------------------- https://www.golem.de/news/ios-macos-apple-will-sicherheitsluecke-erst-nach-… ∗∗∗ Patch Management Policy: A Practical Guide ∗∗∗ --------------------------------------------- Patching – this highly necessary, yet sometimes neglected practice of resolving security issues related to vulnerabilities – can be a burden for organizations of all sizes. You probably already know that a regular and well-defined patch management routine proactively ensures your systems function as they are supposed to. However, it can seem like an overwhelming [...] --------------------------------------------- https://heimdalsecurity.com/blog/patch-management-policy/ ∗∗∗ RATs and Spam: The Node.JS QRAT ∗∗∗ --------------------------------------------- The Qua or Quaverse Remote Access Trojan (QRAT) is a Java-based RAT that can be used to gain complete control over a system. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rats-and-sp… ∗∗∗ [SANS ISC] Keep An Eye on LOLBins ∗∗∗ --------------------------------------------- I published the following diary on isc.sans.edu: “Keep An Eye on LOLBins“: Don’t misread, I won’t talk about “lolcats” today but “LOLBins” or “Living Off The Land Binaries”. All operating systems provide a rich toolbox to achieve multiple day-to-day tasks like maintenance of the certificates, installation of patches and applications, [...] --------------------------------------------- https://blog.rootshell.be/2020/08/25/sans-isc-keep-an-eye-on-lolbins/ ∗∗∗ Sicherheitsforscher fürchten infiltrierte App-Store-Anwendungen ∗∗∗ --------------------------------------------- Die XCSSET-Malware kommt über Xcode-Projekte auf den Mac. Das könnte Auswirkungen auf Apples Sicherheitskonzept haben. --------------------------------------------- https://heise.de/-4877855 ∗∗∗ Gerade auf Wohnungssuche? Dann sollten Sie sich vor gefälschten Inseraten in Acht nehmen! ∗∗∗ --------------------------------------------- Sie haben endlich Ihre Traumwohnung zu einem unglaublich günstigen Preis gefunden? Es gibt jedoch einen Haken: Der Vermieter ist gerade im Ausland und möchte, dass Sie bereits vor der Besichtigung die Kaution bezahlen? Dann sind Sie auf ein betrügerisches Wohnungsinserat gestoßen! Diese Wohnung existiert in Wahrheit nicht, Kriminelle versuchen mit einem verlockenden Angebot an Ihr Geld und Ihre Ausweiskopien zu kommen! --------------------------------------------- https://www.watchlist-internet.at/news/gerade-auf-wohnungssuche-dann-sollte… ∗∗∗ Browser-based cryptojacking sees sudden spike in activity in Q2 2020 ∗∗∗ --------------------------------------------- However, theres nothing to worry about. Browser-based cryptojacking is not making a comeback. --------------------------------------------- https://www.zdnet.com/article/browser-based-cryptojacking-sees-sudden-spike… ===================== = Vulnerabilities = ===================== ∗∗∗ WordPress: Wichtige Sicherheitsupdates für mehrere Plugins verfügbar ∗∗∗ --------------------------------------------- Updates für "Advanced Access Manager", "Discount Rules for WooCommerce" und "Quiz and Survey Master" schließen Lücken mit hoher bis kritischer Einstufung. --------------------------------------------- https://heise.de/-4878220 ∗∗∗ [20200802] - Core - Open redirect in com_content vote feature ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 3.0.0-3.9.20 Exploit type: Open Redirect Reported Date: 2020-July-05 Fixed Date: 2020-August-25 CVE Number: CVE-2020-24598 Description Lack of input validation in com_content leads to an open redirect. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.20 Solution Upgrade to version 3.9.21 Contact The JSST at the Joomla! Security Centre. Reported By: Ahmad Kamaran Jamil --------------------------------------------- https://developer.joomla.org:443/security-centre/825-20200802-core-open-red… ∗∗∗ [20200803] - Core - Directory traversal in com_media ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 2.5.0-3.9.20 Exploit type: Directory Traversal Reported Date: 2020-February-02 Fixed Date: 2020-August-25 CVE Number: CVE-2020-24597 Description Lack of input validation allows com_media root paths outside of the webroot. Affected Installs Joomla! CMS versions 2.5.0 - 3.9.20 Solution Upgrade to version 3.9.21 Contact The JSST at the Joomla! Security Centre. Reported By: Hoang Kien from VSEC --------------------------------------------- https://developer.joomla.org:443/security-centre/827-20200803-core-director… ∗∗∗ [20200801] - Core - XSS in mod_latestactions ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.9.0-3.9.20 Exploit type: XSS Reported Date: 2020-August-21 Fixed Date: 2020-August-25 CVE Number: CVE-2020-24599 Description Lack of escaping in mod_latestactions allows XSS attacks. Affected Installs Joomla! CMS versions 3.9.0 - 3.9.20 Solution Upgrade to version 3.9.21 Contact The JSST at the Joomla! Security Centre. Reported By: Peter Martin --------------------------------------------- https://developer.joomla.org:443/security-centre/824-20200801-core-xss-in-m… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (icingaweb2 and mongodb), Fedora (nss), Gentoo (chromium and shadow), Mageia (ghostscript, kdepim-runtime, kmail-account-wizard, luajit, mysql-connector-python, and python-ipaddress), openSUSE (python, python3, and webkit2gtk3), Red Hat (kernel and kernel-alt), Slackware (firefox), SUSE (squid3), and Ubuntu (bind9, ghostscript, net-snmp, postgresql-10, postgresql-12, postgresql-9.5, and sane-backends). --------------------------------------------- https://lwn.net/Articles/829548/ ∗∗∗ Microsoft Patches Code Execution, Privilege Escalation Flaws in Azure Sphere ∗∗∗ --------------------------------------------- Recently addressed Microsoft Azure Sphere vulnerabilities could lead to the execution of arbitrary code or to elevation of privileges, Cisco Talos’ researchers warn. read more --------------------------------------------- https://www.securityweek.com/microsoft-patches-code-execution-privilege-esc… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Missing Security Control vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Elastic Storage System 3000 is affected by weak crypto algorithm (CVE-2020-4349) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-syste… ∗∗∗ Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition for Content Collecor for SAP Applications ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-… ∗∗∗ Security Bulletin: IBM Elastic Storage Server GUI is affected by cross-site scripting (CVE-2020-4358) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-serve… ∗∗∗ Security Bulletin: IBM Elastic Storage System 3000 is affected by cross-site scripting (CVE-2020-4358) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-syste… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable for information disclosure that affect IBM CICS TX on Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: IBM Elastic Storage System 3000 GUI is affected by verbose error message (CVE-2020-4357) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-syste… ∗∗∗ Security Bulletin: IBM Elastic Storage System 3000 GUI is affected by weak crypto algorithm (CVE-2020-4379) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-syste… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.08.2020
by Daily end-of-shift report 24 Aug '20

24 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 21-08-2020 18:00 − Montag 24-08-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Ransomware attackiert VPN und RDP ∗∗∗ --------------------------------------------- Ransomware wird immer gefährlicher. Hacker nutzen vor allem das Remote Desktop Protocol (RDP), und Virtual Private Networks (VPN) als Einfallstore. E-Mail-Phishing verliert dagegen an Bedeutung. --------------------------------------------- https://www.zdnet.de/88382240/ransomware-attackiert-vpn-und-rdp/ ∗∗∗ DarkSide: New targeted ransomware demands million dollar ransoms ∗∗∗ --------------------------------------------- A new ransomware operation named DarkSide began attacking organizations earlier this month with customized attacks that have already earned them million-dollar payouts. --------------------------------------------- https://www.bleepingcomputer.com/news/security/darkside-new-targeted-ransom… ∗∗∗ Lifting the veil on DeathStalker, a mercenary triumvirate ∗∗∗ --------------------------------------------- DeathStalker is a unique threat group that appears to target law firms and companies in the financial sector. They don’t deploy ransomware or steal payment information to resell it, their interest in gathering sensitive business information [...] --------------------------------------------- https://securelist.com/deathstalker-mercenary-triumvirate/98177/ ∗∗∗ Hunting for Risky Rules in Office 365 ∗∗∗ --------------------------------------------- When an attacker compromises an Office 365 mailbox, one of the most common activities that we see is new inbox rules being created - therefore finding these rules is a good way to identify compromised accounts and mailboxes. --------------------------------------------- https://blog.rothe.uk/risky-rules-in-office365/ ∗∗∗ Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach ∗∗∗ --------------------------------------------- The FireEye Front Line Applied Research & Expertise (FLARE) Team attempts to always stay on top of the most current and emerging threats. As a member of the FLARE Reverse Engineer team, I recently received a request to analyze a fairly new credential stealer identified as MassLogger. Despite the lack of novel functionalities and features, this sample employs a sophisticated technique that replaces the Microsoft Intermediate Language (MSIL) at run time to hinder static analysis. --------------------------------------------- https://www.fireeye.com/blog/threat-research/2020/08/bypassing-masslogger-a… ∗∗∗ Protect your organization in the age of Magecart ∗∗∗ --------------------------------------------- The continuing wave of attacks by cybercriminal groups known under the umbrella term Magecart perfectly illustrates just how unprepared many e-commerce operations are from a security point of view. It all really boils down to timing. If the e-commerce world was able to detect such Magecart attacks in a matter of seconds (rather than weeks or months), then we could see an end to Magecart stealing all of the cybercrime headlines. --------------------------------------------- https://www.helpnetsecurity.com/2020/08/24/protect-your-organization-in-the… ===================== = Vulnerabilities = ===================== ∗∗∗ WordPress WooCommerce stores under attack, patch now ∗∗∗ --------------------------------------------- Hackers are actively targeting and trying to exploit SQL injection, authorization issues, and unauthenticated stored cross-site scripting (XSS) security vulnerabilities in the Discount Rules for WooCommerce WordPress plugin with more than 30,000 installations. --------------------------------------------- https://www.bleepingcomputer.com/news/security/wordpress-woocommerce-stores… ∗∗∗ Xen Security Advisory CVE-2020-14364 / XSA-335 ∗∗∗ --------------------------------------------- An out-of-bounds read/write access issue was found in the USB emulator of the QEMU. It occurs while processing USB packets from a guest, when USBDevice->setup_len exceeds the USBDevice->data_buf[4096], in do_token_{in,out} routines. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-335.html ∗∗∗ Sicherheitsupdate: VMware App Volumes abgesichert ∗∗∗ --------------------------------------------- Angreifer könnten die Anwendungsmanagement-Software App Volumes von VMware attackieren. --------------------------------------------- https://heise.de/-4876962 ∗∗∗ VMSA-2020-0018 ∗∗∗ --------------------------------------------- VMware ESXi, vCenter Server, and Cloud Foundation updates address a partial denial of service vulnerability (CVE-2020-3976) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0018.html ∗∗∗ Vulnerability Spotlight: Use-after-free vulnerability in Google Chrome WebGL could lead to code execution ∗∗∗ --------------------------------------------- The Google Chrome web browser contains a use-after-free vulnerability in its WebGL component that could allow a user to execute arbitrary code in the context of the browser process. --------------------------------------------- https://blog.talosintelligence.com/2020/08/vuln-spotlight-chrome-use-free-a… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firejail, icingaweb2, inetutils, libjackson-json-java, proftpd-dfsg, python2.7, software-properties, and sqlite3), Fedora (chrony), Mageia (chrony), openSUSE (dovecot23, postgresql12, and python), Slackware (bind), SUSE (gettext-runtime and SUSE Manager Server 3.2), and Ubuntu (bind9). --------------------------------------------- https://lwn.net/Articles/829486/ ∗∗∗ Synology-SA-20:19 ISC BIND ∗∗∗ --------------------------------------------- CVE-2020-8622 allows remote authenticated users to conduct denial-of-service attacks via a susceptible version of DNS Server. None of Synologys products are affected by CVE-2020-8620, CVE-2020-8621, CVE-2020-8623, or CVE-2020-8624 as these vulnerabilities only affect ISC BIND 9.9.12 and later. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_19 ∗∗∗ Citrix Hypervisor Security Update ∗∗∗ --------------------------------------------- Two issues have been identified in Citrix Hypervisor that may, in certain configurations, allow privileged code in an HVM guest VM to execute code in the control domain, potentially compromising the host. --------------------------------------------- https://support.citrix.com/article/CTX280451 ∗∗∗ Squid: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0838 ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2020 – CVE-2020-2601 affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2020 – Includes Oracle Jan 2020 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Elastic Storager Server where an attacker can cause a denial of service (CVE-2020-4383) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for UNIX ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by a ClickJacking vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins… ∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by a Components with known vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for UNIX ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by a components with known vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins… ∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by an Open Redirect vulnerabilitiy ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins… ∗∗∗ Security Bulletin: Vulnerability in Bash affects IBM Spectrum Protect Plus (CVE-2019-9924) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bash-aff… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to multiple node.js vulnerabilities (CVE-2020-11080, CVE-2020-10531, CVE-2020-8172, CVE-2020-8174) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: Multiple Java vulnerabilities affect IBM Spectrum Protect Plus (CVE-2020-2805, CVE-2020-2803, CVE-2020-2830, CVE-2020-2781, CVE-2020-2800. CVE-2020-2757, CVE-2020-2756, CVE-2020-2755, CVE-2020-2754) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-java-vulnerabili… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.08.2020
by Daily end-of-shift report 21 Aug '20

21 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 20-08-2020 18:00 − Freitag 21-08-2020 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Malware can no longer disable Microsoft Defender via the Registry ∗∗∗ --------------------------------------------- Microsoft has removed the ability to disable Microsoft Defender and third-party security software via the Registry to prevent malware from tampering with protection settings. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/malware-can-no-longer-disab… ∗∗∗ Emotet Malware Over the Years: The History of an Active Cyber-Threat ∗∗∗ --------------------------------------------- Malware strains come and go while Internet users become more and more accustomed to online threats being dealt with swiftly by the competent authorities. But what happens when a Trojan constantly eludes everyone’s best efforts to stop it in its tracks? --------------------------------------------- https://heimdalsecurity.com/blog/emotet-malware-history/ ∗∗∗ From SSRF to Compromise: Case Study ∗∗∗ --------------------------------------------- SSRF is a neat bug because it jumps trust boundaries. You go from being the user of a web application to someone on the inside, someone who can reach out and touch things on behalf of the vulnerable server. Exploiting SSRF beyond a proof-of-concept callback is often tricky because the impact is largely dependent on the environment you’re making that internal request in. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/from-ssrf-t… ∗∗∗ MISP 2.4.130 released (Various fixes, performance improvements and new features) ∗∗∗ --------------------------------------------- MISP 2.4.130 releasedA new version of MISP (2.4.130) has been released with performance improvements, multiple bugs fixed and new features. --------------------------------------------- https://www.misp-project.org/2020/08/21/MISP.2.4.130.released.html ∗∗∗ Aggressive DDoS-Erpresser von Fancy Bear sind wieder aktiv ∗∗∗ --------------------------------------------- Vor erneuten DDoS-Erpressungen im Namen von Fancy Bear, die von großvolumigen DDoS-Attacken begleitet werden, hat jetzt das Link11 Security Operation Center gewarnt. Laut des IT-Sicherheitsanbieters Link11 zählen zu den angegriffenen Unternehmen auch KRITIS-Betreiber. --------------------------------------------- https://www.zdnet.de/88382211/aggressive-ddos-erpresser-von-fancy-bear-sind… ===================== = Vulnerabilities = ===================== *** BIND Security Advisories *** --------------------------------------------- CVE-2020-8620: A specially crafted large TCP payload can trigger an assertion failure in tcpdns.c CVE-2020-8621: Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c CVE-2020-8622: A truncated TSIG response can lead to an assertion failure CVE-2020-8623: A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c CVE-2020-8624: update-policy rules of type "subdomain" are enforced incorrectly --------------------------------------------- https://kb.isc.org/docs/cve-2020-8620 https://kb.isc.org/docs/cve-2020-8621 https://kb.isc.org/docs/cve-2020-8622 https://kb.isc.org/docs/cve-2020-8623 https://kb.isc.org/docs/cve-2020-8624 ∗∗∗ Sicherheitsupdates: Wieder eine "vergessene" Hintertür in Cisco-Produkten ∗∗∗ --------------------------------------------- Angreifer könnten unter anderem Cisco vWAAS, Smart Software Manager und Video Surveillance 8000 Series attackieren. --------------------------------------------- https://heise.de/-4875646 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ghostscript), Fedora (curl and mod_http2), Mageia (ngircd), openSUSE (kernel), SUSE (libreoffice), and Ubuntu (curl). --------------------------------------------- https://lwn.net/Articles/829280/ ∗∗∗ CERT/CC Warns of Vulnerabilities in Diebold Nixdorf, NCR ATMs ∗∗∗ --------------------------------------------- The CERT Coordination Center (CERT/CC) at Carnegie Mellon University has published alerts on several vulnerabilities that impact Diebold Nixdorf ProCash and NCR SelfServ automated teller machines (ATMs). --------------------------------------------- https://www.securityweek.com/certcc-warns-vulnerabilities-diebold-nixdorf-n… ∗∗∗ Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Control (CVE-2020-4329) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-webspher… ∗∗∗ Security Bulletin: Golang Vulnerabilities in IBM Cloud CLI 1.1.0 or earlier ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-golang-vulnerabilities-in… ∗∗∗ Security Bulletin: IBM MQ for HPE NonStop Server is affected by vulnerability CVE-2020-4465 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-se… ∗∗∗ Security Bulletin: Information disclosure vulnerability in WebSphere Application Server Liberty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM Spectrum Control (CVE-2020-8172, CVE-2020-8174, CVE-2020-11080) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-j… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure and denial of service (CVE-2020-4414) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Spectrum Control (CVE-2020-2654, CVE-2020-2781, CVE-2020-2800) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ Security Bulletin: IBM MQ for HPE NonStop Server is affected by vulnerability CVE-2020-4375 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-se… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4589) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ August 20, 2020 TNS-2020-06 [R1] Nessus 8.11.1 Fixes One Vulnerability ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2020-06 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.08.2020
by Daily end-of-shift report 20 Aug '20

20 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 19-08-2020 18:00 − Donnerstag 20-08-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Lucifer cryptomining DDoS malware now targets Linux systems ∗∗∗ --------------------------------------------- A hybrid DDoS botnet known for turning vulnerable Windows devices into Monero cryptomining bots is now also scanning for and infecting Linux systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/lucifer-cryptomining-ddos-ma… ∗∗∗ Transparent Tribe: Evolution analysis,part 1 ∗∗∗ --------------------------------------------- Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Proofpoint published a very good article about them in 2016, and since that day, we have kept an eye on the group. [...] The USBWorm component is real, and it has been detected on hundreds of systems. This is malware whose existence was already speculated about years ago, but as far as we know, it has never been publicly described. --------------------------------------------- https://securelist.com/transparent-tribe-part-1/98127/ ∗∗∗ Office 365 Mail Forwarding Rules (and other Mail Rules too), (Thu, Aug 20th) ∗∗∗ --------------------------------------------- If you haven't heard, SANS suffered a "Data Incident" this summer, the disclosure was released on August 11. Details can be found in several locations: [...] So that being said, how can we look for these things if you have hundreds, thousands or tens-of-thousands of mailboxes to consider? In an Office 365 shop, and especially if I wrote the code, the answer is most likely going to be PowerShell! --------------------------------------------- https://isc.sans.edu/diary/rss/26484 ∗∗∗ IBM Db2 Shared Memory Vulnerability (CVE-2020-4414) ∗∗∗ --------------------------------------------- I’ve recently blogged about a shared memory vulnerability in Cisco WebEx Meetings Client on Windows where any user can read memory dedicated to trace data. It turns out that this is a common problem. IBM Db2 is affected by the exact same type of problem. Developers forgot to put explicit memory protections around the shared memory used by the Db2 trace facility. This allows any local users read and write access to that memory area. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/ibm-db2-sha… ∗∗∗ Kriminelle versuchen Zugangsdaten zum Online-Banking zu klauen! ∗∗∗ --------------------------------------------- Haben Sie in den letzten Tagen auch eine E-Mail der „BawagPSK“ erhalten? Wenn ja, seien Sie vorsichtig! Es sind derzeit wieder vermehrt betrügerische Nachrichten unterwegs, in denen die Kriminellen Ihnen vorgaukeln, dass Sie die neue Sicherheits-App installieren müssen, damit Ihr Online-Banking funktioniert. Tatsächlich geht es aber nur darum, an Ihre Zugangsdaten zu kommen! --------------------------------------------- https://www.watchlist-internet.at/news/kriminelle-versuchen-zugangsdaten-zu… ∗∗∗ Google fixes major Gmail bug seven hours after exploit details go public ∗∗∗ --------------------------------------------- Attackers could have sent spoofed emails mimicking any Gmail or G Suite customer. --------------------------------------------- https://www.zdnet.com/article/google-fixes-major-gmail-bug-seven-hours-afte… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Security Advisories 2020-08-19 ∗∗∗ --------------------------------------------- Cisco hat 24 Security-Advisories veröffentlicht, davon wurden 1 als Kritisch und 2 als Hoch eingestuft. --------------------------------------------- https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&first… ∗∗∗ Wichtige Sicherheitsupdates für Windows 8.1/Server 2012 R2 veröffentlicht ∗∗∗ --------------------------------------------- Microsoft sichert Windows 8.1 und Windows Server 2012 R2 außer der Reihe ab. --------------------------------------------- https://heise.de/-4874571 ∗∗∗ High-Severity Vulnerability Patched in Advanced Access Manager ∗∗∗ --------------------------------------------- On August 13, 2020, the Wordfence Threat Intelligence team finished investigating two vulnerabilities in Advanced Access Manager, a WordPress plugin with over 100,000 installations, including a high-severity Authorization Bypass vulnerability that could lead to privilege escalation and site takeover. --------------------------------------------- https://www.wordfence.com/blog/2020/08/high-severity-vulnerability-patched-… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (ansible, libmetalink, roundcubemail, rubygem-kramdown, sqlite, and swtpm), Slackware (curl), SUSE (python and python3), and Ubuntu (qemu). --------------------------------------------- https://lwn.net/Articles/829181/ ∗∗∗ Security Advisory - Integer Overflow Vulnerability in Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200819-… ∗∗∗ Security Advisory - Out Of Bound Read Vulnerability in Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200819-… ∗∗∗ Security Advisory - Information Leak Vulnerability in Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200819-… ∗∗∗ Security Bulletin: IBM Content Navigator is susceptible to a sensitive data exposure. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-… ∗∗∗ Security Bulletin: Vulnerability in Bash affects IBM Spectrum Protect Plus (CVE-2019-9924) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bash-aff… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: IBM Content Manager is affected by a potential information disclosure vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-manager-is-af… ∗∗∗ Security Bulletin: IBM Content Navigator is vulnerable to an Elliptic Curve Key Disclosure. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-… ∗∗∗ Security Bulletin: Autocomplete not disabled for password field in IBM Content Navigator. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-autocomplete-not-disabled… ∗∗∗ Security Bulletin: IBM Content Navigator is vulnerable to improper input validation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-… ∗∗∗ Security Bulletin: vulnerability in snakeyaml might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2017-18640 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-snakeyam… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily