Daily

daily@lists.cert.at

1 participants
3151 discussions

Tageszusammenfassung - 11.02.2020
by Daily end-of-shift report 11 Feb '20

11 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Montag 10-02-2020 18:00 − Dienstag 11-02-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Fake-Abmahnungen im Namen echter Kanzleien mit Schadsoftware ∗∗∗ --------------------------------------------- Zahlreiche Internet-UserInnen und Website-BetreiberInnen erhalten derzeit vermeintliche Abmahnschreiben wegen angeblicher Urheberrechtsverletzungen im Namen echter Anwaltskanzleien. Kriminelle geben sich beispielsweise als Kanzlei Böhmert und Böhmert oder Kanzlei Wilde Beuger Solmecke aus. Die Schreiben sind gefälscht und enthalten Downloadlinks mit gefährlicher Schadsoftware! --------------------------------------------- https://www.watchlist-internet.at/news/fake-abmahnungen-im-namen-echter-kan… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Framemaker (APSB20-04), Adobe Acrobat and Reader (APSB20-05), Adobe Flash Player (APSB20-06), Adobe Digital Edition (APSB20-07) and Adobe Experience Manager (APSB20-08). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1830 ∗∗∗ Mozilla Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2020/02/11/mozilla-releases-s… ∗∗∗ FortiAP-S/W2 system files overwrite through tcpdump CLI command ∗∗∗ --------------------------------------------- An improper input validation (CWE-20) vulnerability in FortiAP-S/W2 CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump CLI commands. --------------------------------------------- https://fortiguard.com/psirt/FG-IR-19-298 ∗∗∗ FortiAP system command injection through ifconfig command ∗∗∗ --------------------------------------------- A system command injection vulnerability in the FortiAP CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands. --------------------------------------------- https://fortiguard.com/psirt/%20FG-IR-19-209 ∗∗∗ SAP Security Patch Day – February 2020 ∗∗∗ --------------------------------------------- On 11th of February 2020, SAP Security Patch Day saw the release of 13 Security Notes. There are 2 updates to previously released Patch Day Security Notes. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (checkstyle), Fedora (poppler), Oracle (kernel), Red Hat (389-ds:1.4, java-1.7.1-ibm, java-1.8.0-ibm, nss-softokn, and spice-gtk), and Scientific Linux (spice-gtk). --------------------------------------------- https://lwn.net/Articles/812219/ ∗∗∗ Flaws in Accusoft ImageGear Expose Users to Remote Attacks ∗∗∗ --------------------------------------------- Critical vulnerabilities addressed in the Accusoft ImageGear library could be exploited by remote attackers to execute code on a victim machine, Cisco Talos’ security researchers report. read more --------------------------------------------- https://www.securityweek.com/flaws-accusoft-imagegear-expose-users-remote-a… ∗∗∗ SSA-986695 (Last Update: 2020-02-11): Information Disclosure Vulnerability in the OZW Web Server ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-986695.txt ∗∗∗ SSA-978558 (Last Update: 2020-02-11): Insufficient Logging Vulnerability in SIPORT MP ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-978558.txt ∗∗∗ SSA-974843 (Last Update: 2020-02-11): Denial-of-Service Vulnerability in SIPROTEC 4 and SIPROTEC Compact Relay Families ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-974843.txt ∗∗∗ SSA-951513 (Last Update: 2020-02-11): Clickjacking Vulnerability in SCALANCE X-300, X-200IRT, and X-200 Switch Families ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-951513.txt ∗∗∗ SSA-940889 (Last Update: 2020-02-11): Vulnerabilities in the embedded FTP server of SIMATIC CP 1543-1 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-940889.txt ∗∗∗ SSA-780073 (Last Update: 2020-02-11): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-780073.txt ∗∗∗ SSA-750824 (Last Update: 2020-02-11): Denial-of-Service Vulnerability in Profinet Devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-750824.txt ∗∗∗ SSA-591405 (Last Update: 2020-02-11): Web Vulnerabilities in SCALANCE S-600 family ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-591405.txt ∗∗∗ SSA-431678 (Last Update: 2020-02-11): Denial-of-Service Vulnerability in SIMATIC S7 CPU Families ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-431678.txt ∗∗∗ SSA-398519 (Last Update: 2020-02-11): Vulnerabilities in Intel CPUs (November 2019) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-398519.txt ∗∗∗ SSA-270778 (Last Update: 2020-02-11): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-270778.txt ∗∗∗ SSA-978220 (Last Update: 2020-02-11): Denial-of-Service Vulnerability over SNMP in Multiple Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-978220.txt ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server (CVE-2020-2593, CVE-2020-2583, CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2020-2593, CVE-2020-2583, CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Content Navigator is vulnerable to Server Side Request Forgery (SSRF) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-… ∗∗∗ Symantec Endpoint Protection: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0111 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.02.2020
by Daily end-of-shift report 10 Feb '20

10 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 07-02-2020 18:00 − Montag 10-02-2020 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ KBOT: sometimes they come back ∗∗∗ --------------------------------------------- We recently discovered malware that spread through injecting malicious code into Windows executable files; in other words, a virus. It is the first “living” virus in recent years that we have spotted in the wild. We named it KBOT. --------------------------------------------- https://securelist.com/kbot-sometimes-they-come-back/96157/ ∗∗∗ Emotet: Erster Hase-Igel-Loop für EmoCheck ∗∗∗ --------------------------------------------- Eine neue Emotet-Version machte ein erstes Update des Erkennungs-Tools EmoCheck fällig. --------------------------------------------- https://heise.de/-4656609 ∗∗∗ Dangerous Domain Corp.com Goes Up for Sale ∗∗∗ --------------------------------------------- As an early domain name investor, Mike OConnor had by 1994 snatched up several choice online destinations, including bar.com, cafes.com, grill.com, place.com, pub.com and television.com. Some he sold over the years, but for the past 26 years OConnor refused to auction perhaps the most sensitive domain in his stable -- corp.com. --------------------------------------------- https://krebsonsecurity.com/2020/02/dangerous-domain-corp-com-goes-up-for-s… ∗∗∗ Betrügerisches Raiffeisen SMS im Umlauf ∗∗∗ --------------------------------------------- Zahlreiche HandynutzerInnen empfangen aktuell angeblich eine SMS von der Raiffeisenbank. Die Funktion pushTAN sei nicht aktiviert. Um das Problem zu beheben, werden Sie aufgefordert, einem Link zu folgen. Klicken Sie nicht auf den Link, Sie gelangen auf eine gefälschte Raiffeisen-Login-Seite. Kriminelle stehlen Ihre Zugangsdaten und Ihre Telefonnummer. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerisches-raiffeisen-sms-im-um… ===================== = Vulnerabilities = ===================== ∗∗∗ Tutor LMS < 1.5.3 - Cross-Site Request Forgery (CSRF) ∗∗∗ --------------------------------------------- Tutor LMS WordPress plugin is vulnerable to Cross-Site Request Forgery (CSRF) attacks. --------------------------------------------- https://wpvulndb.com/vulnerabilities/10058 ∗∗∗ Geschlossene Lücke: Dell SupportAssist Client könnte Schadcode laden ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für Dell SupportAssist for business PCs und Dell SupportAssist for home PCs. --------------------------------------------- https://heise.de/-4656474 ∗∗∗ Sicherheitsupdate: Wiki-Software Confluence unter Windows angreifbar ∗∗∗ --------------------------------------------- Angreifer könnten die Windows-Version von Confluence attackieren und sich gegebenenfalls höhere Nutzerrechte verschaffen. --------------------------------------------- https://heise.de/-4656770 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ipmitool, libexif, and ppp), Fedora (glib2, java-1.8.0-openjdk, java-11-openjdk, libasr, libuv, mingw-gdk-pixbuf, mingw-SDL2, nethack, nghttp2, nodejs, nodejs-mixin-deep, nodejs-set-value, nodejs-yarn, opensmtpd, python-feedgen, runc, samba, sox, and texlive-base), Mageia (chromium-browser-stable, mgetty, openslp, qtbase5, spamassassin, sudo, and xmlrpc), openSUSE (ceph and chromium), Oracle (grub2 and kernel), SUSE (docker-runc, LibreOffice, docker-runc, wicked), Ubuntu (libxml2, qtbase-opensource-src) --------------------------------------------- https://lwn.net/Articles/812118/ ∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200207-… ∗∗∗ Security Bulletin: Aspera Web Shares application is affected by NGINX Vulnerabilities (CVE-2018-16845, CVE-2018-16843, CVE-2019-7401) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-shares-applica… ∗∗∗ Security Bulletin: Aspera Web Applications (Faspex, Console, Shares) are affected by Apache Vulnerabilities (CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10098), ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-applications-f… ∗∗∗ Security Bulletin: Aspera Web Applications (Faspex, Console) are affected by Apache Vulnerabilities (CVE-2019-0196, CVE-2019-0197, CVE-2019-0215, CVE-2019-0217, CVE-2019-0220) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-applications-f… ∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (February 2020v1) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server January 2020 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Aspera Web Application (Faspex, Console, Orchestrator, Shares) are affected by Apache vulnerabilities (CVE-2019-9517, CVE-2019-10097) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-application-fa… ∗∗∗ Security Bulletin: Aspera Web Faspex application is affected by OpenSSL Vulnerability (CVE-2019-1552) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-faspex-applica… ∗∗∗ Security Bulletin: IBM Aspera WebApps (Shares, Faspex, Console, Orchestrator) and products are affected by OpenSSL Vulnerability (CVE-ID: CVE-2019-1543) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-webapps-shares… ∗∗∗ HPESBHF03978 rev.2 - HPE Superdome Flex Server, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.02.2020
by Daily end-of-shift report 07 Feb '20

07 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 06-02-2020 18:00 − Freitag 07-02-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Phishing Attack Disables Google Play Protect, Drops Anubis Trojan ∗∗∗ --------------------------------------------- Android users are targeted in a phishing campaign that will infect their devices with the Anubis banking Trojan that can steal financial information from more than 250 banking and shopping applications. --------------------------------------------- https://www.bleepingcomputer.com/news/security/phishing-attack-disables-goo… ∗∗∗ Robbin Hood – the ransomware that brings its own bug ∗∗∗ --------------------------------------------- When you need a vulnerability to exploit, but there isnt one... why not simply bring your own, along with your malware? --------------------------------------------- https://nakedsecurity.sophos.com/2020/02/07/robbin-hood-the-ransomware-that… ∗∗∗ Malware Emotet greift WLANs an ∗∗∗ --------------------------------------------- Emotet nutzt offenbar eine bislang nicht bekannte Methode, sich weiter auszubreiten: Er klinkt sich in schlecht gesicherte Funknetze ein. --------------------------------------------- https://heise.de/-4655284 ∗∗∗ Warnmails eines Sebastian Wulker sind Fake! ∗∗∗ --------------------------------------------- Vor allem Ein-Personen-Unternehmen, aber auch Privatpersonen erhalten momentan E-Mails im Namen eines angeblichen Sicherheitsforschers Sebastian Wulker. In diesen Mails wird behauptet, dass er im Rahmen seiner Arbeit auf die missbräuchliche Verwendung persönlicher Daten gestoßen ist und an ihn kontaktieren soll, um mehr zu erfahren, bevor er es an Strafverfolgungsbehörden weitergibt. Wer hier Kontakt aufnimmt, wird Schritt für Schritt in eine Erpressungsfalle gelockt, --------------------------------------------- https://www.watchlist-internet.at/news/warnmails-eines-sebastian-wulker-sin… ∗∗∗ Magecart Group 12’s Latest: Actors Behind Attacks on Olympics Ticket Re-sellers Deftly Swapped Domains to Continue Campaign ∗∗∗ --------------------------------------------- A recent blog post by Jacob Pimental and Max Kersten highlighted Magecart activity targeting ticket re-selling websites for the 2020 Olympics and EUFA Euro 2020, olympictickets2020.com and eurotickets2020.com respectively. These sites were compromised by a skimmer using the domain opendoorcdn.com for data exfiltration. --------------------------------------------- https://www.riskiq.com/blog/labs/magecart-group-12-olympics/ ===================== = Vulnerabilities = ===================== ∗∗∗ Google: Bluetooth-Lücke in Android ermöglicht Codeausführung ∗∗∗ --------------------------------------------- Mit den Februar-Updates für Android schließt Google eine Sicherheitslücke im Bluetooth-Stack, die das Ausführen von Code durch Angreifer ermöglicht. Dazu müssen diese nur in der Nähe der Geräte sein. Weitere Fehler in Android ermöglichen die Rechteausweitung. --------------------------------------------- https://www.golem.de/news/google-bluetooth-luecke-in-android-ermoeglicht-co… ∗∗∗ VoIP-Telefone: Schwere Sicherheitslücke bei Yealink entdeckt ∗∗∗ --------------------------------------------- Yealink versorgt Telefone weltweit mit VoIP-Zugangsdaten, Telefonbüchern und Anruferlisten. Im Autoprovisionierungsdienst des Herstellers klafft eine Lücke. --------------------------------------------- https://heise.de/-4654592 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, python-django, and sudo), Debian (libexif and libxmlrpc3-java), Fedora (upx and xar), openSUSE (ucl and upx), Oracle (ipa), Scientific Linux (kernel), SUSE (e2fsprogs, libqt5-qtbase, nginx, pcp, php7, rubygem-rack, systemd, wicked, and xen), and Ubuntu (mariadb-10.1, mariadb-10.3, mesa, pillow, and python-reportlab). --------------------------------------------- https://lwn.net/Articles/811880/ ∗∗∗ ClamAV: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/02/warn… ∗∗∗ Events Manager < 5.9.7.2 - CSV Injection ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/10062 ∗∗∗ Events Manager Pro < 2.6.7.2 - CSV Injection ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/10063 ∗∗∗ OTRS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0106 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.02.2020
by Daily end-of-shift report 06 Feb '20

06 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 05-02-2020 18:00 − Donnerstag 06-02-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Philips Hue: Kritische Sicherheitslücke in smarten Lampen ∗∗∗ --------------------------------------------- Hacker können mit einer Antenne das Netzwerk der User und damit verbundene Computer übernehmen. --------------------------------------------- https://futurezone.at/produkte/philips-hue-kritische-sicherheitsluecke-in-s… ∗∗∗ Fake browser update pages are "still a thing", (Wed, Feb 5th) ∗∗∗ --------------------------------------------- SocGholish is a term I first saw in signatures from the EmergingThreats Pro ruleset to describe fake browser update pages used to distribute malware like a NetSupport RAT-based malware package or Chthonic banking malware. Although this activity has continued into 2020, I hadn't run across an example until this week. --------------------------------------------- https://isc.sans.edu/diary/rss/25774 ∗∗∗ This crafty malware makes you retype your passwords so it can steal them ∗∗∗ --------------------------------------------- Metamorfo banking trojan has expanded its campaign to target online users banking services. --------------------------------------------- https://www.zdnet.com/article/this-crafty-malware-makes-you-retype-your-pas… ===================== = Vulnerabilities = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB20-05) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB20-05) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, February 11, 2020. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well as the Adobe PSIRT Blog. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1828 ∗∗∗ Views Bulk Operations (VBO) - Moderately critical - Access bypass - SA-CONTRIB-2020-003 ∗∗∗ --------------------------------------------- Project: Views Bulk Operations (VBO)Date: 2020-February-05Security risk: Moderately critical 12∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Access bypassDescription: Views Bulk Operations provides enhancements to running bulk actions on views.The module contains an access bypass vulnerability that might allow users to execute views actions that they should not have access to. --------------------------------------------- https://www.drupal.org/sa-contrib-2020-003 ∗∗∗ Hintertür in vielen Überwachungskameras mit HiSilicon-Chips ∗∗∗ --------------------------------------------- Die Firmware zahlreicher IP-Kameras mit Systems-on-Chip (SoCs) der Huawei-Sparte HiSilicon erlaubt Root-Zugriff via telnet. --------------------------------------------- https://heise.de/-4654525 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel-rt, qemu-kvm, spamassassin, and Xorg), Debian (ruby-rack-cors), Fedora (glibc), openSUSE (ImageMagick), Oracle (ipa, kernel, and qemu-kvm), SUSE (systemd), and Ubuntu (exiv2, mbedtls, and systemd). --------------------------------------------- https://lwn.net/Articles/811678/ ∗∗∗ Auth0 < 3.11.3 - Unauthenticated Reflected XSS via wle Parameter ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/10059 ∗∗∗ Ultimate Membership Pro < 8.6.1 - Multiple Critical Vulnerabilities ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/10061 ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM WIoTP MessageGateway (CVE-2020-2604, CVE-2020-2659) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Windows installers of IBM Cloud CLI prior to 0.16.2 are signed using SHA1 certificate ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-windows-installers-of-ibm… ∗∗∗ Security Bulletin: Vulnerability of Embedded CF CLI In IBM Cloud CLI ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-of-embedded… ∗∗∗ BIG-IP Edge Client for Windows vulnerability CVE-2020-5855 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K55102004 ∗∗∗ BIG-IP TMM AWS vulnerability CVE-2020-5856 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00025388 ∗∗∗ BIG-IP TMM vulnerability CVE-2020-5854 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K50046200 ∗∗∗ Atlassian Jira Software: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0099 ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0104 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.02.2020
by Daily end-of-shift report 05 Feb '20

05 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 04-02-2020 18:00 − Mittwoch 05-02-2020 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Bitbucket Abused to Infect 500,000+ Hosts with Malware Cocktail ∗∗∗ --------------------------------------------- Attackers are abusing the Bitbucket code hosting service to store seven types of malware threats used in an ongoing campaign that has already claimed more than 500,000 business computers across the world. --------------------------------------------- https://www.bleepingcomputer.com/news/security/bitbucket-abused-to-infect-5… ∗∗∗ Betrügerische WhatsApp-Nachrichten zu iPhone-Gewinn! ∗∗∗ --------------------------------------------- Kriminelle nützen momentan WhatsApp für die massenhafte Verbreitung einer Betrugsmasche. Sie versenden eine WhatsApp-Nachricht zu einem angeblichen Gewinn aus. Wer dem Link folgt und ein gratis iPhone erhalten möchte, muss die Nachricht an mindestens zehn WhatsApp-Kontakte weiterleiten. EmpfängerInnen dürfen weder Daten bekanntgeben noch die Nachricht weiterleiten. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-whatsapp-nachrichten-… ∗∗∗ Researcher: Backdoor mechanism still active in devices using HiSilicon chips ∗∗∗ --------------------------------------------- Researcher said he did not notify HiSilicon due to a lack of trust in the hardware vendor to adequately fix the issue. --------------------------------------------- https://www.zdnet.com/article/researcher-backdoor-mechanism-discovered-in-d… ===================== = Vulnerabilities = ===================== ∗∗∗ WhatsApp Bug Allowed Attackers to Access the Local File System ∗∗∗ --------------------------------------------- Facebook patched a critical WhatsApp vulnerability that would have allowed potential attackers to read files from a users local file system, on both macOS and Windows platforms. --------------------------------------------- https://www.bleepingcomputer.com/news/security/whatsapp-bug-allowed-attacke… ∗∗∗ VU#261385: Cisco Discovery Protocol (CDP) enabled devices are vulnerable to denial-of-service and remote code execution ∗∗∗ --------------------------------------------- CVE-2020-3110 Ciscos Video Surveillance 8000 Series IP cameras with CDP enabled are vulnerable to a heap overflow in the parsing of DeviceID type-length-value(TLV). The CVSS score reflected below is in regards to this vulnerability. CVE-2020-3111 Cisco Voice over Internet Protocol(VoIP)phones with CDP enabled are vulnerable to a stack overflow in the parsing of PortID type-length-value(TLV). CVE-2020-3118 Ciscos CDP subsystem of devices running,or based on,Cisco IOS XR Software are vulnerable. --------------------------------------------- https://kb.cert.org/vuls/id/261385 ∗∗∗ AutomationDirect C-More Touch Panels ∗∗∗ --------------------------------------------- This advisory contains mitigations for an insufficiently protected credentials vulnerability in AutomationDirects C-More Touch Panels software management platform. --------------------------------------------- https://www.us-cert.gov/ics/advisories/icsa-20-035-01 ∗∗∗ Cisco Digital Network Architecture Center Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected device. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (storebackup), openSUSE (e2fsprogs and wicked), Red Hat (containernetworking-plugins, ipa, kernel, kernel-rt, ksh, and qemu-kvm), Scientific Linux (ipa and qemu-kvm), SUSE (libqt5-qtbase, python-reportlab, and terraform), and Ubuntu (graphicsmagick, OpenSMTPD, spamassassin, and sudo). --------------------------------------------- https://lwn.net/Articles/811597/ ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200205-… ∗∗∗ Security Advisory - Denial of Service Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200205-… ∗∗∗ Security Advisory - Information leakage Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200205-… ∗∗∗ Security Advisory - Information leakage Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200205-… ∗∗∗ Security Bulletin: Information Disclosure in WebSphere Application Server Admin Console (CVE-2019-4670) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in… ∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment Response Time Monitoring Agent (CVE-2019-16168) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlit… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2020 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Cloud Automation Manager is affected by an issue with insecure cookie path attribute (CVE-2019-4616) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-automation-mana… ∗∗∗ Security Bulletin: IBM Planning Analytics Local is affected by a security vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-lo… ∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2019-16168) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlit… ∗∗∗ systemd: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0096 ∗∗∗ MariaDB: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0095 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.02.2020
by Daily end-of-shift report 04 Feb '20

04 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Montag 03-02-2020 18:00 − Dienstag 04-02-2020 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New EmoCheck Tool Checks if Youre Infected With Emotet ∗∗∗ --------------------------------------------- A new utility has been released by Japan CERT (computer emergency response team) that allows Windows users to easily check if they are infected with the Emotet Trojan. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-emocheck-tool-checks-if-… ∗∗∗ Microsoft Office 365 Will Block Malicious Content Unless Overridden ∗∗∗ --------------------------------------------- Microsoft is currently working on new features designed to block malicious content in Office 365 regardless of the custom configurations set up by administrators or users unless manually overridden. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-office-365-will-bl… ∗∗∗ Sicherheitslücke in Twitters API: Telefonnummern abgreifbar ∗∗∗ --------------------------------------------- Durch die missbräuchliche Verwendung einer API von Twitter konnten Unbekannte Telefonnummern und Nutzernamen kombinieren und einsehen. --------------------------------------------- https://heise.de/-4652519 ∗∗∗ Zum schnellen Geld kommen? – So geht es nicht! ∗∗∗ --------------------------------------------- Vorsicht: Angebliche InvestorInnen, PhilanthropInnen oder UnternehmerInnen, die Ihnen hohe Geldbeträge versprechen, sind Kriminelle. E-Mails über angebliche Gewinne in Millionenhöhe werden massenhaft an beliebige E-Mail-Adressen versendet. Um das Geld zu erhalten, müssen Sie lediglich einen bestimmten Betrag – angeblich zur Abwicklung der Überweisung – und Ausweiskopien übermitteln. Tun Sie das, verlieren Sie nicht nur Ihr Geld, sondern auch Ihre [...] --------------------------------------------- https://www.watchlist-internet.at/news/zum-schnellen-geld-kommen-so-geht-es… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Web Security Appliance and Cisco Content Security Management Appliance HTTP Header Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web servers response.The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL and receive a malicious HTTP response. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Slow HTTP DoS Attacks Mitigation ∗∗∗ --------------------------------------------- An Uncontrolled Resource Consumption vulnerability in multiple products may allow an attacker to cause web service portal denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly. Slow HTTP attacks are denial-of-service (DoS) attacks in which the attacker sends HTTP requests in pieces slowly, one at a time to a Web server. --------------------------------------------- https://fortiguard.com/psirt/FG-IR-19-013 ∗∗∗ Vulnerability Spotlight: Denial-of-service, information leak bugs in Mini-SNMPD ∗∗∗ --------------------------------------------- Multiple vulnerabilities exist in Mini-SNMPD, a lightweight implementation of a Simple Network Management Protocol server. An attacker can exploit these bugs by providing a specially crafted SNMPD request to the user. These vulnerabilities could lead to a variety of conditions, potentially resulting in the disclosure of sensitive information and a denial-of-service condition. --------------------------------------------- https://blog.talosintelligence.com/2020/02/vuln-spotlight-mini-snmpd-feb-20… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (salt), CentOS (git), Debian (qtbase-opensource-src), Fedora (java-11-openjdk), Mageia (kernel and openjpeg2), openSUSE (mailman, python-reportlab, ucl, and upx), Oracle (git), Red Hat (container-tools:rhel8, go-toolset:rhel8, grub2, kernel, kernel-rt, php:7.2, and sudo), SUSE (crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client and python36), and Ubuntu (python-django). --------------------------------------------- https://lwn.net/Articles/811495/ ∗∗∗ Medtronic Releases Patches for Cardiac Device Flaws Disclosed in 2018, 2019 ∗∗∗ --------------------------------------------- Medical device company Medtronic informed customers last week that it has released patches for some cardiac device vulnerabilities disclosed in 2018 and 2019. --------------------------------------------- https://www.securityweek.com/medtronic-releases-patches-cardiac-device-flaw… ∗∗∗ Portfolio Filter Gallery < 1.1.3 - CSRF & Reflected XSS ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/10057 ∗∗∗ Security Bulletin: A security vulnerability has been fixed in IBM Security Identity Manager (CVE-2019-4451) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a command execution vulnerability (CVE-2020-4163) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Multiple security vulnerabilities have been addressed in IBM Security Directory Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Multiple security vulnerabilities have been identified in IBM® WebSphere Application Server Liberty shipped with IBM Security Directory Suite (CVE-2019-4305) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities (CVE-2019-4674, CVE-2018-15473, CVE-2019-4675) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-man… ∗∗∗ Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-c… ∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (January 2020v2) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Android Security Bulletin Feburar 2020 ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0094 ∗∗∗ Squid: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0093 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.02.2020
by Daily end-of-shift report 03 Feb '20

03 Feb '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 31-01-2020 18:00 − Montag 03-02-2020 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Devious Spamhaus Phishing Scam Warns Youre on an Email Block List ∗∗∗ --------------------------------------------- A new phishing campaign distributing malware pretends to be from the Spamhaus Project warning that the recipients email address has been added to a spam block list due to sending unsolicited email. --------------------------------------------- https://www.bleepingcomputer.com/news/security/devious-spamhaus-phishing-sc… ∗∗∗ Abo-Falle durch gefälschte E-Mail von „Zoll Österreich“ ∗∗∗ --------------------------------------------- Eine neue Massenmail landet momentan im Posteingang unzähliger InternetnutzerInnen. In der Nachricht von „Zoll Österreich“ heißt es, dass eine Zollgebühr nicht bezahlt wurde. Dem Inhalt der E-Mail darf kein Glauben geschenkt werden, denn sie wird von Kriminellen verschickt. Eine Dateneingabe führt hier in eine teure Abo-Falle für 90 Euro monatlich. --------------------------------------------- https://www.watchlist-internet.at/news/abo-falle-durch-gefaelschte-e-mail-v… ∗∗∗ Hackers are hijacking smart building access systems to launch DDoS attacks ∗∗∗ --------------------------------------------- More than 2,300 building access systems can be hijacked due to a severe vulnerability left without a fix. --------------------------------------------- https://www.zdnet.com/article/hackers-are-hijacking-smart-building-access-s… ∗∗∗ Windows 10 PCs get these new Intel chip security updates for Zombieload attacks ∗∗∗ --------------------------------------------- Microsoft helps Intel deliver its latest microcode security updates to mitigate the Zombieload threat. --------------------------------------------- https://www.zdnet.com/article/windows-10-pcs-get-these-new-intel-chip-secur… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory 2020-01-31-1 - Opkg susceptible to MITM (CVE-2020-7982) ∗∗∗ --------------------------------------------- A bug in the package list parse logic of OpenWrts opkg fork caused the package manager to ignore SHA-256 checksums embedded in the signed repository index, effectively bypassing integrity checking of downloaded .ipk artifacts. --------------------------------------------- https://lists.infradead.org/pipermail/openwrt-devel/2020-January/021544.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (opensmtpd), Debian (firefox-esr, libidn2, libjackson-json-java, prosody-modules, qemu, qtbase-opensource-src, spamassassin, and sudo), Fedora (e2fsprogs, java-1.8.0-openjdk, mingw-openjpeg2, openjpeg2, samba, sox, upx, webkit2gtk3, and xar), Red Hat (git), Scientific Linux (git), Slackware (sudo), SUSE (ceph and rmt-server), and Ubuntu (sudo). --------------------------------------------- https://lwn.net/Articles/811368/ ∗∗∗ Strong Testimonials < 2.40.1 - Stored Cross Site Scripting (XSS) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/10056 ∗∗∗ Security Bulletin: Rational Asset Analyzer is affected by a WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-i… ∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Log4j ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-… ∗∗∗ Security Bulletin: Vulnerabilities affect Watson Explorer Foundational Components (CVE-2019-1563, CVE-2019-1549, CVE-2019-1547) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-wa… ∗∗∗ Security Bulletin: IBM API Connect is impacted by vulnerabilities in Golang (CVE-2019-17596) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impact… ∗∗∗ Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-r… ∗∗∗ Security Bulletin: Rational Asset Analyzer is affected by a WebSphere Application Server vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-i… ∗∗∗ Security Bulletin: Information Disclosure in IBM StoredIQ (CVE-2020-4224) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in… ∗∗∗ Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-r… ∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by multiple vulnerabilities in Java ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-… ∗∗∗ Security Bulletin: Rational Asset Analyzer (RAA) is affected by several WebSphere Application Server vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-r… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.01.2020
by Daily end-of-shift report 31 Jan '20

31 Jan '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 30-01-2020 18:00 − Freitag 31-01-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Microsoft Detects New Evil Corp Malware Attacks After Short Break ∗∗∗ --------------------------------------------- Microsoft says that an ongoing Evil Corp phishing campaign is using attachments featuring HTML redirectors for delivering malicious Excel documents, this being the first time the threat actors have been seen adopting this technique. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-detects-new-evil-c… ∗∗∗ Researcher Finds Over 60 Vulnerabilities in Physical Security Systems ∗∗∗ --------------------------------------------- The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) recently published an advisory to warn users of Honeywell’s MAXPRO video management system (VMS) and network video recorder (NVR) products that Austria-based researcher Joachim Kerschbaumer had identified two serious vulnerabilities that could allow hackers to take control of affected systems. --------------------------------------------- https://www.securityweek.com/researcher-finds-over-60-vulnerabilities-physi… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libsolv, libxmlrpc3-java, openjpeg2, qemu, and suricata), Fedora (ansible, chromium, java-latest-openjdk, links, mingw-openjpeg2, nss, openjpeg2, python-pillow, thunderbird, webkit2gtk3, and xen), Mageia (gdal, java-1.8.0-openjdk, mariadb, openjpeg2, and sqlite3), Oracle (kernel), Red Hat (rh-java-common-xmlrpc), SUSE (e2fsprogs, ImageMagick, php72, tigervnc, and wicked), and Ubuntu (keystone). --------------------------------------------- https://lwn.net/Articles/811199/ ∗∗∗ GistPress < 3.0.2 - Authenticated Stored XSS ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/10053 ∗∗∗ Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to a denial of service attack caused by specially constructed messages. (CVE-2019-4432) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-ibm-mq-applian… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Content Collector for Email is affected by a information disclosure vulnerability in WebSphere Application Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-ema… ∗∗∗ Security Bulletin: Security vulnerabilities in the jackson-databind routines fixed in IBM Security Access Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to Intel escalation of privilege vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-released-unified-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.01.2020
by Daily end-of-shift report 30 Jan '20

30 Jan '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 29-01-2020 18:00 − Donnerstag 30-01-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Network Traffic Analysis for IR: SSH Protocol with Wireshark ∗∗∗ --------------------------------------------- Introduction to the SSH protocol The Secure Shell (SSH) is designed to allow confidential and authenticated remote access to a computer. Like the Telnet protocol, it enables a user to remotely access a command shell on a machine, run commands and access the results. However, unlike Telnet, SSH traffic is fully encrypted, making it the [...] --------------------------------------------- https://resources.infosecinstitute.com/network-traffic-analysis-for-ir-ssh-… ∗∗∗ Collating Hacked Data Sets ∗∗∗ --------------------------------------------- Two Harvard undergraduates completed a project where they went out on the Dark Web and found a bunch of stolen datasets. Then they correlated all the information, and then combined it with additional, publicly available information. No surprise: the result was much more detailed and personal."What we were able to do is alarming because we can now find vulnerabilities in peoples online presence very quickly," Metropolitansky said. --------------------------------------------- https://www.schneier.com/blog/archives/2020/01/collating_hacke.html ∗∗∗ Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers ∗∗∗ --------------------------------------------- Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. Azure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any --------------------------------------------- https://thehackernews.com/2020/01/microsoft-azure-vulnerabilities.html ===================== = Vulnerabilities = ===================== ∗∗∗ Privilege escalation in Bitdefender Antivirus for Mac (VA-3499) ∗∗∗ --------------------------------------------- A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. --------------------------------------------- https://www.bitdefender.com/support/security-advisories/privilege-escalatio… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (graphicsmagick, opensmtpd, webkit2gtk, wget, and zlib), openSUSE (apt-cacher-ng, GraphicsMagick, java-1_8_0-openjdk, mailman, mumble, rubygem-excon, sarg, and shadowsocks-libev), Oracle (libarchive and openjpeg2), Red Hat (firefox, fribidi, openjpeg2, SDL, and thunderbird), Scientific Linux (openjpeg2), SUSE (glibc, java-1_8_0-openjdk, and rmt-server), and Ubuntu (Apache Solr and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/811025/ ∗∗∗ Elementor Page Builder < 2.7.6 - Authenticated Stored XSS ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/10052 ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2019-3815) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-15473) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Security vulnerabilities in the jackson-databind routines fixed in IBM Security Access Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-11214, CVE-2018-11213, CVE-2018-11212) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 – July 2019 and October 2019 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2019-11479, CVE-2019-11478, CVE-2019-11477) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-12404) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.01.2020
by Daily end-of-shift report 29 Jan '20

29 Jan '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 28-01-2020 18:00 − Mittwoch 29-01-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Critical Flaws in Magento e-Commerce Platform Allow Code-Execution ∗∗∗ --------------------------------------------- Admins are encouraged to update their websites to stave off attacks from Magecart card-skimmers and others. --------------------------------------------- https://threatpost.com/critical-flaws-magento-ecommerce-code-execution/1523… ∗∗∗ New Snake Ransomware Targets ICS Processes ∗∗∗ --------------------------------------------- A recently uncovered piece of file-encrypting ransomware, which some believe may be linked to Iran, has been targeting processes and files associated with industrial control systems (ICS). --------------------------------------------- https://www.securityweek.com/new-snake-ransomware-targets-ics-processes ∗∗∗ Attacker’s Tactics and Techniques in Unsecured Docker Daemons Revealed ∗∗∗ --------------------------------------------- We found an additional 1,400 unsecured Docker hosts and outline in this research some of the common tactics and techniques we found being used by attackers in compromised Docker engines. --------------------------------------------- https://unit42.paloaltonetworks.com/attackers-tactics-and-techniques-in-uns… ===================== = Vulnerabilities = ===================== ∗∗∗ Kritische Sicherheitslücke in OpenSMTPD erlaubt(e) Codeausführung aus der Ferne ∗∗∗ --------------------------------------------- BSD- und Linux-Server, auf denen OpenSMTPD läuft, brauchen umgehend ein Update auf Version 6.6.2p1. Es fixt eine kritische Remote-Code-Execution-Lücke. --------------------------------------------- https://heise.de/-4648501 ∗∗∗ D-LINK Router: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- Router der Firma D-LINK enthalten eine Firewall und in der Regel eine WLAN-Schnittstelle. Die Geräte sind hauptsächlich für private Anwender und Kleinunternehmen konzipiert. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/01/warn… ∗∗∗ 200K WordPress Sites Exposed to Takeoker Attacks by Plugin Bug ∗∗∗ --------------------------------------------- A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu. --------------------------------------------- https://www.bleepingcomputer.com/news/security/200k-wordpress-sites-exposed… ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: tvOS 13.3.1 Safari 13.0.5 iOS 13.3.1 and iPadOS 13.3.1 macOS Catalina 10.15.3, [...] --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2020/01/28/apple-releases-mul… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (apache-commons-beanutils, java-1.8.0-openjdk, libarchive, openjpeg2, openslp, python-reportlab, and sqlite), Debian (hiredis, otrs2, and unzip), openSUSE (apt-cacher-ng, git, samba, sarg, and storeBackup), Oracle (openjpeg2), Red Hat (libarchive, openjpeg2, sqlite, and virt:rhel), SUSE (aws-cli and python-reportlab), and Ubuntu (libgcrypt11, linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-oracle-5.0, linux-hwe, linux-hwe, linux-aws-hwe, [...] --------------------------------------------- https://lwn.net/Articles/810881/ ∗∗∗ FreeBSD OS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0080 ∗∗∗ Cisco Small Business Switches Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business Switches Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabiltiies in PHP. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bladecenter-advanced-… ∗∗∗ Security Bulletin: WebSphere Application Server browser stack trace vulnerability affects IBM Control Center (CVE-2019-4441) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: WebSphere Application Server improper cookie setting vulnerability affects IBM Control Center (CVE-2019-4305) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Security Bulletin: Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-12402) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-denial-of-servi… ∗∗∗ Security Bulletin: Multiple security vulnerabilities were fixed in IBM Security Access Manager Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Java Vulnerability Impacts IBM Control Center (CVE-2019-2989) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerability-impact… ∗∗∗ Security Bulletin: Multiple Websphere to HTTP2 implementation vulnerabilities affect IBM Control Center ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-websphere-to-htt… ∗∗∗ Security Bulletin: IBM WebSphere Application Server – Liberty improper session validation vulnerability affects IBM Control Center (CVE-2019-4304) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application… ∗∗∗ Security Bulletin: Multiple security vulnerabilities were fixed in IBM Security Access Manager Appliance (CVE-2019-3861, CVE-019-3858) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Vulnerability in Apache PDFBox Affects IBM Control Center (CVE-2019-0228) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-p… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily