=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 06-02-2020 18:00 − Freitag 07-02-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Phishing Attack Disables Google Play Protect, Drops Anubis Trojan ∗∗∗
---------------------------------------------
Android users are targeted in a phishing campaign that will infect their devices with the Anubis banking Trojan that can steal financial information from more than 250 banking and shopping applications.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/phishing-attack-disables-goo…
∗∗∗ Robbin Hood – the ransomware that brings its own bug ∗∗∗
---------------------------------------------
When you need a vulnerability to exploit, but there isnt one... why not simply bring your own, along with your malware?
---------------------------------------------
https://nakedsecurity.sophos.com/2020/02/07/robbin-hood-the-ransomware-that…
∗∗∗ Malware Emotet greift WLANs an ∗∗∗
---------------------------------------------
Emotet nutzt offenbar eine bislang nicht bekannte Methode, sich weiter auszubreiten: Er klinkt sich in schlecht gesicherte Funknetze ein.
---------------------------------------------
https://heise.de/-4655284
∗∗∗ Warnmails eines Sebastian Wulker sind Fake! ∗∗∗
---------------------------------------------
Vor allem Ein-Personen-Unternehmen, aber auch Privatpersonen erhalten momentan E-Mails im Namen eines angeblichen Sicherheitsforschers Sebastian Wulker. In diesen Mails wird behauptet, dass er im Rahmen seiner Arbeit auf die missbräuchliche Verwendung persönlicher Daten gestoßen ist und an ihn kontaktieren soll, um mehr zu erfahren, bevor er es an Strafverfolgungsbehörden weitergibt. Wer hier Kontakt aufnimmt, wird Schritt für Schritt in eine Erpressungsfalle gelockt,
---------------------------------------------
https://www.watchlist-internet.at/news/warnmails-eines-sebastian-wulker-sin…
∗∗∗ Magecart Group 12’s Latest: Actors Behind Attacks on Olympics Ticket Re-sellers Deftly Swapped Domains to Continue Campaign ∗∗∗
---------------------------------------------
A recent blog post by Jacob Pimental and Max Kersten highlighted Magecart activity targeting ticket re-selling websites for the 2020 Olympics and EUFA Euro 2020, olympictickets2020.com and eurotickets2020.com respectively. These sites were compromised by a skimmer using the domain opendoorcdn.com for data exfiltration.
---------------------------------------------
https://www.riskiq.com/blog/labs/magecart-group-12-olympics/
=====================
= Vulnerabilities =
=====================
∗∗∗ Google: Bluetooth-Lücke in Android ermöglicht Codeausführung ∗∗∗
---------------------------------------------
Mit den Februar-Updates für Android schließt Google eine Sicherheitslücke im Bluetooth-Stack, die das Ausführen von Code durch Angreifer ermöglicht. Dazu müssen diese nur in der Nähe der Geräte sein. Weitere Fehler in Android ermöglichen die Rechteausweitung.
---------------------------------------------
https://www.golem.de/news/google-bluetooth-luecke-in-android-ermoeglicht-co…
∗∗∗ VoIP-Telefone: Schwere Sicherheitslücke bei Yealink entdeckt ∗∗∗
---------------------------------------------
Yealink versorgt Telefone weltweit mit VoIP-Zugangsdaten, Telefonbüchern und Anruferlisten. Im Autoprovisionierungsdienst des Herstellers klafft eine Lücke.
---------------------------------------------
https://heise.de/-4654592
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, python-django, and sudo), Debian (libexif and libxmlrpc3-java), Fedora (upx and xar), openSUSE (ucl and upx), Oracle (ipa), Scientific Linux (kernel), SUSE (e2fsprogs, libqt5-qtbase, nginx, pcp, php7, rubygem-rack, systemd, wicked, and xen), and Ubuntu (mariadb-10.1, mariadb-10.3, mesa, pillow, and python-reportlab).
---------------------------------------------
https://lwn.net/Articles/811880/
∗∗∗ ClamAV: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/02/warn…
∗∗∗ Events Manager < 5.9.7.2 - CSV Injection ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/10062
∗∗∗ Events Manager Pro < 2.6.7.2 - CSV Injection ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/10063
∗∗∗ OTRS: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0106
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 05-02-2020 18:00 − Donnerstag 06-02-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Philips Hue: Kritische Sicherheitslücke in smarten Lampen ∗∗∗
---------------------------------------------
Hacker können mit einer Antenne das Netzwerk der User und damit verbundene Computer übernehmen.
---------------------------------------------
https://futurezone.at/produkte/philips-hue-kritische-sicherheitsluecke-in-s…
∗∗∗ Fake browser update pages are "still a thing", (Wed, Feb 5th) ∗∗∗
---------------------------------------------
SocGholish is a term I first saw in signatures from the EmergingThreats Pro ruleset to describe fake browser update pages used to distribute malware like a NetSupport RAT-based malware package or Chthonic banking malware. Although this activity has continued into 2020, I hadn't run across an example until this week.
---------------------------------------------
https://isc.sans.edu/diary/rss/25774
∗∗∗ This crafty malware makes you retype your passwords so it can steal them ∗∗∗
---------------------------------------------
Metamorfo banking trojan has expanded its campaign to target online users banking services.
---------------------------------------------
https://www.zdnet.com/article/this-crafty-malware-makes-you-retype-your-pas…
=====================
= Vulnerabilities =
=====================
∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB20-05) ∗∗∗
---------------------------------------------
A prenotification security advisory (APSB20-05) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, February 11, 2020. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well as the Adobe PSIRT Blog.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1828
∗∗∗ Views Bulk Operations (VBO) - Moderately critical - Access bypass - SA-CONTRIB-2020-003 ∗∗∗
---------------------------------------------
Project: Views Bulk Operations (VBO)Date: 2020-February-05Security risk: Moderately critical 12∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Access bypassDescription: Views Bulk Operations provides enhancements to running bulk actions on views.The module contains an access bypass vulnerability that might allow users to execute views actions that they should not have access to.
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-003
∗∗∗ Hintertür in vielen Überwachungskameras mit HiSilicon-Chips ∗∗∗
---------------------------------------------
Die Firmware zahlreicher IP-Kameras mit Systems-on-Chip (SoCs) der Huawei-Sparte HiSilicon erlaubt Root-Zugriff via telnet.
---------------------------------------------
https://heise.de/-4654525
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (kernel-rt, qemu-kvm, spamassassin, and Xorg), Debian (ruby-rack-cors), Fedora (glibc), openSUSE (ImageMagick), Oracle (ipa, kernel, and qemu-kvm), SUSE (systemd), and Ubuntu (exiv2, mbedtls, and systemd).
---------------------------------------------
https://lwn.net/Articles/811678/
∗∗∗ Auth0 < 3.11.3 - Unauthenticated Reflected XSS via wle Parameter ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/10059
∗∗∗ Ultimate Membership Pro < 8.6.1 - Multiple Critical Vulnerabilities ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/10061
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM WIoTP MessageGateway (CVE-2020-2604, CVE-2020-2659) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: Windows installers of IBM Cloud CLI prior to 0.16.2 are signed using SHA1 certificate ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-windows-installers-of-ibm…
∗∗∗ Security Bulletin: Vulnerability of Embedded CF CLI In IBM Cloud CLI ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-of-embedded…
∗∗∗ BIG-IP Edge Client for Windows vulnerability CVE-2020-5855 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K55102004
∗∗∗ BIG-IP TMM AWS vulnerability CVE-2020-5856 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K00025388
∗∗∗ BIG-IP TMM vulnerability CVE-2020-5854 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K50046200
∗∗∗ Atlassian Jira Software: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0099
∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0104
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 04-02-2020 18:00 − Mittwoch 05-02-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Bitbucket Abused to Infect 500,000+ Hosts with Malware Cocktail ∗∗∗
---------------------------------------------
Attackers are abusing the Bitbucket code hosting service to store seven types of malware threats used in an ongoing campaign that has already claimed more than 500,000 business computers across the world.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/bitbucket-abused-to-infect-5…
∗∗∗ Betrügerische WhatsApp-Nachrichten zu iPhone-Gewinn! ∗∗∗
---------------------------------------------
Kriminelle nützen momentan WhatsApp für die massenhafte Verbreitung einer Betrugsmasche. Sie versenden eine WhatsApp-Nachricht zu einem angeblichen Gewinn aus. Wer dem Link folgt und ein gratis iPhone erhalten möchte, muss die Nachricht an mindestens zehn WhatsApp-Kontakte weiterleiten. EmpfängerInnen dürfen weder Daten bekanntgeben noch die Nachricht weiterleiten.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-whatsapp-nachrichten-…
∗∗∗ Researcher: Backdoor mechanism still active in devices using HiSilicon chips ∗∗∗
---------------------------------------------
Researcher said he did not notify HiSilicon due to a lack of trust in the hardware vendor to adequately fix the issue.
---------------------------------------------
https://www.zdnet.com/article/researcher-backdoor-mechanism-discovered-in-d…
=====================
= Vulnerabilities =
=====================
∗∗∗ WhatsApp Bug Allowed Attackers to Access the Local File System ∗∗∗
---------------------------------------------
Facebook patched a critical WhatsApp vulnerability that would have allowed potential attackers to read files from a users local file system, on both macOS and Windows platforms.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/whatsapp-bug-allowed-attacke…
∗∗∗ VU#261385: Cisco Discovery Protocol (CDP) enabled devices are vulnerable to denial-of-service and remote code execution ∗∗∗
---------------------------------------------
CVE-2020-3110 Ciscos Video Surveillance 8000 Series IP cameras with CDP enabled are vulnerable to a heap overflow in the parsing of DeviceID type-length-value(TLV). The CVSS score reflected below is in regards to this vulnerability. CVE-2020-3111 Cisco Voice over Internet Protocol(VoIP)phones with CDP enabled are vulnerable to a stack overflow in the parsing of PortID type-length-value(TLV). CVE-2020-3118 Ciscos CDP subsystem of devices running,or based on,Cisco IOS XR Software are vulnerable.
---------------------------------------------
https://kb.cert.org/vuls/id/261385
∗∗∗ AutomationDirect C-More Touch Panels ∗∗∗
---------------------------------------------
This advisory contains mitigations for an insufficiently protected credentials vulnerability in AutomationDirects C-More Touch Panels software management platform.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-035-01
∗∗∗ Cisco Digital Network Architecture Center Stored Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected device.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (storebackup), openSUSE (e2fsprogs and wicked), Red Hat (containernetworking-plugins, ipa, kernel, kernel-rt, ksh, and qemu-kvm), Scientific Linux (ipa and qemu-kvm), SUSE (libqt5-qtbase, python-reportlab, and terraform), and Ubuntu (graphicsmagick, OpenSMTPD, spamassassin, and sudo).
---------------------------------------------
https://lwn.net/Articles/811597/
∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200205-…
∗∗∗ Security Advisory - Denial of Service Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200205-…
∗∗∗ Security Advisory - Information leakage Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200205-…
∗∗∗ Security Advisory - Information leakage Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200205-…
∗∗∗ Security Bulletin: Information Disclosure in WebSphere Application Server Admin Console (CVE-2019-4670) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in…
∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment Response Time Monitoring Agent (CVE-2019-16168) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlit…
∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2020 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: IBM Cloud Automation Manager is affected by an issue with insecure cookie path attribute (CVE-2019-4616) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-automation-mana…
∗∗∗ Security Bulletin: IBM Planning Analytics Local is affected by a security vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-lo…
∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2019-16168) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlit…
∗∗∗ systemd: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0096
∗∗∗ MariaDB: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0095
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 03-02-2020 18:00 − Dienstag 04-02-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ New EmoCheck Tool Checks if Youre Infected With Emotet ∗∗∗
---------------------------------------------
A new utility has been released by Japan CERT (computer emergency response team) that allows Windows users to easily check if they are infected with the Emotet Trojan.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-emocheck-tool-checks-if-…
∗∗∗ Microsoft Office 365 Will Block Malicious Content Unless Overridden ∗∗∗
---------------------------------------------
Microsoft is currently working on new features designed to block malicious content in Office 365 regardless of the custom configurations set up by administrators or users unless manually overridden.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-office-365-will-bl…
∗∗∗ Sicherheitslücke in Twitters API: Telefonnummern abgreifbar ∗∗∗
---------------------------------------------
Durch die missbräuchliche Verwendung einer API von Twitter konnten Unbekannte Telefonnummern und Nutzernamen kombinieren und einsehen.
---------------------------------------------
https://heise.de/-4652519
∗∗∗ Zum schnellen Geld kommen? – So geht es nicht! ∗∗∗
---------------------------------------------
Vorsicht: Angebliche InvestorInnen, PhilanthropInnen oder UnternehmerInnen, die Ihnen hohe Geldbeträge versprechen, sind Kriminelle. E-Mails über angebliche Gewinne in Millionenhöhe werden massenhaft an beliebige E-Mail-Adressen versendet. Um das Geld zu erhalten, müssen Sie lediglich einen bestimmten Betrag – angeblich zur Abwicklung der Überweisung – und Ausweiskopien übermitteln. Tun Sie das, verlieren Sie nicht nur Ihr Geld, sondern auch Ihre [...]
---------------------------------------------
https://www.watchlist-internet.at/news/zum-schnellen-geld-kommen-so-geht-es…
=====================
= Vulnerabilities =
=====================
∗∗∗ Cisco Web Security Appliance and Cisco Content Security Management Appliance HTTP Header Injection Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web servers response.The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL and receive a malicious HTTP response.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Slow HTTP DoS Attacks Mitigation ∗∗∗
---------------------------------------------
An Uncontrolled Resource Consumption vulnerability in multiple products may allow an attacker to cause web service portal denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly. Slow HTTP attacks are denial-of-service (DoS) attacks in which the attacker sends HTTP requests in pieces slowly, one at a time to a Web server.
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-19-013
∗∗∗ Vulnerability Spotlight: Denial-of-service, information leak bugs in Mini-SNMPD ∗∗∗
---------------------------------------------
Multiple vulnerabilities exist in Mini-SNMPD, a lightweight implementation of a Simple Network Management Protocol server. An attacker can exploit these bugs by providing a specially crafted SNMPD request to the user. These vulnerabilities could lead to a variety of conditions, potentially resulting in the disclosure of sensitive information and a denial-of-service condition.
---------------------------------------------
https://blog.talosintelligence.com/2020/02/vuln-spotlight-mini-snmpd-feb-20…
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (salt), CentOS (git), Debian (qtbase-opensource-src), Fedora (java-11-openjdk), Mageia (kernel and openjpeg2), openSUSE (mailman, python-reportlab, ucl, and upx), Oracle (git), Red Hat (container-tools:rhel8, go-toolset:rhel8, grub2, kernel, kernel-rt, php:7.2, and sudo), SUSE (crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client and python36), and Ubuntu (python-django).
---------------------------------------------
https://lwn.net/Articles/811495/
∗∗∗ Medtronic Releases Patches for Cardiac Device Flaws Disclosed in 2018, 2019 ∗∗∗
---------------------------------------------
Medical device company Medtronic informed customers last week that it has released patches for some cardiac device vulnerabilities disclosed in 2018 and 2019.
---------------------------------------------
https://www.securityweek.com/medtronic-releases-patches-cardiac-device-flaw…
∗∗∗ Portfolio Filter Gallery < 1.1.3 - CSRF & Reflected XSS ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/10057
∗∗∗ Security Bulletin: A security vulnerability has been fixed in IBM Security Identity Manager (CVE-2019-4451) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-…
∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a command execution vulnerability (CVE-2020-4163) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser…
∗∗∗ Security Bulletin: Multiple security vulnerabilities have been addressed in IBM Security Directory Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera…
∗∗∗ Security Bulletin: Multiple security vulnerabilities have been identified in IBM® WebSphere Application Server Liberty shipped with IBM Security Directory Suite (CVE-2019-4305) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera…
∗∗∗ Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities (CVE-2019-4674, CVE-2018-15473, CVE-2019-4675) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-man…
∗∗∗ Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server (CVE-2019-12406) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-c…
∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (January 2020v2) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Android Security Bulletin Feburar 2020 ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0094
∗∗∗ Squid: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0093
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 31-01-2020 18:00 − Montag 03-02-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Devious Spamhaus Phishing Scam Warns Youre on an Email Block List ∗∗∗
---------------------------------------------
A new phishing campaign distributing malware pretends to be from the Spamhaus Project warning that the recipients email address has been added to a spam block list due to sending unsolicited email.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/devious-spamhaus-phishing-sc…
∗∗∗ Abo-Falle durch gefälschte E-Mail von „Zoll Österreich“ ∗∗∗
---------------------------------------------
Eine neue Massenmail landet momentan im Posteingang unzähliger InternetnutzerInnen. In der Nachricht von „Zoll Österreich“ heißt es, dass eine Zollgebühr nicht bezahlt wurde. Dem Inhalt der E-Mail darf kein Glauben geschenkt werden, denn sie wird von Kriminellen verschickt. Eine Dateneingabe führt hier in eine teure Abo-Falle für 90 Euro monatlich.
---------------------------------------------
https://www.watchlist-internet.at/news/abo-falle-durch-gefaelschte-e-mail-v…
∗∗∗ Hackers are hijacking smart building access systems to launch DDoS attacks ∗∗∗
---------------------------------------------
More than 2,300 building access systems can be hijacked due to a severe vulnerability left without a fix.
---------------------------------------------
https://www.zdnet.com/article/hackers-are-hijacking-smart-building-access-s…
∗∗∗ Windows 10 PCs get these new Intel chip security updates for Zombieload attacks ∗∗∗
---------------------------------------------
Microsoft helps Intel deliver its latest microcode security updates to mitigate the Zombieload threat.
---------------------------------------------
https://www.zdnet.com/article/windows-10-pcs-get-these-new-intel-chip-secur…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security Advisory 2020-01-31-1 - Opkg susceptible to MITM (CVE-2020-7982) ∗∗∗
---------------------------------------------
A bug in the package list parse logic of OpenWrts opkg fork caused the package manager to ignore SHA-256 checksums embedded in the signed repository index, effectively bypassing integrity checking of downloaded .ipk artifacts.
---------------------------------------------
https://lists.infradead.org/pipermail/openwrt-devel/2020-January/021544.html
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (opensmtpd), Debian (firefox-esr, libidn2, libjackson-json-java, prosody-modules, qemu, qtbase-opensource-src, spamassassin, and sudo), Fedora (e2fsprogs, java-1.8.0-openjdk, mingw-openjpeg2, openjpeg2, samba, sox, upx, webkit2gtk3, and xar), Red Hat (git), Scientific Linux (git), Slackware (sudo), SUSE (ceph and rmt-server), and Ubuntu (sudo).
---------------------------------------------
https://lwn.net/Articles/811368/
∗∗∗ Strong Testimonials < 2.40.1 - Stored Cross Site Scripting (XSS) ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/10056
∗∗∗ Security Bulletin: Rational Asset Analyzer is affected by a WebSphere Application Server vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-i…
∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Log4j ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-…
∗∗∗ Security Bulletin: Vulnerabilities affect Watson Explorer Foundational Components (CVE-2019-1563, CVE-2019-1549, CVE-2019-1547) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-wa…
∗∗∗ Security Bulletin: IBM API Connect is impacted by vulnerabilities in Golang (CVE-2019-17596) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impact…
∗∗∗ Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-r…
∗∗∗ Security Bulletin: Rational Asset Analyzer is affected by a WebSphere Application Server vulnerability. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-i…
∗∗∗ Security Bulletin: Information Disclosure in IBM StoredIQ (CVE-2020-4224) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in…
∗∗∗ Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS vulnerability. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-r…
∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by multiple vulnerabilities in Java ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-…
∗∗∗ Security Bulletin: Rational Asset Analyzer (RAA) is affected by several WebSphere Application Server vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-r…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 30-01-2020 18:00 − Freitag 31-01-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Microsoft Detects New Evil Corp Malware Attacks After Short Break ∗∗∗
---------------------------------------------
Microsoft says that an ongoing Evil Corp phishing campaign is using attachments featuring HTML redirectors for delivering malicious Excel documents, this being the first time the threat actors have been seen adopting this technique.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-detects-new-evil-c…
∗∗∗ Researcher Finds Over 60 Vulnerabilities in Physical Security Systems ∗∗∗
---------------------------------------------
The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) recently published an advisory to warn users of Honeywell’s MAXPRO video management system (VMS) and network video recorder (NVR) products that Austria-based researcher Joachim Kerschbaumer had identified two serious vulnerabilities that could allow hackers to take control of affected systems.
---------------------------------------------
https://www.securityweek.com/researcher-finds-over-60-vulnerabilities-physi…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libsolv, libxmlrpc3-java, openjpeg2, qemu, and suricata), Fedora (ansible, chromium, java-latest-openjdk, links, mingw-openjpeg2, nss, openjpeg2, python-pillow, thunderbird, webkit2gtk3, and xen), Mageia (gdal, java-1.8.0-openjdk, mariadb, openjpeg2, and sqlite3), Oracle (kernel), Red Hat (rh-java-common-xmlrpc), SUSE (e2fsprogs, ImageMagick, php72, tigervnc, and wicked), and Ubuntu (keystone).
---------------------------------------------
https://lwn.net/Articles/811199/
∗∗∗ GistPress < 3.0.2 - Authenticated Stored XSS ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/10053
∗∗∗ Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to a denial of service attack caused by specially constructed messages. (CVE-2019-4432) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-ibm-mq-applian…
∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser…
∗∗∗ Security Bulletin: Content Collector for Email is affected by a information disclosure vulnerability in WebSphere Application Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-ema…
∗∗∗ Security Bulletin: Security vulnerabilities in the jackson-databind routines fixed in IBM Security Access Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-…
∗∗∗ Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to Intel escalation of privilege vulnerability. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-released-unified-…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 29-01-2020 18:00 − Donnerstag 30-01-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Network Traffic Analysis for IR: SSH Protocol with Wireshark ∗∗∗
---------------------------------------------
Introduction to the SSH protocol The Secure Shell (SSH) is designed to allow confidential and authenticated remote access to a computer. Like the Telnet protocol, it enables a user to remotely access a command shell on a machine, run commands and access the results. However, unlike Telnet, SSH traffic is fully encrypted, making it the [...]
---------------------------------------------
https://resources.infosecinstitute.com/network-traffic-analysis-for-ir-ssh-…
∗∗∗ Collating Hacked Data Sets ∗∗∗
---------------------------------------------
Two Harvard undergraduates completed a project where they went out on the Dark Web and found a bunch of stolen datasets. Then they correlated all the information, and then combined it with additional, publicly available information. No surprise: the result was much more detailed and personal."What we were able to do is alarming because we can now find vulnerabilities in peoples online presence very quickly," Metropolitansky said.
---------------------------------------------
https://www.schneier.com/blog/archives/2020/01/collating_hacke.html
∗∗∗ Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers ∗∗∗
---------------------------------------------
Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. Azure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any
---------------------------------------------
https://thehackernews.com/2020/01/microsoft-azure-vulnerabilities.html
=====================
= Vulnerabilities =
=====================
∗∗∗ Privilege escalation in Bitdefender Antivirus for Mac (VA-3499) ∗∗∗
---------------------------------------------
A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud.
---------------------------------------------
https://www.bitdefender.com/support/security-advisories/privilege-escalatio…
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (graphicsmagick, opensmtpd, webkit2gtk, wget, and zlib), openSUSE (apt-cacher-ng, GraphicsMagick, java-1_8_0-openjdk, mailman, mumble, rubygem-excon, sarg, and shadowsocks-libev), Oracle (libarchive and openjpeg2), Red Hat (firefox, fribidi, openjpeg2, SDL, and thunderbird), Scientific Linux (openjpeg2), SUSE (glibc, java-1_8_0-openjdk, and rmt-server), and Ubuntu (Apache Solr and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/811025/
∗∗∗ Elementor Page Builder < 2.7.6 - Authenticated Stored XSS ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/10052
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2019-3815) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea…
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-15473) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea…
∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja…
∗∗∗ Security Bulletin: Security vulnerabilities in the jackson-databind routines fixed in IBM Security Access Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-…
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-11214, CVE-2018-11213, CVE-2018-11212) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea…
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 – July 2019 and October 2019 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2019-11479, CVE-2019-11478, CVE-2019-11477) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea…
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-12404) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 28-01-2020 18:00 − Mittwoch 29-01-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Critical Flaws in Magento e-Commerce Platform Allow Code-Execution ∗∗∗
---------------------------------------------
Admins are encouraged to update their websites to stave off attacks from Magecart card-skimmers and others.
---------------------------------------------
https://threatpost.com/critical-flaws-magento-ecommerce-code-execution/1523…
∗∗∗ New Snake Ransomware Targets ICS Processes ∗∗∗
---------------------------------------------
A recently uncovered piece of file-encrypting ransomware, which some believe may be linked to Iran, has been targeting processes and files associated with industrial control systems (ICS).
---------------------------------------------
https://www.securityweek.com/new-snake-ransomware-targets-ics-processes
∗∗∗ Attacker’s Tactics and Techniques in Unsecured Docker Daemons Revealed ∗∗∗
---------------------------------------------
We found an additional 1,400 unsecured Docker hosts and outline in this research some of the common tactics and techniques we found being used by attackers in compromised Docker engines.
---------------------------------------------
https://unit42.paloaltonetworks.com/attackers-tactics-and-techniques-in-uns…
=====================
= Vulnerabilities =
=====================
∗∗∗ Kritische Sicherheitslücke in OpenSMTPD erlaubt(e) Codeausführung aus der Ferne ∗∗∗
---------------------------------------------
BSD- und Linux-Server, auf denen OpenSMTPD läuft, brauchen umgehend ein Update auf Version 6.6.2p1. Es fixt eine kritische Remote-Code-Execution-Lücke.
---------------------------------------------
https://heise.de/-4648501
∗∗∗ D-LINK Router: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
Router der Firma D-LINK enthalten eine Firewall und in der Regel eine WLAN-Schnittstelle. Die Geräte sind hauptsächlich für private Anwender und Kleinunternehmen konzipiert.
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/01/warn…
∗∗∗ 200K WordPress Sites Exposed to Takeoker Attacks by Plugin Bug ∗∗∗
---------------------------------------------
A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/200k-wordpress-sites-exposed…
∗∗∗ Apple Releases Multiple Security Updates ∗∗∗
---------------------------------------------
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: tvOS 13.3.1 Safari 13.0.5 iOS 13.3.1 and iPadOS 13.3.1 macOS Catalina 10.15.3, [...]
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2020/01/28/apple-releases-mul…
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (apache-commons-beanutils, java-1.8.0-openjdk, libarchive, openjpeg2, openslp, python-reportlab, and sqlite), Debian (hiredis, otrs2, and unzip), openSUSE (apt-cacher-ng, git, samba, sarg, and storeBackup), Oracle (openjpeg2), Red Hat (libarchive, openjpeg2, sqlite, and virt:rhel), SUSE (aws-cli and python-reportlab), and Ubuntu (libgcrypt11, linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-oracle-5.0, linux-hwe, linux-hwe, linux-aws-hwe, [...]
---------------------------------------------
https://lwn.net/Articles/810881/
∗∗∗ FreeBSD OS: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0080
∗∗∗ Cisco Small Business Switches Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Small Business Switches Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabiltiies in PHP. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bladecenter-advanced-…
∗∗∗ Security Bulletin: WebSphere Application Server browser stack trace vulnerability affects IBM Control Center (CVE-2019-4441) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser…
∗∗∗ Security Bulletin: WebSphere Application Server improper cookie setting vulnerability affects IBM Control Center (CVE-2019-4305) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser…
∗∗∗ Security Bulletin: Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-12402) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-denial-of-servi…
∗∗∗ Security Bulletin: Multiple security vulnerabilities were fixed in IBM Security Access Manager Appliance ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera…
∗∗∗ Security Bulletin: Java Vulnerability Impacts IBM Control Center (CVE-2019-2989) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerability-impact…
∗∗∗ Security Bulletin: Multiple Websphere to HTTP2 implementation vulnerabilities affect IBM Control Center ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-websphere-to-htt…
∗∗∗ Security Bulletin: IBM WebSphere Application Server – Liberty improper session validation vulnerability affects IBM Control Center (CVE-2019-4304) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application…
∗∗∗ Security Bulletin: Multiple security vulnerabilities were fixed in IBM Security Access Manager Appliance (CVE-2019-3861, CVE-019-3858) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera…
∗∗∗ Security Bulletin: Vulnerability in Apache PDFBox Affects IBM Control Center (CVE-2019-0228) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-p…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 27-01-2020 18:00 − Dienstag 28-01-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Sicherheitslücken: L1DES und VRS machen Intel-Chips angreifbar ∗∗∗
---------------------------------------------
Neue Attacken per Microarchitectural Data Sampling (MDS) treffen Intel-Prozessoren: Bei L1DES alias Cache Out ist der L1-Puffer das Ziel, bei VRS werden Vector-Register ausgenutzt. Intel arbeitet an Microcode-Updates.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecken-l1des-und-vrs-machen-intel-chi…
∗∗∗ Millions of Devices Using LoRaWAN Exposed to Hacker Attacks ∗∗∗
---------------------------------------------
Millions of devices deployed across a wide range of sectors could be exposed to hacker attacks due to security issues associated with the use of LoRaWAN, cybersecurity firm IOActive warned on Tuesday.
---------------------------------------------
https://www.securityweek.com/millions-devices-using-lorawan-exposed-hacker-…
∗∗∗ Umfrage führt zu Geldwäsche in Ihrem Namen! ∗∗∗
---------------------------------------------
Auf diversen Job-Portalen stoßen Sie momentan auf Ausschreibungen betrügerischer Umfrageportale wie die HENRIKSON Research GmbH. Schon bei der Registrierung verlangt man Ihre Ausweiskopie sowie Selfies mit Pass oder Personalausweis. Melden Sie sich hier nicht an! Kriminelle stehlen Ihre Daten und tarnen die Eröffnung eines Bankkontos in Ihrem Namen als bezahlte Umfrage. Achtung: Auch diverse andere Websites locken in diese Falle.
---------------------------------------------
https://www.watchlist-internet.at/news/umfrage-fuehrt-zu-geldwaesche-in-ihr…
∗∗∗ E-Mail: Doppelte Abbuchung Ihrer Magenta-Rechnung ist Fake ∗∗∗
---------------------------------------------
„Aufgrund eines Fehlers unserer Rechnungsabteilung wurde Ihnen das Doppelte Ihrer letzten Rechnung in Rechnung gestellt“ heißt es in der betrügerischen E-Mail, die angeblich von Magenta versendet wurde. Sie werden weiters aufgefordert, eine Rückerstattung zu beantragen. Klicken Sie keinesfalls auf den Link, Sie gelangen auf eine gefälschte Magenta-Seite. Kriminelle stehlen Ihre Zugangs- und Kreditkartendaten.
---------------------------------------------
https://www.watchlist-internet.at/news/e-mail-doppelte-abbuchung-ihrer-mage…
∗∗∗ Attacking Azure, Azure AD, and Introducing PowerZure ∗∗∗
---------------------------------------------
Over the past decade, Azure’s presence in businesses has grown significantly as new features and support were added to Azure. The purpose of this article is to cover three main points:
1. Explain the components of Azure and how they fit into a modern IT environment.
2. Explain how certain things within Azure can be leveraged from an offensive perspective.
3. Introduce the PowerZure project and explain how it helps offensive operations against Azure.
---------------------------------------------
https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerz…
=====================
= Vulnerabilities =
=====================
∗∗∗ [20200103] - Core - XSS in com_actionlogs ∗∗∗
---------------------------------------------
Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 3.9.0-3.9.14 Exploit type: XSS Reported Date: 2019-December-25 Fixed Date: 2020-January-28 CVE Number: CVE-2020-xxxxx Description Inadequate escaping of usernames allow XSS attacks in com_actionlogs. Affected Installs Joomla! CMS versions 3.9.0 - 3.9.14 Solution Upgrade to version 3.9.15 Contact The JSST at the Joomla! Security Centre. Reported By: Mayank Kumbhar from Techjoomla
---------------------------------------------
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/12kRPDhkkFM/800-20200103-c…
∗∗∗ [20200102] - Core - CSRF com_templates LESS compiler ∗∗∗
---------------------------------------------
Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 3.0.0-3.9.14 Exploit type: CSRF Reported Date: 2019-December-18 Fixed Date: 2020-January-28 CVE Number: CVE-2020-xxxxx Description A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.14 Solution Upgrade to version 3.9.15 Contact The JSST at the Joomla! Security Centre. Reported By: Lee Thao from Viettel Cyber Security
---------------------------------------------
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/gs3oN6Illx8/799-20200102-c…
∗∗∗ [20200101] - Core - CSRF in batch actions ∗∗∗
---------------------------------------------
Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.0.0-3.9.14 Exploit type: CSRF Reported Date: 2019-December-23 Fixed Date: 2020-January-28 CVE Number: CVE-2020-xxxxx Description Missing token checks in the batch actions of various components causes CSRF vulnerabilities. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.14 Solution Upgrade to version 3.9.15 Contact The JSST at the Joomla! Security Centre. Reported By: Lee Thao from Viettel Cyber Security
---------------------------------------------
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/9zV9kdB-WAw/798-20200101-c…
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (iperf3, openjpeg2, and tomcat7), Mageia (ansible, c3p0, fontforge, glpi, gthumb, libbsd, libmediainfo, libmp4v2, libqb, libsass, mbedtls, opencontainers-runc, php, python-pip, python-reportlab, python3, samba, sysstat, tomcat, virtualbox, and webkit2), openSUSE (java-11-openjdk, libredwg, and sarg), Oracle (sqlite), Red Hat (libarchive, nss, and openjpeg2), Scientific Linux (sqlite), SUSE (nodejs6), and Ubuntu (cyrus-sasl2, linux, linux-aws, linux, [...]
---------------------------------------------
https://lwn.net/Articles/810771/
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by OpenSSL vulnerabilities (CVE-2018-0734 and CVE-2019-1559) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec…
∗∗∗ Security Bulletin: An Apache Commons Compress vulnerability has been identified with the embedded IBM FileNet P8 Content Platform Engine component in IBM Business Process Manager and IBM Business Automation Workflow ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-an-apache-commons-compres…
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by an OpenSSH vulnerability (CVE-2018-15473) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affec…
∗∗∗ Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-ze ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vyatta-5600-vrouter-softw…
∗∗∗ Security Bulletin: IBM MQ Appliance affected by HTTP/2 vulnerabilities (CVE-2019-9511 and CVE-2019-9513) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-affected…
∗∗∗ Security Bulletin: A security vulnerability was fixed in IBM Security Access Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-…
∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In WebSphere Application Server ND shipped with IBM Security Identity Manager (CVE-2019-4505) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 24-01-2020 18:00 − Montag 27-01-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ DIVD-2020-00002 - Wildcard certificates Citrix ADC ∗∗∗
---------------------------------------------
Our analysis of the scan data collected on the night of January 9 to 10 shows that of the more than 700 vulnerable Citrix servers identified in the Netherlands, over 450 used wildcard certificates. [...] Recommendation: Revoke and replace certificates (preferably for non-wildcard versions) unless you can reliable determine that the Citrix system wasn't compromised.
---------------------------------------------
https://www.securitymeldpunt.nl/cases/DIVD-2020-00002/
∗∗∗ Mitsubishi-Hack: Sicherheitslücke in Anti-Viren-Software als Einfallstor ∗∗∗
---------------------------------------------
Es gibt neue Details über die Hacker-Attacke auf Mitsubishi Electric. Mittlerweile ist die Sicherheitslücke bekannt und was die Angreifer kopiert haben.
---------------------------------------------
https://heise.de/-4646386
∗∗∗ Potenziell schädlich: Mozilla löscht 197 Add-ons für Firefox ∗∗∗
---------------------------------------------
Mozilla hat insgesamt 197 Add-ons für Firefox gelöscht, die potenziell schädlich waren. Die meisten stammten vom selben Anbieter.
---------------------------------------------
https://heise.de/-4646392
∗∗∗ New Ryuk Info Stealer Targets Government and Military Secrets ∗∗∗
---------------------------------------------
A new version of the Ryuk Stealer malware has been enhanced to allow it to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-ryuk-info-stealer-target…
∗∗∗ Does Your Domain Have a Registry Lock? ∗∗∗
---------------------------------------------
If youre running a business online, few things can be as disruptive or destructive to your brand as someone stealing your companys domain name and doing whatever they wish with it. Even so, most major Web site owners arent taking full advantage of the security tools available to protect their domains from being hijacked. Heres the story of one recent victim who was doing almost everything possible to avoid such a situation and still had a key domain stolen by scammers.
---------------------------------------------
https://krebsonsecurity.com/2020/01/does-your-domain-have-a-registry-lock/
∗∗∗ PoC Exploits Created for Recently Patched BlueGate Windows Server Flaws ∗∗∗
---------------------------------------------
Proof-of-concept (PoC) exploits have been released for two recently patched Remote Desktop Gateway vulnerabilities that can be exploited for remote code execution.
---------------------------------------------
https://www.securityweek.com/poc-exploits-created-recently-patched-bluegate…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (jsoup and slirp), Fedora (community-mysql, elog, fontforge, libuv, libvpx, mingw-podofo, nodejs, opensc, podofo, thunderbird-enigmail, transfig, and xfig), openSUSE (arc, libssh, and libvpx), Red Hat (git, java-1.8.0-openjdk, java-11-openjdk, python-reportlab, and sqlite), Slackware (thunderbird), and SUSE (java-1_8_0-openjdk, python, and samba).
---------------------------------------------
https://lwn.net/Articles/810614/
∗∗∗ Fortinet removes SSH and database backdoors from its SIEM product ∗∗∗
---------------------------------------------
Patches have been released for CVE-2019-17659 and CVE-2019-16153.
---------------------------------------------
https://www.zdnet.com/article/fortinet-removes-ssh-and-database-backdoors-f…
∗∗∗ Linux kernel vulnerability CVE-2019-19069 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K60130614
∗∗∗ WPS Hide Login < 1.5.5 - Secret Login Page Disclosure ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/10046
∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2019-4638) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-…
∗∗∗ Security Bulletin: IBM Watson IoT MessageGateway Server is affected by a buffer overflow vulnerability (CVE-2020-4207) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-iot-messagegat…
∗∗∗ Security Bulletin: Vulnerability in IBM Websphere Application Server Liberty used by IBM Cloud Pak System (CVE-2019-12402) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-webs…
∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2019-4639) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-…
∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2019-4632) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-…
∗∗∗ Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Secret Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-…
∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2019-4637) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-…
∗∗∗ Security Bulletin: IBM MQ is vulnerable to a denial of service attack caused by converting an invalid message. (CVE-2019-4614) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a…
∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2019-4635) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-…
∗∗∗ Security Bulletin: Overly Permissive CORS Policy vulnerability found on IBM Security Secret Server (CVE-2019-4633) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-overly-permissive-cors-po…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily