Daily

daily@lists.cert.at

1 participants
3151 discussions

Tageszusammenfassung - 24.03.2020
by Daily end-of-shift report 24 Mar '20

24 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Montag 23-03-2020 18:00 − Dienstag 24-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers Hijack Routers’ DNS to Spread Malicious COVID-19 Apps ∗∗∗ --------------------------------------------- A new cyber attack is hijacking routers DNS settings so that web browsers display alerts for a fake COVID-19 information app from the World Health Organization that is the Vidar information-stealing malware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-t… ∗∗∗ Unknown Hackers Use New Milum RAT in WildPressure Campaign ∗∗∗ --------------------------------------------- A new piece of malware that shows no similarities with samples used in known campaigns is currently used to attack computers in various organizations. Researchers named the threat Milum and dubbed the operation WildPressure. --------------------------------------------- https://www.bleepingcomputer.com/news/security/unknown-hackers-use-new-milu… ∗∗∗ Tekya Malware Threatens Millions of Android Users via Google Play ∗∗∗ --------------------------------------------- The ad-fraud malware lurks in dozens of childrens and utilities apps. --------------------------------------------- https://threatpost.com/tekya-malware-android-google-play/154064/ ∗∗∗ Memcached has a crash-me bug, but hey, only about 83,000 public-facing servers appear to be running it ∗∗∗ --------------------------------------------- Yes, you may have detected some sarcasm An annoying security flaw been disclosed and promptly fixed in the fairly popular memcached distributed data-caching software. --------------------------------------------- https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/24/memcache… ∗∗∗ Betrügerische Raiffeisen-E-Mails im Umlauf ∗∗∗ --------------------------------------------- Aktuell erhalten Raiffeisen-KundInnen eine Benachrichtigung, dass die smsTAN deaktiviert wird und ELBA-NutzerInnen z. B. auf pushTAN umsteigen können. Für weitere Informationen zur Umstellung werden sie aufgefordert, sich ins Online Banking einzuloggen. Seien Sie bei E-Mails der Raiffeisen Bank zum Thema smsTAN und pushTAN besonders vorsichtig und kontrollieren Sie sorgfältig, ob die Aufforderung tatsächlich von der Raiffeisen Bank stammt. Es sind auch betrügerische [...] --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-raiffeisen-e-mails-im… ===================== = Vulnerabilities = ===================== ∗∗∗ Notfallpatch für Adobe Creative Cloud Application ∗∗∗ --------------------------------------------- Eine kritische Sicherheitslücke in Creative Cloud Application von Adobe macht Windows-Computer angreifbar. --------------------------------------------- https://heise.de/-4689478 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (tomcat8), Fedora (chromium and okular), openSUSE (texlive-filesystem), Oracle (tomcat6), Scientific Linux (libvncserver, thunderbird, and tomcat6), Slackware (gd), SUSE (cloud-init, postgresql10, python36, and strongswan), and Ubuntu (ibus and vim). --------------------------------------------- https://lwn.net/Articles/815882/ ∗∗∗ Kritische Sicherheitslücke in Microsoft Windows (Adobe Type Manager Library) - Workarounds verfügbar ∗∗∗ --------------------------------------------- Microsoft hat außerhalb des monatlichen Patch-Zyklus ein Security Advisory für eine kritische Sicherheitslücke in der Adobe Type Manager Library veröffentlicht. Laut Microsoft und CERT/CC wird die Schwachstelle bereits aktiv ausgenutzt, [...] --------------------------------------------- https://cert.at/de/warnungen/2020/3/kritische-sicherheitslucke-in-microsoft… ∗∗∗ systemd-journald vulnerability CVE-2019-3815 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K22040951 ∗∗∗ Apache vulnerability CVE-2020-8840 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K15320518 ∗∗∗ Paessler PRTG: Schwachstelle ermöglicht nicht spezifizierten Angriff ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0256 ∗∗∗ Kubernetes: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0253 ∗∗∗ Security Bulletin: IBM Tivoli Netcool Impact is affected by an Arbitrary Script Injection vulnerability (CVE-2019-4681) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Content Navigator is vulnerable to a session management vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-… ∗∗∗ Security Bulletin: IBM Content Navigator includes the host IP address in an HTTP response. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-inc… ∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Netcool Impact (CVE-2019-2989) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: IBM API Connect is impacted by weak cryptographic algorithms (CVE-2019-4553) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impact… ∗∗∗ Security Bulletin: IBM API Connect is potentially impacted by vulnerabilities in MySQL ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-potent… ∗∗∗ Security Bulletin: IBM API Connect's Developer Portal is impacted by a denial of service vulnerability in MySQL (CVE-2019-2805) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-develope… ∗∗∗ Security Bulletin: IBM API Connect is impacted by an unspecified vulnerability in Java(CVE-2019-2989) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impact… ∗∗∗ Security Bulletin: A security vulnerability has been disclosed in Expat, which is installed as part of IBM Tivoli Network Manager (CVE-2019-15903). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.03.2020
by Daily end-of-shift report 23 Mar '20

23 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 20-03-2020 18:00 − Montag 23-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ PwndLocker Fixes Crypto Bug, Rebrands as ProLock Ransomware ∗∗∗ --------------------------------------------- PwndLocker has rebranded as the ProLock Ransomware after fixing a crypto bug that allowed a free decryptor to be created. --------------------------------------------- https://www.bleepingcomputer.com/news/security/pwndlocker-fixes-crypto-bug-… ∗∗∗ Netwalker Ransomware Infecting Users via Coronavirus Phishing ∗∗∗ --------------------------------------------- As if people did not have enough to worry about, attackers are now targeting them with Coronavirus (COVID-19) phishing emails that install ransomware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/netwalker-ransomware-infecti… ∗∗∗ Latest Astaroth living-off-the-land attacks are even more invisible but not less observable ∗∗∗ --------------------------------------------- Astaroth is back sporting significant changes. The updated attack chain maintains Astaroth’s complex, multi-component nature and continues its pattern of detection evasion. --------------------------------------------- https://www.microsoft.com/security/blog/2020/03/23/latest-astaroth-living-o… ∗∗∗ Zero-Day Vulnerabilities in LILIN DVRs Exploited by Several Botnets ∗∗∗ --------------------------------------------- Cybercrime groups have been exploiting vulnerabilities in digital video recorders (DVRs) made by Taiwan-based surveillance solutions provider LILIN to increase the size of their botnets. --------------------------------------------- https://www.securityweek.com/zero-day-vulnerabilities-lilin-dvrs-exploited-… ∗∗∗ Achtung bei Einkäufen auf mimty.de und evenlife.de ∗∗∗ --------------------------------------------- Unzählige InternetuserInnen melden die Online-Shops mimty.de und evenlife.de momentan an die Watchlist Internet. Die Webseiten sind exakt gleich aufgebaut und bieten Atemschutzmasken, Desinfektionssprays und ähnliches an. Die Shopiago GmbH, die hinter den Shops steckt, gibt einen Sitz in Deutschland an, der Versand erfolgt aber stark verzögert aus dem weit entfernten Ausland oder bleibt längerfristig aus. Die Watchlist Internet rät zur Vorsicht! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-bei-einkaeufen-auf-mimtyde-u… ∗∗∗ How to prevent your Zoom meetings being Zoom-bombed (gate-crashed) by trolls ∗∗∗ --------------------------------------------- The coronavirus outbreak has seen an unprecedented number of people working and learning from home, and one of the tools that is making that possible is Zoom. But if you dont take care, you could find your meetings being gate-crashed or Zoom-bombed, potentially causing havoc and mayhem. --------------------------------------------- https://www.zdnet.com/article/how-to-prevent-your-zoom-meetings-being-zoom-… ===================== = Vulnerabilities = ===================== ∗∗∗ Insulet Omnipod ∗∗∗ --------------------------------------------- This advisory contains mitigations for an improper access control vulnerability in Insulets Omnipod insulin management system. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsma-20-079-01 ∗∗∗ Systech NDS-5000 Terminal Server ∗∗∗ --------------------------------------------- This advisory contains mitigations for a cross-site scripting vulnerability in Systechs NDS-5000 network server. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-079-01 ∗∗∗ FIBARO System Home Center v5.021 Remote File Include XSS ∗∗∗ --------------------------------------------- The smart home solution is vulnerable to a remote Cross-Site Scripting triggered via a Remote File Inclusion issue by including arbitrary client-side dynamic scripts (JavaScript, VBScript) due to the undocumented proxy API and its url GET parameter. This allows hijacking the current session of the user or changing the look of the page by changing the HTML. --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5563.php ∗∗∗ PMASA-2020-4 ∗∗∗ --------------------------------------------- SQL injection relating to data displayAffected VersionsphpMyAdmin 4.9.x releases prior to 4.9.5 and the 5.0.x releases prior to 5.0.2 are affected. We believe the flaw was introduced with phpMyAdmin 3.4.CVE IDCVE-2020-10803 --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2020-4/ ∗∗∗ PMASA-2020-3 ∗∗∗ --------------------------------------------- SQL injection relating to searchingAffected VersionsphpMyAdmin 4.9.x releases prior to 4.9.5 and the 5.0.x releases prior to 5.0.2 are affected.CVE IDCVE-2020-10802 --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2020-3/ ∗∗∗ PMASA-2020-2 ∗∗∗ --------------------------------------------- SQL injection with processing usernameAffected VersionsphpMyAdmin 4.9.x releases prior to 4.9.5 and the 5.0.x releases prior to 5.0.2 are affected.CVE IDCVE-2020-10804 --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2020-2/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (amd64-microcode, chromium, graphicsmagick, jackson-databind, phpmyadmin, python-bleach, and tor), Gentoo (exim and nodejs), openSUSE (chromium and thunderbird), Oracle (tomcat), Red Hat (devtoolset-8-gcc, libvncserver, runc, samba, thunderbird, and tomcat6), and SUSE (ruby2.5). --------------------------------------------- https://lwn.net/Articles/815798/ ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0250 ∗∗∗ Security Bulletin: Jan 2020 : Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-jan-2020-multiple-vulnera… ∗∗∗ Security Bulletin: IBM Jazz for Service Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI ( CVE-2019-4717) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-mana… ∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple security vulnerabilities in Swagger UI affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: IBM Jazz for Service Management is vulnerable to Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-mana… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Few vulnerabilities affecting IBM Cloud Object Storage Systems (March 2020v1) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-few-vulnerabilities-affec… ∗∗∗ Security Bulletin: Vulnerabilities affecting IBM Cloud Object Storage Systems (March 2020v2) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affecting… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.03.2020
by Daily end-of-shift report 20 Mar '20

20 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 19-03-2020 18:00 − Freitag 20-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ WHO Chief Impersonated in Phishing to Deliver HawkEye Malware ∗∗∗ --------------------------------------------- An ongoing phishing campaign delivering emails posing as official messages from the Director-General of the World Health Organization (WHO) is actively spreading HawkEye malware payloads onto the devices of unsuspecting victims. --------------------------------------------- https://www.bleepingcomputer.com/news/security/who-chief-impersonated-in-ph… ∗∗∗ Firefox Reenables Insecure TLS to Improve Access to COVID19 Info ∗∗∗ --------------------------------------------- Mozilla says that the support for the insecure TLS 1.0 and TLS 1.1 will be reenabled in the latest version of Firefox to maintain access to government sites with COVID19 information that havent yet upgraded to TLS 1.2 or TLS 1.3. --------------------------------------------- https://www.bleepingcomputer.com/news/security/firefox-reenables-insecure-t… ∗∗∗ PrivEsc in Lenovo Vantage. Two minutes later ∗∗∗ --------------------------------------------- TL;DR The latest and greatest Lenovo Vantage software which ships with the most recent Lenovo devices is affected by a privilege escalation vulnerability. --------------------------------------------- https://www.pentestpartners.com/security-blog/privesc-in-lenovo-vantage-two… ∗∗∗ New Mirai Variant Targets Zyxel Network-Attached Storage Devices ∗∗∗ --------------------------------------------- Unit 42 researchers discovered a new Mirai variant, dubbed Mukashi, exploiting CVE-2020-9054 to infect vulnerable versions of Zyxel network-attached storage (NAS) devices. --------------------------------------------- https://unit42.paloaltonetworks.com/new-mirai-variant-mukashi/ ∗∗∗ Security flaws found in popular password managers ∗∗∗ --------------------------------------------- Not all they’re cracked up to be? Several password vaults have been found to contain vulnerabilities, both new and previously disclosed but never patched, a study says --------------------------------------------- https://www.welivesecurity.com/2020/03/19/security-flaws-found-in-popular-p… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (bluez and chromium), Debian (icu, rails, thunderbird, and twisted), Fedora (chromium and webkit2gtk3), Gentoo (bsdiff, cacti, clamav, fribidi, libgit2, pecl-imagick, phpmyadmin, pyyaml, and tomcat), openSUSE (wireshark), Oracle (firefox, icu, python-imaging, thunderbird, and zsh), Scientific Linux (thunderbird), SUSE (firefox, nghttp2, thunderbird, and tomcat), and Ubuntu (twisted). --------------------------------------------- https://lwn.net/Articles/815591/ ∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0246 ∗∗∗ Symantec Veritas NetBackup: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0244 ∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4304) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-… ∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is affected by vulnerabilities in WebSphere Application Server Liberty (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-… ∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4663) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-… ∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4441) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-… ∗∗∗ Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server (CVE-2019-17573) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-c… ∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-… ∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2014-3603) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-… ∗∗∗ Security Bulletin: Information Disclosure in Cognos Business Intelligence (Cognos BI) shipped with Tivoli Common Reporting (CVE-2019-1547, CVE-2019-1549, CVE-2019-1563) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in… ∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-… ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.03.2020
by Daily end-of-shift report 19 Mar '20

19 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 18-03-2020 18:00 − Donnerstag 19-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Shadowserver Foundation: Gemeinnütziges IT-Security-Team benötigt Spenden ∗∗∗ --------------------------------------------- Das Shadowserver-Team unterstützt Strafverfolgungsbehörden dabei, Cybergangstern das Handwerk zu legen. Jetzt braucht es selbst zeitnah (finanzielle) Hilfe. --------------------------------------------- https://heise.de/-4686211 ∗∗∗ RedLine Info-Stealing Malware Spread by Folding@home Phishing ∗∗∗ --------------------------------------------- A new phishing email is trying to take advantage of the Coronavirus pandemic and the race to develop medications by promoting a fake Folding@home app that installs an information-stealing malware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/redline-info-stealing-malwar… ∗∗∗ InfoSec Conferences Canceled? We’ve Hours Of Recordings! ∗∗∗ --------------------------------------------- If you planned to attend some security conferences in the coming weeks, there are risks to have them canceled… Normally, I should be now in Germany to attend TROOPERS… Canceled! SAS2020 (“Security Analyst Summit”)… Canceled! FIRST TC Amsterdam… Canceled! And more will probably be added to the long list. --------------------------------------------- https://blog.rootshell.be/2020/03/19/infosec-conferences-canceled-weve-hour… ∗∗∗ Achtung vor dem Fake-Shop hausmasters.net ∗∗∗ --------------------------------------------- Hausmasters.net bietet unzählige Haushaltswaren zu Bestpreisen mit kostenlosem Versand nach Österreich, Deutschland und in die Schweiz an. Das breite Sortiment bestehend aus Kühlschränken, Staubsaugern, Waschmaschinen und der moderne Webauftritt laden zu einem schnellen Kauf ein. Doch Vorsicht: Hier zahlen Sie per Vorkasse, erhalten dafür aber nie eine Lieferung. Es handelt sich um einen Fake-Shop. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-dem-fake-shop-hausmaster… ∗∗∗ France warns of new ransomware gang targeting local governments ∗∗∗ --------------------------------------------- CERT France says some local governments have been infected with a new version of the Pysa (Mespinoza) ransomware. --------------------------------------------- https://www.zdnet.com/article/france-warns-of-new-ransomware-gang-targeting… ===================== = Vulnerabilities = ===================== ∗∗∗ Adobe: Weitere teils kritische Updates unter anderem für Photoshop und Bridge ∗∗∗ --------------------------------------------- Nicht nur bei Acrobat und Reader hat Adobe nachgebessert, sondern auch bei Bridge, ColdFusion, Experience Manager, Photoshop und Genuine Integrity Service. --------------------------------------------- https://heise.de/-4686418 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gdal), Fedora (nethack), Mageia (okular, sleuthkit, and webkit2), openSUSE (salt), Oracle (icu, kernel, python-pip, python-virtualenv, and zsh), Red Hat (icu, python-imaging, thunderbird, and zsh), Scientific Linux (icu, python-imaging, and zsh), SUSE (postgresql10), and Ubuntu (apache2). --------------------------------------------- https://lwn.net/Articles/815442/ ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-we… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Check Services (CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: IBM Java Runtime Vulnerabilities affect the IBM Spectrum Protect Backup-Archive Client and web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments (CVE-2019-4732, ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerab… ∗∗∗ Security Bulletin: IBM DataPower Gateway is potentially vulnerable to a DoS issue when processing regular expressions (CVE-2017-16231) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-is-… ∗∗∗ Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Snapshot for VMware (CVE-2019-4304, CVE-2019-4305, CVE-2019-4441, CVE-2014-3603) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-we… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2019-1547, CVE-2019-1549, CVE-2019-1563, CVE-2019-1552) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openss… ∗∗∗ Security Bulletin: Potential exposure of sensitive data in IBM DataPower Gateway (CVE-2020-4203) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-exposure-of-sen… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect OS Images for Red Hat Linux Systems (Oct2019 updates) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0241 ∗∗∗ Drupal: Mehrere Schwachstelle ermöglichen Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0240 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.03.2020
by Daily end-of-shift report 18 Mar '20

18 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 17-03-2020 18:00 − Mittwoch 18-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks ∗∗∗ --------------------------------------------- A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol (RDP) connection exposed to the Internet. --------------------------------------------- https://thehackernews.com/2020/03/trickbot-malware-rdp-bruteforce.html ∗∗∗ Home-Office? – Aber sicher! ∗∗∗ --------------------------------------------- Eine empfohlene Maßnahme im Kontext der Corona-Prävention ist die intensivere Nutzung von Home-Office und mobilem Arbeiten. Dafür gilt es, pragmatische Lösungen zu finden, die einerseits die Arbeitsfähigkeit einer Organisation erhalten, gleichzeitig jedoch Vertraulichkeit, Verfügbarkeit und Integrität gewährleisten. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Empfehlungen_mobi… ∗∗∗ Sicher arbeiten im Homeoffice! ∗∗∗ --------------------------------------------- Unzählige Unternehmen haben ihren Betrieb als Reaktion auf das Coronavirus und entsprechende Regierungsvorgaben mittlerweile auf Arbeit im Homeoffice umgestellt. Da dies einige Änderungen in alltäglichen Arbeitsprozessen bedeutet, gibt es Empfehlungen für Unternehmen und deren MitarbeiterInnen, die Schäden durch Kriminelle in der momentanen Ausnahmesituation vermeiden können. --------------------------------------------- https://www.watchlist-internet.at/news/sicher-arbeiten-im-homeoffice/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Genuine Integrity Service (APSB20-12), Adobe Acrobat and Reader (APSB20-13), Adobe Photoshop (APSB20-14), Adobe Experience Manager (APSB20-15), Adobe ColdFusion (APSB20-16) and Adobe Bridge (APSB20-17). --------------------------------------------- https://blogs.adobe.com/psirt/?p=1847 ∗∗∗ Severe Flaws Patched in Responsive Ready Sites Importer Plugin ∗∗∗ --------------------------------------------- On March 2nd, our Threat Intelligence team discovered several vulnerable endpoints in Responsive Ready Sites Importer, a WordPress plugin installed on over 40,000 sites. These flaws allowed any authenticated user, regardless of privilege level, the ability to execute various AJAX actions that could reset site data, inject malicious JavaScript in pages, modify theme customizer data, import .xml and .json files, and activate plugins, among many other actions. ... We highly recommend updating to the latest version available, 2.2.7, immediately. --------------------------------------------- https://www.wordfence.com/blog/2020/03/severe-flaws-patched-in-responsive-r… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libvncserver and twisted), Fedora (libxslt), Red Hat (kernel, kernel-rt, python-flask, python-pip, python-virtualenv, slirp4netns, tomcat, and zsh), Scientific Linux (kernel, python-pip, python-virtualenv, tomcat, and zsh), SUSE (apache2-mod_auth_openidc and skopeo), and Ubuntu (apport and dino-im). --------------------------------------------- https://lwn.net/Articles/815309/ ∗∗∗ FreeRADIUS: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- FreeRADIUS ist ein Open Source Server zur Authentisierung entfernter Benutzer auf Basis des RADIUS-Protokolls (Remote Access Dial-In User Service). Ein entfernter, anonymer Angreifer kann eine Schwachstelle in FreeRADIUS ausnutzen, um Informationen offenzulegen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0235 ∗∗∗ Delta Electronics Industrial Automation CNCSoft ScreenEditor ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-077-01 ∗∗∗ Cisco SD-WAN Solution vManage SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco SD-WAN Solution vManage Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200318-… ∗∗∗ Security Advisory - Logic Error Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200318-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200318-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200318-… ∗∗∗ Security Advisory - Double Free Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200318-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud January 2020 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM eDiscovery Analyzer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A Vulnerability in Apache Log4j affects IBM LKS ART & Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache… ∗∗∗ Security Bulletin: OpenSSL publicly disclosed vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclose… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Apache Commons vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Cross-Site Request Forgery (CSRF) vulnerabilities were identified on Tivoli Netcool/OMNIbus WebGUI Relationship admin page (CVE-2020-4199) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-request-forger… ∗∗∗ Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to a denial of service (CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-liberty-for-java-for-ibm-… ∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in Apache CXF affects Liberty for Java for IBM Cloud(CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-c… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.03.2020
by Daily end-of-shift report 17 Mar '20

17 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Montag 16-03-2020 18:00 − Dienstag 17-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Vorsicht vor Phishing-Mails zum Thema Corona ∗∗∗ --------------------------------------------- Kriminelle nutzen das Corona-Virus für ihre Betrugsmaschen und versenden Phishings-Mails im Namen von Unternehmen. Aktuell sind uns gefälschte E-Mails, die angeblich von A1 und DHL stammen, bekannt. Seien Sie also bei E-Mails zum Thema Corona sehr vorsichtig und klicken keinesfalls auf einen Link oder loggen sich über einen Button am Ende der E-Mail in Ihr Kundenkonto ein. Laden Sie auch keine Anhänge herunter, es könnte sich um Schadsoftware handeln. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-phishing-mails-zum-them… ∗∗∗ Die Shadowserver Foundation braucht dringend finanzielle Hilfe ∗∗∗ --------------------------------------------- Die Shadowserver Foundation ist nicht nur weltweit die größte Quelle von Threat Intelligence, sie ist auch bei weitem die wichtigste Informationsquelle für CERT.at zu Themen wie Malwareinfektionen, verwundbaren Systeme, etc. in Österreich (siehe die Liste der Feeds, die wir von Shadowserver erhalten). Insgesamt versorgt die Shadowserver Foundation 107 nationale CERTs/CSIRTs in 136 Ländern mit wertvollen Informationen über Probleme in ihrem jeweiligen [...] --------------------------------------------- https://cert.at/de/blog/2020/3/die-shadowserver-foundation-braucht-dringend… ∗∗∗ Slack fixes account-stealing bug ∗∗∗ --------------------------------------------- Slack has fixed a bug that allowed attackers to hijack user accounts by tampering with their HTTP sessions. --------------------------------------------- https://nakedsecurity.sophos.com/2020/03/17/slack-fixes-account-stealing-bu… ∗∗∗ A Quick Summary of Current Reflective DNS DDoS Attacks, (Tue, Mar 17th) ∗∗∗ --------------------------------------------- DNS is still a popular protocol to amplify denial of service attacks. A rather small DNS query, sent to an open recursive resolver, can be used to trigger a large response. Over the last few years, DNS servers implemented many countermeasures to make it more difficult to launch these attacks and easier to mitigate them. It also has become easier (but not trivial) to defend against these attacks. But in the end, you still have to "buy your way out" of a denial of service attacks. --------------------------------------------- https://isc.sans.edu/diary/rss/25916 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (okular, thunderbird, and webkit2gtk), Debian (webkit2gtk), Fedora (php-horde-Horde-Form), Gentoo (libvorbis, nss, and proftpd), Oracle (firefox and kernel), Red Hat (kernel), Scientific Linux (firefox), SUSE (cni, cni-plugins, conmon, fuse-overlayfs, podman, librsvg, and ovmf), and Ubuntu (ceph, icu, linux, linux-aws, linux-kvm, linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-oracle-5.0, linux-kvm, linux-oracle, linux-raspi2, linux-raspi2-5.3, [...] --------------------------------------------- https://lwn.net/Articles/815202/ ∗∗∗ Intel CPUs vulnerable to new Snoop attack ∗∗∗ --------------------------------------------- Applying the the patches for the Foreshadow (L1TF) attack disclosed in 2018 also blocks Snoop attacks. --------------------------------------------- https://www.zdnet.com/article/intel-cpus-vulnerable-to-new-snoop-attack/ ∗∗∗ Trend Micro Produkte: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0230 ∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Liberty affects IBM Operations Analytics Predictive Insights (CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-we… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the WebSphere Message Broker V8. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Message Broker V8. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM DataPower Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM eDiscovery Analyzer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.03.2020
by Daily end-of-shift report 16 Mar '20

16 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 13-03-2020 18:00 − Montag 16-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Kritische Lücke: Angreifer könnten aus VMware Fusion und Workstation ausbrechen ∗∗∗ --------------------------------------------- Wer virtuelle Maschinen mit Fusion, Horizon, Remote Console (VMRC) und Workstation betreibt, sollte sich aus Sicherheitsgründen die aktualisierten Versionen herunterladen und installieren. Andernfalls könnten Angreifer im schlimmsten Fall aus einer VM ausbrechen und Schadcode im Host-System ausführen. --------------------------------------------- https://www.heise.de/security/meldung/Kritische-Luecke-Angreifer-koennten-a… ∗∗∗ Saving Shadowserver and Securing the Internet — Why You Should Care & How You Can Help ∗∗∗ --------------------------------------------- Shadowserver has unexpectedly lost the financial support of our largest sponsor. We need to transition the impacted operations staff and move our data center by May 26th 2020. This is an extremely aggressive timeline. We urgently appeal to our constituents and the community to rally together, help save Shadowserver and help secure the Internet. This is the initial announcement and the index page to more detailed supporting content. --------------------------------------------- https://www.shadowserver.org/news/saving-shadowserver-and-securing-the-inte… ∗∗∗ BlackWater Malware Abuses Cloudflare Workers for C2 Communication ∗∗∗ --------------------------------------------- A new backdoor malware called BlackWater pretending to be COVID-19 information while abusing Cloudflare Workers as an interface to the malwares command and control (C2) server. --------------------------------------------- https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cl… ∗∗∗ MonitorMinor: vicious stalkerware ∗∗∗ --------------------------------------------- The other day, our Android traps ensnared an interesting specimen of stalkerware. On closer inspection, we found that this app outstrips all existing software of its class in terms of functionality. --------------------------------------------- https://securelist.com/monitorminor-vicious-stalkerware/95575/?utm_source=r… ∗∗∗ Phishing PDF With Incremental Updates., (Sat, Mar 14th) ∗∗∗ --------------------------------------------- Someone asked me for help with this phishing PDF. --------------------------------------------- https://isc.sans.edu/diary/rss/25904 ∗∗∗ Desktop.ini as a post-exploitation tool, (Mon, Mar 16th) ∗∗∗ --------------------------------------------- Desktop.ini files have been part of Windows operating systems for a long time. They provide users with the option to customize the appearance of specific folders in File Explorer, such as changing their icons[1]. That is not all they are good for, however. --------------------------------------------- https://isc.sans.edu/diary/rss/25912 ∗∗∗ Open MQTT Report - Expanding the Hunt for Vulnerable IoT devices ∗∗∗ --------------------------------------------- New MQTT IPv4 scans are now carried out daily as part of our efforts to expand our capability to enable the mapping of exposed IoT devices on the Internet. A new report - Open MQTT - is now shared in our free daily victim remediation reports to 107 National CSIRTs and 4600+ network owners. In particular, the report identifies accessible MQTT broker service that enable anonymous access. The work is being carried out as part of the EU CEF VARIoT (Vulnerability and Attack Repository for IoT) --------------------------------------------- https://www.shadowserver.org/news/open-mqtt-report-expanding-the-hunt-for-v… ∗∗∗ Has The Sun Set On The Necurs Botnet? ∗∗∗ --------------------------------------------- Private sector partners Microsoft and Bitsight announced their disruption of the Necurs botnet on March 10th 2020. Shadowserver supported the operation, through the use of our Registrar of Last Resort (RoLR) for helping to deal with the millions of potential DGA C2 domains involved, and by making available our victim remediation reporting channels. In this blog post we provide our take on some of the more interesting aspects of this operation, analyze the sinkholed Necurs victim populations and [...] --------------------------------------------- https://www.shadowserver.org/news/has-the-sun-set-on-the-necurs-botnet/ ∗∗∗ COVID-19 Themed Phishing Campaigns Continue ∗∗∗ --------------------------------------------- Another COVID-19 (Coronavirus) phishing campaign has been discovered -- this one apparently operated by the Pakistan-based APT36, which is thought to be nation-backed. --------------------------------------------- https://www.securityweek.com/covid-19-themed-phishing-campaigns-continue ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (graphicsmagick, qemu, and slurm-llnl), Fedora (ansible, couchdb, mediawiki, and python3-typed_ast), Gentoo (atftp, curl, file, gdb, git, gst-plugins-base, icu, libarchive, libgcrypt, libjpeg-turbo, libssh, libvirt, musl, nfdump, ppp, python, ruby-openid, runc, sqlite, squid, sudo, SVG Salamander, systemd, thunderbird, tiff, and webkit-gtk), Mageia (firefox, kernel, and thunderbird), openSUSE (firefox, librsvg, php7, and tomcat), Red Hat (firefox), [...] --------------------------------------------- https://lwn.net/Articles/815097/ ∗∗∗ Security Bulletin: IBM MQ and IBM MQ Appliance could allow a local attacker to obtain sensitive information. (CVE-2019-4719) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-ibm-mq-applian… ∗∗∗ Security Bulletin: IBM MQ is vulnerable to a denial of service attack caused by an error processing error messages. (CVE-2019-4656) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a… ∗∗∗ Security Bulletin: IBM Cloud Automation Manager Session Fixation Vulnerability (CVE-2019-4617) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-automation-mana… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services v2.1.1 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: IBM MQ could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. (CVE-2019-4619) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-a-loca… ∗∗∗ Security Bulletin: IBM TNPM Wireline is vulnerable to Apache Commons Beanutils (CVE-2019-10086) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tnpm-wireline-is-vuln… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.03.2020
by Daily end-of-shift report 13 Mar '20

13 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 12-03-2020 18:00 − Freitag 13-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware ∗∗∗ --------------------------------------------- The security research team at DomainTools recently observed an uptick in suspicious Coronavirus and COVID-19 domains, leading them to discover CovidLock, a malicious Android App. --------------------------------------------- https://www.domaintools.com/resources/blog/covidlock-mobile-coronavirus-tra… ∗∗∗ mTAN abgefangen: Betrüger räumten Konten in Österreich leer ∗∗∗ --------------------------------------------- Mit SIM-Swapping haben Kriminelle bei Dutzenden Österreichern Geld abgehoben. Nun wurden sie verhaftet. (TAN, Malware) --------------------------------------------- https://www.golem.de/news/mtan-abgefangen-betrueger-raeumten-konten-in-oest… ∗∗∗ Persistent Cross-Site Scripting, the MSSQL Way ∗∗∗ --------------------------------------------- If you save wide Unicode brackets (i.e. ＜＞) into a char or varchar field, MSSQL Server will convert them into HTML brackets (i.e. ). So, ＜img src=x onerror=alert(pxss)＞ will be converted to compliments of the backend DB. This will likely help you sneak past server-side filters, WAFs, etc. and execute a persistent Cross-Site Scripting (PXSS) attack. As a bonus, .NET request validation will not detect it. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/persistent-… ∗∗∗ Tor team warns of Tor Browser bug that runs JavaScript on sites it shouldnt ∗∗∗ --------------------------------------------- Tor team says its working on a fix, but has no timeline. --------------------------------------------- https://www.zdnet.com/article/tor-team-warns-of-tor-browser-bug-that-runs-j… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox, golang-golang-x-crypto, kernel, mbedtls, ppp, and python-django), Debian (slirp and yubikey-val), Fedora (firefox, java-1.8.0-openjdk-aarch32, mbedtls, monit, seamonkey, sympa, and zsh), Gentoo (chromium, e2fsprogs, firefox, groovy, postgresql, rabbitmq-c, ruby, and vim), Mageia (ppp), openSUSE (kernel), and SUSE (glibc, kernel, openstack-manila, php5, and squid). --------------------------------------------- https://lwn.net/Articles/814817/ ∗∗∗ Update - Kritische Sicherheitslücke in Microsoft SMBv3 - Patch und Workarounds verfügbar ∗∗∗ --------------------------------------------- 03. März 2020 Update: 13. März 2020 Beschreibung Microsoft hat außerhalb des monatlichen Patch-Zyklus ein Security Advisory mit Workarounds für eine kritische Sicherheitslücke in Microsoft Server Message Block 3.1.1 (SMBv3) veröffentlicht. CVE-Nummern: CVE-2020-0796 CVSS Base Score: 10.0 (laut CERT/CC) Update: 13. März 2020 Microsoft gibt unter https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020… ebenfalls einen CVSS Base Score --------------------------------------------- https://cert.at/de/warnungen/2020/3/kritische-sicherheitslucke-in-microsoft… ∗∗∗ Security Bulletin: PowerVC is impacted by information leakage from nova APIs during external exception (CVE-2019-14433) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-powervc-is-impacted-by-in… ∗∗∗ Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-… ∗∗∗ Security Bulletin: Content Collector for Email is affected by a 3RD PARTY Path Traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-ema… ∗∗∗ Security Bulletin: Content Collector for Email is affected by a cross-site scripting vulnerability in WebSphere Application Server Admin Console ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-ema… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect Snapshot for VMware (CVE-2019-2989) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: A vulnerability in Python affects IBM Operations Analytics Predictive Insights (CVE-2019-18348) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-python… ∗∗∗ Security Bulletin: Content Collector for Email is affected by a File traversal vulnerability in WebSphere Application Server Admin Console ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-ema… ∗∗∗ Security Bulletin: Content Collector for Email is affected by a Information disclosure vulnerability in WebSphere Application Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-ema… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for ACH Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ VMSA-2020-0004 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2020-0004.html ∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0228 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.03.2020
by Daily end-of-shift report 12 Mar '20

12 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 11-03-2020 18:00 − Donnerstag 12-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Prenotification Security Advisory for Adobe Acrobat and Reader ∗∗∗ --------------------------------------------- Adobe is planning to release security updates for Adobe Acrobat and Reader for Windows and macOS on Tuesday, March 17, 2020. --------------------------------------------- https://helpx.adobe.com/security/products/acrobat/apsb20-13.html ∗∗∗ Live Coronavirus Map Used to Spread Malware ∗∗∗ --------------------------------------------- Cybercriminals constantly latch on to news items that captivate the publics attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software. --------------------------------------------- https://krebsonsecurity.com/2020/03/live-coronavirus-map-used-to-spread-mal… ===================== = Vulnerabilities = ===================== ∗∗∗ Achtung: Sicherheitspatch gegen kritische SMBv3-Lücke jetzt verfügbar ∗∗∗ --------------------------------------------- Gegen die kritische Windows-Sicherheitslücke CVE-2020-0796 gibt es jetzt einen Patch von Microsoft. Admins sollten ihre Systeme möglichst sofort akualisieren.. --------------------------------------------- https://heise.de/-4681993 ∗∗∗ Flaws Riddle Zyxel’s Network Management Software ∗∗∗ --------------------------------------------- Over 16 security flaws, including multiple backdoors and hardcoded SSH server keys, plague the software. --------------------------------------------- https://threatpost.com/flaws-zyxels-network-management-software/153554/ ∗∗∗ Vulnerabilities Patched in Popup Builder Plugin Affecting over 100,000 Sites ∗∗∗ --------------------------------------------- On March 4th, our Threat Intelligence team discovered several vulnerabilities in Popup Builder, a WordPress plugin installed on over 100,000 sites. One vulnerability allowed an unauthenticated attacker to inject malicious JavaScript into any published popup, which would then be executed whenever the popup loaded. .. We highly recommend updating to the latest version, 3.64.1, immediately. --------------------------------------------- https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-popup-bui… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel), Debian (dojo, firefox-esr, sleuthkit, and wpa), Fedora (cacti, cacti-spine, and python-psutil), Oracle (kernel), Red Hat (kernel), Scientific Linux (kernel), SUSE (ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, ...), Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/814652/ ∗∗∗ ABB eSOMS ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-072-01 ∗∗∗ ABB Asset Suite ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-072-02 ∗∗∗ Rockwell Automation Allen-Bradley Stratix 5950 ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-072-03 ∗∗∗ XSS vulnerability in the FortiManager via the buffer parameter ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-19-271 ∗∗∗ Information disclosure through diagnose debug commands in FortiWeb ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-19-269 ∗∗∗ XSS Vulnerability in Disclaimer Description of a Replacement Message in FortiWeb ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-20-001 ∗∗∗ Unquoted Service Path exploit in FortiClient ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-19-281 ∗∗∗ Authorizations Bypass in the FortiPresence portal parameters ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-19-258 ∗∗∗ XSS vulnerability in the URL Description of URL filter ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-19-270 ∗∗∗ XSS vulnerability in the Anomaly Detection Parameter Name ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-19-265 ∗∗∗ FortiSIEM is vulnerable to a CSRF attack ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/ FG-IR-19-240 ∗∗∗ Security Advisory - Out of Bounds Read Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200311-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200311-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200311-… ∗∗∗ Security Advisory - Improper Integrity Checking Vulnerability on some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200311-… ∗∗∗ Security Bulletin: Vulnerability from Apache HttpClient affects IBM Cloud Pak System (CVE-2012-5783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-from-apache… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in HTTP/2 implementation used by Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: An information disclosure security vulnerability has been identified with the embedded Content Navigator component shipped with IBM Business Automation Workflow (CVE-2019-4679) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-an-information-disclosure… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.03.2020
by Daily end-of-shift report 11 Mar '20

11 Mar '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 10-03-2020 18:00 − Mittwoch 11-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ LVI Attacks: New Intel CPUs Vulnerability Puts Data Centers At Risk ∗∗∗ --------------------------------------------- Tracked as CVE-2020-0551, dubbed "Load Value Injection in the Line Fill Buffers" or LVI-LFB for short, the new speculative-execution attack could let a less privileged attacker steal sensitive information—encryption keys or passwords—from the protected memory and subsequently, take significant control over a targeted system. --------------------------------------------- https://thehackernews.com/2020/03/intel-load-value-injection.html ∗∗∗ Forthcoming OpenSSL release ∗∗∗ --------------------------------------------- The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1e. This release will be made available on Tuesday 17th March 2020 between 1300-1700 UTC. This will contain one LOW severity fix for CVE-2019-1551 --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2020-March/000166.html ∗∗∗ A new and advanced Rowhammer-based attack on DDR4 memory ∗∗∗ --------------------------------------------- A new and advanced Rowhammer-based attack on DDR4 memory was announced on March 10, 2020. (CVE-2020-10255) The attack has been shown to cause memory corruption in lab environments. --------------------------------------------- https://www.ibm.com/blogs/psirt/a-new-and-advanced-rowhammer-based-attack-o… ∗∗∗ Klicken Sie keine Links und Anhänge in E-Mails an! ∗∗∗ --------------------------------------------- „Ihr PayPal-Konto wurde eingeschränkt! … Öffnen Sie die Anhangsdatei, um Ihre Einschränkung aufzuheben!“ Diese Nachricht landet derzeit in zahlreichen E-Mail-Postfächern. Die Datei im Anhang enthält Schadsoftware, die Links führen auf Phishing-Seiten mit denen Zugangsdaten ausspioniert werden sollen. Schützen kann man sich nur, indem man nichts anklickt, sondern sich auf anderen Wegen informiert, ob die E-Mail echt sein kann. --------------------------------------------- https://www.watchlist-internet.at/news/klicken-sie-keine-links-und-anhaenge… ∗∗∗ Microsoft orchestrates coordinated takedown of Necurs botnet ∗∗∗ --------------------------------------------- Microsoft and partners in 35 countries move to bring down Necurs, todays largest malware botnet. --------------------------------------------- https://www.zdnet.com/article/microsoft-orchestrates-coordinated-takedown-o… ===================== = Vulnerabilities = ===================== ∗∗∗ Kritische Sicherheitslücke in Microsoft SMBv3 - Workarounds verfügbar ∗∗∗ --------------------------------------------- Microsoft hat außerhalb des monatlichen Patch-Zyklus ein Security Advisory mit Workarounds für eine kritische Sicherheitslücke in Microsoft Server Message Block 3.1.1 (SMBv3) veröffentlicht. ... Die Lücke kann über das Netzwerk ausgenützt werden und ermöglicht die Ausführung von beliebigen Befehlen mit SYSTEM Rechten. --------------------------------------------- https://cert.at/de/warnungen/2020/3/kritische-sicherheitslucke-in-microsoft… ∗∗∗ IPAS: Security Advisories for March 2020 ∗∗∗ --------------------------------------------- Hi everyone, It’s the second Tuesday in March 2020 and today we released 9 security advisories. For full details on these advisories, please visit the Intel Security Center. --------------------------------------------- https://blogs.intel.com/technology/2020/03/ipas-security-advisories-for-mar… ∗∗∗ SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-006 ∗∗∗ --------------------------------------------- This module enables you to authenticate Drupal users using an external SAML Identity Provider. If the site is configured to allow visitors to register for user accounts but administrator approval is required, the module doesnt sufficiently enforce the administrative approval requirement, in the case where the requesting user has already authenticated through SAML. --------------------------------------------- https://www.drupal.org/sa-contrib-2020-006 ∗∗∗ Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage ∗∗∗ --------------------------------------------- Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This months Patch Tuesday covers 117 vulnerabilities, 25 of which are considered critical. There is also one moderate vulnerability and 91 that are considered important. --------------------------------------------- https://blog.talosintelligence.com/2020/03/microsoft-patch-tuesday-march-20… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (qemu-kvm and sudo), Debian (chromium), Mageia (gpac, libseccomp, and tomcat), openSUSE (gd and postgresql10), Oracle (qemu-kvm), Red Hat (chromium-browser), Scientific Linux (qemu-kvm), Slackware (firefox), and SUSE (ipmitool, java-1_7_0-openjdk, librsvg, and tomcat). --------------------------------------------- https://lwn.net/Articles/814574/ ∗∗∗ Synology-SA-20:03 Kr00k ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to obtain sensitive information via a susceptible version of Synology Router Manager (SRM) that is equipped with Broadcom BCM43460. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_20_03 ∗∗∗ MISP 2.4.123 released (aka the dashboard and security fix release) ∗∗∗ --------------------------------------------- A new version of MISP (2.4.123) has been released. This version includes various security related fixed, and a new Dashboard system. --------------------------------------------- https://www.misp-project.org/2020/03/10/MISP.2.4.123.released.html ∗∗∗ Credential Disclosure in WatchGuard Fireware AD Helper Component ∗∗∗ --------------------------------------------- RedTeam Pentesting discovered a credential-disclosure vulnerability in the AD Helper component of the WatchGuard Fireware Threat Detection and Response (TDR) service, which allows unauthenticated attackers to gain Active Directory credentials for a Windows domain in plaintext. --------------------------------------------- https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-001/ ∗∗∗ Johnson Controls Kantech EntraPass ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-070-04 ∗∗∗ Johnson Controls Metasys ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-070-05 ∗∗∗ Rockwell Automation MicroLogix Controllers and RSLogix 500 Software ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-070-06 ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-202003116… ∗∗∗ Security Bulletin: IBM InfoSphere Governance Catalog is affected by a cross-site scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-governance… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (August 2019 CPU) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Linux kernel vulnerability CVE-2019-19072 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42438635 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily