Daily

daily@lists.cert.at

1 participants
3283 discussions

Tageszusammenfassung - 20.08.2020
by Daily end-of-shift report 20 Aug '20

20 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 19-08-2020 18:00 − Donnerstag 20-08-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Lucifer cryptomining DDoS malware now targets Linux systems ∗∗∗ --------------------------------------------- A hybrid DDoS botnet known for turning vulnerable Windows devices into Monero cryptomining bots is now also scanning for and infecting Linux systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/lucifer-cryptomining-ddos-ma… ∗∗∗ Transparent Tribe: Evolution analysis,part 1 ∗∗∗ --------------------------------------------- Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Proofpoint published a very good article about them in 2016, and since that day, we have kept an eye on the group. [...] The USBWorm component is real, and it has been detected on hundreds of systems. This is malware whose existence was already speculated about years ago, but as far as we know, it has never been publicly described. --------------------------------------------- https://securelist.com/transparent-tribe-part-1/98127/ ∗∗∗ Office 365 Mail Forwarding Rules (and other Mail Rules too), (Thu, Aug 20th) ∗∗∗ --------------------------------------------- If you haven't heard, SANS suffered a "Data Incident" this summer, the disclosure was released on August 11. Details can be found in several locations: [...] So that being said, how can we look for these things if you have hundreds, thousands or tens-of-thousands of mailboxes to consider? In an Office 365 shop, and especially if I wrote the code, the answer is most likely going to be PowerShell! --------------------------------------------- https://isc.sans.edu/diary/rss/26484 ∗∗∗ IBM Db2 Shared Memory Vulnerability (CVE-2020-4414) ∗∗∗ --------------------------------------------- I’ve recently blogged about a shared memory vulnerability in Cisco WebEx Meetings Client on Windows where any user can read memory dedicated to trace data. It turns out that this is a common problem. IBM Db2 is affected by the exact same type of problem. Developers forgot to put explicit memory protections around the shared memory used by the Db2 trace facility. This allows any local users read and write access to that memory area. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/ibm-db2-sha… ∗∗∗ Kriminelle versuchen Zugangsdaten zum Online-Banking zu klauen! ∗∗∗ --------------------------------------------- Haben Sie in den letzten Tagen auch eine E-Mail der „BawagPSK“ erhalten? Wenn ja, seien Sie vorsichtig! Es sind derzeit wieder vermehrt betrügerische Nachrichten unterwegs, in denen die Kriminellen Ihnen vorgaukeln, dass Sie die neue Sicherheits-App installieren müssen, damit Ihr Online-Banking funktioniert. Tatsächlich geht es aber nur darum, an Ihre Zugangsdaten zu kommen! --------------------------------------------- https://www.watchlist-internet.at/news/kriminelle-versuchen-zugangsdaten-zu… ∗∗∗ Google fixes major Gmail bug seven hours after exploit details go public ∗∗∗ --------------------------------------------- Attackers could have sent spoofed emails mimicking any Gmail or G Suite customer. --------------------------------------------- https://www.zdnet.com/article/google-fixes-major-gmail-bug-seven-hours-afte… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Security Advisories 2020-08-19 ∗∗∗ --------------------------------------------- Cisco hat 24 Security-Advisories veröffentlicht, davon wurden 1 als Kritisch und 2 als Hoch eingestuft. --------------------------------------------- https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&first… ∗∗∗ Wichtige Sicherheitsupdates für Windows 8.1/Server 2012 R2 veröffentlicht ∗∗∗ --------------------------------------------- Microsoft sichert Windows 8.1 und Windows Server 2012 R2 außer der Reihe ab. --------------------------------------------- https://heise.de/-4874571 ∗∗∗ High-Severity Vulnerability Patched in Advanced Access Manager ∗∗∗ --------------------------------------------- On August 13, 2020, the Wordfence Threat Intelligence team finished investigating two vulnerabilities in Advanced Access Manager, a WordPress plugin with over 100,000 installations, including a high-severity Authorization Bypass vulnerability that could lead to privilege escalation and site takeover. --------------------------------------------- https://www.wordfence.com/blog/2020/08/high-severity-vulnerability-patched-… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (ansible, libmetalink, roundcubemail, rubygem-kramdown, sqlite, and swtpm), Slackware (curl), SUSE (python and python3), and Ubuntu (qemu). --------------------------------------------- https://lwn.net/Articles/829181/ ∗∗∗ Security Advisory - Integer Overflow Vulnerability in Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200819-… ∗∗∗ Security Advisory - Out Of Bound Read Vulnerability in Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200819-… ∗∗∗ Security Advisory - Information Leak Vulnerability in Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200819-… ∗∗∗ Security Bulletin: IBM Content Navigator is susceptible to a sensitive data exposure. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-… ∗∗∗ Security Bulletin: Vulnerability in Bash affects IBM Spectrum Protect Plus (CVE-2019-9924) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bash-aff… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: IBM Content Manager is affected by a potential information disclosure vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-manager-is-af… ∗∗∗ Security Bulletin: IBM Content Navigator is vulnerable to an Elliptic Curve Key Disclosure. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-… ∗∗∗ Security Bulletin: Autocomplete not disabled for password field in IBM Content Navigator. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-autocomplete-not-disabled… ∗∗∗ Security Bulletin: IBM Content Navigator is vulnerable to improper input validation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-… ∗∗∗ Security Bulletin: vulnerability in snakeyaml might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2017-18640 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-snakeyam… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.08.2020
by Daily end-of-shift report 19 Aug '20

19 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 18-08-2020 18:00 − Mittwoch 19-08-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ FritzFrog malware attacks Linux servers over SSH to mine Monero ∗∗∗ --------------------------------------------- A sophisticated botnet campaign named FritzFrog has been discovered breaching SSH servers around the world, since at least January 2020. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fritzfrog-malware-attacks-li… ∗∗∗ Example of Word Document Delivering Qakbot, (Wed, Aug 19th) ∗∗∗ --------------------------------------------- Qakbot is back on stage at the moment! Many security companies already reported some peaks of activity around this malware. On my side, I also spotted several samples. The one that I'll cover today has been reported by one of our readers (thanks to him) and deserves a quick analysis of the obfuscation used by the attackers. It is not available on VT at this time (SHA256:507312fe58352d75db057aee454dafcdce2cdac59c0317255e30a43bfa5dffbc) --------------------------------------------- https://isc.sans.edu/diary/rss/26482 ∗∗∗ CDN-Filestore Credit Card Stealer for Magento ∗∗∗ --------------------------------------------- During a website remediation, we recently discovered a new version of a Magento credit card stealer which sends all compromised data to the malicious domain cdn-filestore[dot]com. My colleague Luke Leal originally wrote about this malware in a blog post earlier this year. Malware Evolution & Evasive Techniques One primary difference between this new version and theone Luke wrote about in April is that it was not packed. This detail suggests that the attackers updated the malware in an [...] --------------------------------------------- https://blog.sucuri.net/2020/08/cdn-filestore-credit-card-stealer-for-magen… ∗∗∗ Voice Phishers Targeting Corporate VPNs ∗∗∗ --------------------------------------------- The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers networks. But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees. --------------------------------------------- https://krebsonsecurity.com/2020/08/voice-phishers-targeting-corporate-vpns/ ∗∗∗ Angriff der Insta‑Klone ∗∗∗ --------------------------------------------- Unser Autor macht den Test: Mit einem geklonten Social-Media-Account und psychologischem Geschick lassen sich seine Kontakte ausnutzen und Betrügen. Vorsicht ist angesagt. --------------------------------------------- https://www.welivesecurity.com/deutsch/2020/08/18/angriff-der-insta-klone/ ∗∗∗ 10 WordPress Security Mistakes You Might Be Making ∗∗∗ --------------------------------------------- Yesterday, August 18, 2020, the Wordfence Live team covered 10 WordPress Security Mistakes You Might be Making. This companion blog post reviews the recommendations we provided to avoid these mistakes and better secure your WordPress environment. --------------------------------------------- https://www.wordfence.com/blog/2020/08/10-wordpress-security-mistakes-you-m… ∗∗∗ Ongoing Campaign Uses HTML Smuggling for Malware Delivery ∗∗∗ --------------------------------------------- An ongoing cybercrime campaign is employing a technique known as HTML smuggling to deliver malware onto the victim’s machine, Menlo Security reports. Referred to as Duri, the campaign started in early July and continues to date, attempting to evade network security solutions, including proxies and sandboxes, to deliver malicious code. --------------------------------------------- https://www.securityweek.com/ongoing-campaign-uses-html-smuggling-malware-d… ∗∗∗ Zahlreiche Meldungen zu hilufon.de, applefy.de und coyshop.de ∗∗∗ --------------------------------------------- Auf den unterschiedlichen Websites der appl handels ug werden und wurden diverse iPhone Modelle angeboten. Es handelt sich dabei um gebrauchte Geräte. Zahlreiche InternetuserInnen wenden sich jedoch an die Watchlist Internet und klagen über ausbleibende oder stark verspätete Lieferungen und andere Probleme mit dem Anbieter. Auch auf Bewertungsportalen zeigt sich ein ähnliches Bild. --------------------------------------------- https://www.watchlist-internet.at/news/zahlreiche-meldungen-zu-hilufonde-ap… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (imagemagick and ruby-websocket-extensions), Fedora (libetpan, LibRaw, and php), Gentoo (nss), Mageia (apache, ark, clamav, claws-mail, dovecot, firefox, firejail, freerdp, golang, jasper, kernel, libssh, libx11, postgresql-jdbc, python-rstlib, radare2, roundcubemail, squid, targetcli, thunderbird, tomcat, and x11-server), Red Hat (rh-mysql80-mysql), SUSE (dovecot22, freerdp, libvirt, and postgresql12), and Ubuntu (curl and linux-hwe, linux-azure-5.3, [...] --------------------------------------------- https://lwn.net/Articles/829102/ ∗∗∗ Vulnerability in Thales Product Could Expose Millions of IoT Devices to Attacks ∗∗∗ --------------------------------------------- Security researchers at IBM have discovered a potentially serious vulnerability in a communications module made by Thales for IoT devices. Millions of devices could be impacted, but the vendor released a patch six months ago. --------------------------------------------- https://www.securityweek.com/vulnerability-thales-product-could-expose-mill… ∗∗∗ Security Advisory - Denial of Service Vulnerability in SmartPhone Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200819-… ∗∗∗ Security Bulletin: Vulnerability identified in docker for Red Hat Enterprise Linux ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-identified-… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to IBM WebSphere Application Server Liberty vulnerabilities (CVE-2020-4303, CVE-2020-4304) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Elastic Storager Server GUI where authorised user can execute unauthorized function (CVE-2020-4378) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Private – OpenSSL (CVE-2019-1551) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to a Kubernetes vulnerability (CVE-2019-11254) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: Vulnerability in GNU gettext affects IBM Spectrum Protect Plus (CVE-2018-18751) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-gnu-gett… ∗∗∗ Security Bulletin: IBM Elastic Storage Server GUI is affected by cross-site scripting (CVE-2020-4358) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-serve… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-17573) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cloud Private ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.08.2020
by Daily end-of-shift report 18 Aug '20

18 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Montag 17-08-2020 18:00 − Dienstag 18-08-2020 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Cryptojacking worm steals AWS credentials from Docker systems ∗∗∗ --------------------------------------------- According to researchers at Cado Security this is the first-ever worm that comes with AWS credential theft functionality on top of run-of-the-mill cryptomining modules. This botnet uses already infected servers to execute an open-source masscan IP port scanner instance that scans for exposed Docker APIs (and Kubernetes systems as later discovered), installing itself in new containers on any misconfigured servers it finds. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cryptojacking-worm-steals-aw… ∗∗∗ E-Mail: Gefährliche Mailto-Links können Daten stehlen ∗∗∗ --------------------------------------------- Dieses Feature für Dateianhänge ist nicht Teil der Standardspezifikation für Mailto-Links. Es handelt sich um eine inoffizielle Erweiterung, die von einigen Mailprogrammen genutzt wird. Laut der Veröffentlichung wird das Feature in Kmail und Evolution unterstützt, die Standardmailprogramme der Linux-Desktopumgebungen KDE und Gnome. Auch IBM Notes unterstützen das Feature. Thunderbird ist zwar selbst nicht betroffen, kann aber verwundbar sein, wenn die Verarbeitung der Mailto-Links über das Tool xdg-open erfolgt. --------------------------------------------- https://www.golem.de/news/e-mail-gefaehrliche-mailto-links-koennen-daten-st… ∗∗∗ Pre-announcement of five BIND security issues scheduled for disclosure 20 August 2020 ∗∗∗ --------------------------------------------- We therefore are writing to inform you that the August BIND maintenance releases that will be released on Thursday, 20 August, contain patches for five separate vulnerabilities. Further details about the vulnerabilities will be publicly disclosed at the time the releases are published on Thursday. --------------------------------------------- https://lists.isc.org/pipermail/bind-announce/2020-August/001161.html ∗∗∗ Online- Anlagen- und Investitionsbetrug floriert ∗∗∗ --------------------------------------------- Laufend treten von Investitionsbetrug betroffene Konsumentinnen und Konsumenten an die Watchlist Internet heran. Die Methoden der Kriminellen sind dabei fast immer die gleichen. Erfundene Werbeschaltungen, hohe Gewinnversprechen und persönliche Betreuung verleiten die Opfer zu großen Investitionen. Im Endergebnis führt dies zu mitunter existenzbedrohenden Schadenssummen. --------------------------------------------- https://www.watchlist-internet.at/news/online-anlagen-und-investitionsbetru… ===================== = Vulnerabilities = ===================== ∗∗∗ Rocket.Chat Cross-Site Scripting leading to Remote Code Execution CVE-2020-15926 ∗∗∗ --------------------------------------------- A malicious user can send a specially crafted message either to a channel or in a direct message to another user which will result in executing JavaScript in the victim's browser or inside the desktop client when the victim will use the 'Reply in Thread' functionality. In the case of desktop clients cross-site scripting (XSS) vulnerability leads to a remote code execution (RCE) --------------------------------------------- https://blog.redteam.pl/2020/08/rocket-chat-xss-rce-cve-2020-15926.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (sane-backends), Fedora (kernel, LibRaw, and wob), openSUSE (balsa, hylafax+, postgresql, postgresql96, postgresql10, postgresql12, and postgresql96, postgresql10 and postgresql12), Oracle (.NET Core 3.1), Red Hat (bash and bind), SUSE (dovecot23, firefox, fwupd, postgresql10, postgresql12, python-azure-agent, and zabbix), and Ubuntu (ark, gnome-shell, libonig, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon, linux-gke-5.0, linux-oem-osp1 and software-properties). --------------------------------------------- https://lwn.net/Articles/829030/ ∗∗∗ Vulnerability Allowing Full Server Takeover Found in Concrete5 CMS ∗∗∗ --------------------------------------------- The issue was identified in Concrete5 version 8.5.2, which essentially allowed an attacker to modify site configuration and upload a PHP file onto the server, thus gaining arbitrary command execution capabilities. --------------------------------------------- https://www.securityweek.com/vulnerability-allowing-full-server-takeover-fo… ∗∗∗ Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update ∗∗∗ --------------------------------------------- Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could result in a number of security issues  --------------------------------------------- https://support.citrix.com/article/CTX276688 ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: IBM Elastic Storage Server is affected by a vulnerability where an unprivileged user could execute commands as root ( CVE-2020-4273) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-serve… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: IBM Elastic Storage Server GUI is affected by verbose error messages being displayed. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-serve… ∗∗∗ Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache… ∗∗∗ Security Bulletin: Incorrect permissions on IBM Spectrum Protect Plus agent files (CVE-2020-4631) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-incorrect-permissions-on-… ∗∗∗ Security Bulletin: A vulnerability in an older version of a Batik plugin that is included in IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-an-old… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Elastic Storage Server GUI where an unauthorised user can execute commands (CVE-2020-4348) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.08.2020
by Daily end-of-shift report 17 Aug '20

17 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 14-08-2020 18:00 − Montag 17-08-2020 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Microsoft fixes actively exploited Windows bug reported 2 years ago ∗∗∗ --------------------------------------------- Microsoft fixed a Windows security vulnerability two years after it was reported. This articles provides greater detail about the bug and how it works.(CVE-2020-1464) --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-fixes-actively-exp… ∗∗∗ Potential Apache Struts 2 RCE flaw fixed, PoCs released ∗∗∗ --------------------------------------------- Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability (CVE-2019-0230) and PoC exploits for it have been published. --------------------------------------------- https://www.helpnetsecurity.com/2020/08/17/cve-2019-0230/ ∗∗∗ RevoLTE: Telefonanrufe ließen sich trotz Verschlüsselung abhören ∗∗∗ --------------------------------------------- Sicherheitsforscher zeigen grundlegendes Defizit auf – Mobilfunker haben angeblich bereits nachgebessert --------------------------------------------- https://www.derstandard.at/story/2000119401327/revolte-telefonanrufe-liesse… ∗∗∗ Goodbye EmoCrash - Schwachstelle in Emotet gefixed ∗∗∗ --------------------------------------------- Eine Schwachstelle im Code von Emotet ("EmoCrash" genannt) wurde seit geraumer Zeit in der Security Community als Präventionsmaßnahme gegenEmotet Infektionen verteilt. Die bisher einer breiten Öffentlichkeit nicht bekannte Schwachstelle in der Installationsroutine von Emotet konnte wirksamen Schutz vor einer Infektion bieten, in dem ein Buffer Overflow im Code dieser Routine ausgenutzt wurde um Emotet abstürzen zu lassen. --------------------------------------------- https://cert.at/de/aktuelles/2020/8/godbye-emocrash-schwachstelle-in-emotet… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (squid3), Fedora (lilypond and python3), openSUSE (xen), SUSE (libreoffice, libvirt, webkit2gtk3, xen, and xerces-c), and Ubuntu (apache2). --------------------------------------------- https://lwn.net/Articles/828811/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dovecot, htmlunit, jruby, libetpan, lucene-solr, net-snmp, and posgresql-9.6), Fedora (firefox, nss, qt, and thunderbird), Mageia (glib-networking, mumble, webkit2, and znc), openSUSE (balsa, chromium, firejail, hylafax+, libreoffice, libX11, perl-XML-Twig, thunderbird, wireshark, and xrdp), Red Hat (libvncserver), SUSE (libvirt and perl-PlRPC), and Ubuntu (dovecot and salt). --------------------------------------------- https://lwn.net/Articles/828945/ ∗∗∗ Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential information disclosure id 177835 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-man… ∗∗∗ Security Bulletin: LDAP vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ldap-vulnerability-affect… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.08.2020
by Daily end-of-shift report 14 Aug '20

14 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 13-08-2020 18:00 − Freitag 14-08-2020 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Definition of overkill - using 130 MB executable to hide 24 kB malware, (Fri, Aug 14th) ∗∗∗ --------------------------------------------- One of our readers, Lukas, shared an unusual malicious executable with us earlier this week - one that was 130 MB in size. Making executables extremely large is not an uncommon technique among malware authors[1], as it allows them to easily avoid detection by most AV solutions, since the size of files which AVs will check is usually fairly low (tens of megabytes at most). --------------------------------------------- https://isc.sans.edu/diary/rss/26464 ∗∗∗ XCSSET: Mac-Malware infiziert Xcode-Projekte ∗∗∗ --------------------------------------------- Der Schädling setzt auf 0-day-Exploits, um Nutzerdaten zu klauen. Manipulierte Xcode-Projekte finden über Github Verbreitung, warnt eine Sicherheitsfirma. --------------------------------------------- https://heise.de/-4870987 ∗∗∗ Chrome extensions that lie about their permissions ∗∗∗ --------------------------------------------- Users have learned to review the list of permissions Chrome extensions require before installing them from the webstore. But whats the use if they lie to you? --------------------------------------------- https://blog.malwarebytes.com/puppum/2020/08/chrome-extensions-that-lie-abo… ∗∗∗ Vorsicht vor Handwerks-Notdiensten mit der Telefonnummer 06608643901! ∗∗∗ --------------------------------------------- Bei einem Wasserrohrbruch, einem Gasgebrechen oder bei einem Stromausfall, muss meist schnell eine Expertin oder ein Experte her. Für die Überprüfung eines Installations- oder Elektrik-Notdienstes bleibt da oft keine Zeit mehr. Das nützen unseriöse Unternehmen aus: Sie bieten online einen Notdienst an, kommen auch tatsächlich, aber stellen im Nachhinein viel zu überhöhte Kosten in Rechnung. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-handwerks-notdiensten-m… ∗∗∗ Mekotio: These aren’t the security updates you’re looking for… ∗∗∗ --------------------------------------------- Another in our occasional series demystifying Latin American banking trojans The post Mekotio: These aren’t the security updates you’re looking for… appeared first on WeLiveSecurity --------------------------------------------- https://www.welivesecurity.com/2020/08/13/mekotio-these-arent-the-security-… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Microsofts Multi-Faktor-Authentifizierung umgangen ∗∗∗ --------------------------------------------- Eigentlich sollten Microsofts Onlinedienste mit Fido-Stick und PIN geschützt sein - doch zwei Entwickler konnten die PIN-Abfrage umgehen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-microsofts-multi-faktor-authent… ∗∗∗ Critical Vulnerabilities Patched in Quiz and Survey Master Plugin ∗∗∗ --------------------------------------------- On July 17, 2020, our Threat Intelligence team discovered two vulnerabilities in Quiz and Survey Master (QSM), a WordPress plugin installed on over 30,000 sites. These flaws made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution, as well as delete arbitrary files like a site’s wp-config.php file [...] --------------------------------------------- https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime may affect Tivoli Netcool Performance Manager for Wireless,Oracle January 2020 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: jackson-databind (Publicly disclosed vulnerability) found in Network Performance Insight (CVE-2020-8840) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-publicly… ∗∗∗ Security Bulletin: Netcool Operations Insight – Cloud Native Event Analytics is affected by a International Components for Unicode (ICU) for C/C++ vulnerability (CVE-2020-10531) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insigh… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio July 2020 CPU plus deferred CVE-2019-2590 and CVE-2020-2601 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A vulnerability exists in the Event Streams 10.0.0 schema registry that allows unauthorised access to create, edit and delete schemas (CVE-2020-4662) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4589) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ Apache Struts: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0824 ∗∗∗ PostgreSQL: Mehrere Schwachstellen ermöglichen Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0825 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.08.2020
by Daily end-of-shift report 13 Aug '20

13 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 12-08-2020 18:00 − Donnerstag 13-08-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Avaddon: The Latest RaaS (Ransomware-as-a-Service) to Jump on the Extortion Bandwagon ∗∗∗ --------------------------------------------- As of August 8th, Avaddon ransomware authors launched an extortion site in an effort to further incentivize victims to pay the ransom. Tarik Saleh dissects this ransomware, analyzes victimology, and provides more details on the extortion site. --------------------------------------------- https://www.domaintools.com/resources/blog/avaddon-the-latest-raas-to-jump-… ∗∗∗ MMS Exploit Part 5: Defeating Android ASLR, Getting RCE ∗∗∗ --------------------------------------------- Posted by Mateusz Jurczyk, Project Zero. This post is the fifth and final of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-5-defeating… ∗∗∗ To the Brim at the Gates of Mordor Pt. 1, (Wed, Aug 12th) ∗∗∗ --------------------------------------------- Search & Analyze Mordor APT29 PCAPs with Brim --------------------------------------------- https://isc.sans.edu/diary/rss/26456 ∗∗∗ Color by numbers: inside a Dharma ransomware-as-a-service attack ∗∗∗ --------------------------------------------- Dharma, a family of ransomware first spotted in 2016, continues to be a threat to many organizations—especially small and medium-sized businesses. Part of the reason for its longevity is that its variants have become the basis for ransomware-as-a-service (RaaS) operations. --------------------------------------------- https://news.sophos.com/en-us/2020/08/12/color-by-numbers-inside-a-dharma-r… ∗∗∗ Attribution: A Puzzle ∗∗∗ --------------------------------------------- The attribution of cyber attacks is hard. It requires collecting diverse intelligence, analyzing it and deciding who is responsible. Rarely does the evidence available to researchers reach a level of proof that would be acceptable in a court of law. Nevertheless, the private sector rises to the challenge to attempt to associate cyber attacks to threat actors using the intelligence available to them. --------------------------------------------- https://blog.talosintelligence.com/2020/08/attribution-puzzle.html ∗∗∗ Kriminelle versuchen durch seriöse Programme Schadsoftware zu verbreiten! ∗∗∗ --------------------------------------------- Die meisten Menschen vertrauen bekannten Softwareherstellerinnen und -herstellern, wenn diese eine App, ein Programm oder ein anderes Produkt aktualisieren oder ein neues Produkt auf den Markt bringen. Doch genau dieses Vertrauen nutzen Kriminelle bei sogenannten „Supply-Chain-Angriffen“ aus. --------------------------------------------- https://www.watchlist-internet.at/news/kriminelle-versuchen-durch-serioese-… ===================== = Vulnerabilities = ===================== ∗∗∗ Amazon: Sicherheitslücke konnte Alexa-Sprachbefehle verraten ∗∗∗ --------------------------------------------- Mit einem präparierten Link konnte eine Sicherheitslücke in Amazons Infrastruktur ausgenutzt und auf fremde Alexa-Daten zugegriffen werden. --------------------------------------------- https://www.golem.de/news/amazon-sicherheitsluecke-konnte-alexa-sprachbefeh… ∗∗∗ Cybercriminals Are Infiltrating Netgear Routers with Ancient Attack Methods ∗∗∗ --------------------------------------------- It would be heartening to think that cybersecurity has advanced since the 1990s, but some things never change. Vulnerabilities that some of us first saw in 1996 are still with us. --------------------------------------------- https://www.tripwire.com/state-of-security/featured/cybercriminals-infiltra… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dovecot and roundcube), Fedora (python36), Gentoo (chromium), openSUSE (ark, firefox, go1.13, java-11-openjdk, libX11, wireshark, and xen), Red Hat (bind and kernel), SUSE (libreoffice and python36), and Ubuntu (dovecot and software-properties). --------------------------------------------- https://lwn.net/Articles/828683/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (linux-4.19, linux-latest-4.19, and openjdk-8) and Fedora (ark and hylafax+). --------------------------------------------- https://lwn.net/Articles/828744/ ∗∗∗ Security Advisory - Insufficient Authentication Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200812-… ∗∗∗ Security Advisory - Code Execution Vulnerability in Fastjson Affect Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200812-… ∗∗∗ Security Bulletin: Db2 vulnerabilities affect IBM Spectrum Protect Server (CVE-2020-4230, CVE-2020-4135, CVE-2020-4204, CVE-2020-4200) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-db2-vulnerabilities-affec… ∗∗∗ Security Bulletin: Security vulnerability has been identified in BigFix Platform shipped with IBM License Metric Tool. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-ha… ∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2020-9327) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlit… ∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2020-11655, CVE-2020-11656) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlit… ∗∗∗ Security Bulletin: Apache-Log4j (Publicly disclosed vulnerability) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-publicly-dis… ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server (CVE-2020-2593, CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to path traversal (CVE-2019-4582) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center and Client Management Service (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-webs… ∗∗∗ Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: A vulnerability in Faster-XML jackson databind affects IBM Operations Analytics Predictive Insights (CVE-2019-144892, CVE-2019-144893) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-faster… ∗∗∗ Sophos XG Firewall: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0823 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.08.2020
by Daily end-of-shift report 12 Aug '20

12 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 11-08-2020 18:00 − Mittwoch 12-08-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ CEO Fraud via WhatsApp und Sprachnachrichten ∗∗∗ --------------------------------------------- CEO Fraud läuft in den meisten bekannten Fällen via E-Mail ab: Kriminelle geben sich gegenüber MitarbeiterInnen mit Überweisungsrecht als CEO/CFO/etc. aus und verlangen, dass unverzüglich und ohne Rücksprache mit anderen eine hohe Summe auf ein Bankkonto (vorzugsweise im Ausland) transferiert werden muss, um einen extrem wichtigen Deal zu fixieren. --------------------------------------------- https://cert.at/de/aktuelles/2020/8/ceo-fraud-via-whatsapp-und-sprachnachri… ∗∗∗ Mobilfunk: LTE-Anrufe ließen sich trotz Verschlüsselung abhören ∗∗∗ --------------------------------------------- Je länger das Opfer in der Leitung bleibt, desto mehr lässt sich von vorherigen Gesprächen rekonstruieren. --------------------------------------------- https://www.golem.de/news/mobilfunk-lte-anrufe-liessen-sich-trotz-verschlue… ∗∗∗ Code Injection Schwachstelle in SAP Application Server ABAP – Solution Tools Plugin ST-PI ∗∗∗ --------------------------------------------- SAP ist einer der größten Anbieter für Unternehmenssoftware weltweit. Schwere Sicherheitslücken in SAP Produkten könnten sich gravierend auf die Sicherheit von Unternehmens-IT-Infrastrukturen auswirken. --------------------------------------------- https://sec-consult.com/blog/2020/08/code-injection-schwachstelle-in-sap-ap… ∗∗∗ FIDO2 for Microsoft Online Accounts / Azure AD ∗∗∗ --------------------------------------------- Nowadays a secure password doesnt necessarily mean your account is safe. --------------------------------------------- https://sec-consult.com/en/blog/2020/08/fido2-for-microsoft-online-accounts… ∗∗∗ Hunting for SQL injections (SQLis) and Cross-Site Request Forgeries (CSRFs) in WordPress Plugins ∗∗∗ --------------------------------------------- This is a detailed overview of the bugs found while reviewing the source code of WordPress plugins. I cover 3 reported vulnerabilities (CVE-2020–5766, CVE-2020–5767 and CVE-2020–5768) which can be exploited for information disclosure and sending forged emails. --------------------------------------------- https://medium.com/tenable-techblog/hunting-for-sql-injections-sqlis-and-cr… ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: Microsoft schließt aktiv ausgenutzte Windows- und Browser-Lücken ∗∗∗ --------------------------------------------- Zum Patch Tuesday hat Microsoft unter anderem zwei kritische Sicherheitslücken geschlossen, die bereits für Angriffe missbraucht wurden. --------------------------------------------- https://heise.de/-4868224 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firmware-nonfree, golang-github-seccomp-libseccomp-golang, and ruby-kramdown), Fedora (kernel, libmetalink, and nodejs), openSUSE (go1.13, perl-XML-Twig, and thunderbird), Oracle (kernel, libvncserver, and thunderbird), Red Hat (kernel-rt and python-paunch and openstack-tripleo-heat-templates), SUSE (dpdk, google-compute-engine, libX11, webkit2gtk3, xen, and xorg-x11-libX11), and Ubuntu (nss and samba). --------------------------------------------- https://lwn.net/Articles/828554/ ∗∗∗ QNX-2020-001 Vulnerability in slinger web server Impacts BlackBerry QNX Software Development Platform ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200812-… ∗∗∗ Security Advisory - Improper Interface Design Vulnerability in Huawei Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200812-… ∗∗∗ Security Advisory - Command Injection Vulnerability in FusionCompute ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200812-… ∗∗∗ Security Bulletin: Java vulnerabilities affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerabilities-affe… ∗∗∗ Security Bulletin: A vulnerability in jQuery affects IBM WIoTP MessageGateway (CVE-2020-7656) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-jquery… ∗∗∗ Security Bulletin: IBM i2 Analysts' Notebook and IBM i2 Analysts' Notebook Premium Memory vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analysts-notebook-… ∗∗∗ Security Bulletin: OpenSLP vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openslp-vulnerability-aff… ∗∗∗ Security Bulletin: Incorrect permissions on IBM Spectrum Protect Plus agent files (CVE-2020-4631) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-incorrect-permissions-on-… ∗∗∗ Security Bulletin: Vulnerabilities in Apache Camel's JMX, Apache Camel RabbitMQ and Apache Camel Netty affects IBM Operations Analytics Predictive Insights (CVE-2020-11971, CVE-2020-11972, CVE-2020-11973) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in jQuery affect IBM WIoTP MessageGateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Network Security (NSS) vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-network-security-nss-vuln… ∗∗∗ Security Bulletin: Vulnerabilities in Netty affect IBM Netcool Agile Service Manager (CVE-2020-7238) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in jQuery affect IBM WIoTP MessageGateway (CVE-2020-11023, CVE-2020-11022) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ IPAS: Security Advisories for August 2020 ∗∗∗ --------------------------------------------- https://blogs.intel.com/technology/2020/08/ipas-security-advisories-for-aug… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.08.2020
by Daily end-of-shift report 11 Aug '20

11 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Montag 10-08-2020 18:00 − Dienstag 11-08-2020 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Upgraded Agent Tesla malware steals passwords from browsers, VPNs ∗∗∗ --------------------------------------------- New variants of Agent Tesla remote access Trojan now come with modules dedicated to stealing credentials from applications including popular web browsers, VPN software, as well as FTP and email clients. --------------------------------------------- https://www.bleepingcomputer.com/news/security/upgraded-agent-tesla-malware… ∗∗∗ SBA phishing scams: from malware to advanced social engineering ∗∗∗ --------------------------------------------- SBA loan scams continue to make the rounds targeting small business owners, CEOS, and CFOs. --------------------------------------------- https://blog.malwarebytes.com/scams/2020/08/sba-phishing-scams-from-malware… ∗∗∗ Script-Based Malware: A New Attacker Trend on Internet Explorer ∗∗∗ --------------------------------------------- Script-based malware can be appealing for attackers who want the ability to quickly and easily develop new variants to evade detection. --------------------------------------------- https://unit42.paloaltonetworks.com/script-based-malware/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Acrobat and Reader (APSB20-48) and Adobe Lightroom (APSB20-51). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1908 ∗∗∗ vBulletin fixes ridiculously easy to exploit zero-day RCE bug ∗∗∗ --------------------------------------------- A simple one-line exploit has been published for a zero-day pre-authentication remote code execution (RCE) vulnerability in the vBulletin forum software. --------------------------------------------- https://www.bleepingcomputer.com/news/security/vbulletin-fixes-ridiculously… ∗∗∗ Kritische Updates für Citrix Endpoint Management ∗∗∗ --------------------------------------------- Insgesamt 5 Lücken schließt Citrix; wer eine eigene Installation betreibt, sollte schnell patchen. --------------------------------------------- https://heise.de/-4867952 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (pillow, ruby-kramdown, wpa, and xrdp), Fedora (ark and rpki-client), Gentoo (apache, ark, global, gthumb, and iproute2), openSUSE (chromium, grub2, java-11-openjdk, libX11, and opera), Red Hat (bind, chromium-browser, java-1.7.1-ibm, java-1.8.0-ibm, and libvncserver), SUSE (LibVNCServer, perl-XML-Twig, thunderbird, and xen), and Ubuntu (samba). --------------------------------------------- https://lwn.net/Articles/828476/ ∗∗∗ iCloud for Windows 11.3 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211294 ∗∗∗ iCloud for Windows 7.20 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT211295 ∗∗∗ SSA-809841: Buffer Overflow Vulnerability in Third-Party Component pppd ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-809841.txt ∗∗∗ SSA-786743: Code Injection Vulnerability in Advanced Reporting for Desigo CC and ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-786743.txt ∗∗∗ SSA-712518: Information Disclosure Vulnerability (Kr00k) in Industrial Wi-Fi ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-712518.txt ∗∗∗ SSA-388646: Local Privilege Escalation in Automation License Manager ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-388646.txt ∗∗∗ SSA-370042: Cross-Site-Scripting (XSS) in SICAM A8000 RTUs ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-370042.txt ∗∗∗ Security Bulletin: IBM Event Streams is affected by multiple Java vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: IBM Event Streams affected by multiple vulnerabilities in OpenSSL package ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-affecte… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Bind affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: IBM Event Streams is affected by multiple Node.js vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: JQuery as used by IBM QRadar Network Packet Capture is vulnerable to Cross Site Scripting (XSS) (CVE-2020-11023, CVE-2020-11022) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-by-ibm-qra… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: IBM Event Streams is affected by a vulnerability in Apache Commons Compress (CVE-2019-12402) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: IBM Event Streams is affected by a Java vulnerability (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affe… ∗∗∗ Security Bulletin: Information disclosure in WebSphere Liberty (CVE-2020-4329) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Libreswan affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ SAP Patchday August 2020 ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0800 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.08.2020
by Daily end-of-shift report 10 Aug '20

10 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 07-08-2020 18:00 − Montag 10-08-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ DDoS attacks in Q2 2020 ∗∗∗ --------------------------------------------- The second quarter is normally calmer than the first, but this year is an exception. The long-term downward trend in DDoS-attacks has unfortunately been interrupted, and this time we are witnessing an increase. --------------------------------------------- https://securelist.com/ddos-attacks-in-q2-2020/98077/ ∗∗∗ Scanning Activity Include Netcat Listener, (Sat, Aug 8th) ∗∗∗ --------------------------------------------- This activity started on the 5 July 2020 and has been active to this day only scanning against TCP port 81. The GET command is always the same except for the Netcat IP which has changed a few times since it started. If you have a webserver or a honeypot listening on TCP 81, this activity might be contained in your logs. --------------------------------------------- https://isc.sans.edu/diary/rss/26442 ∗∗∗ Scoping web application and web service penetration tests, (Mon, Aug 10th) ∗∗∗ --------------------------------------------- Before starting any penetration test, the most important part is to correctly scope it - this will ensure that both the clients expectations are fulfilled and that enough time is allocated to make sure that the penetration test is correctly performed. --------------------------------------------- https://isc.sans.edu/diary/rss/26448 ∗∗∗ Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts ∗∗∗ --------------------------------------------- A series of ongoing business email compromise (BEC) campaigns that uses spear-phishing schemes on Office 365 accounts has been seen targeting business executives of over 1,000 companies across the world since March 2020. The recent campaigns target senior positions in the United States and Canada. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/water-nue-campa… ∗∗∗ DEF CON 28: Introduction to ACARS ∗∗∗ --------------------------------------------- This post is a companion to the DEF CON 28 video available here: https://www.youtube.com/watch?v=NFS6qNAi0B8 What is ACARS? ACARS (Aircraft Communications Addressing and Reporting System, pronounced ‘ay-cars’) [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/introduction-to-acars/ ∗∗∗ Small and medium‑sized businesses: Big targets for ransomware attacks ∗∗∗ --------------------------------------------- Why are SMBs a target for ransomware-wielding gangs and what can they do to protect themselves against cyber-extortion? --------------------------------------------- https://www.welivesecurity.com/2020/08/07/small-medium-sized-businesses-big… ===================== = Vulnerabilities = ===================== ∗∗∗ Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28 ∗∗∗ --------------------------------------------- Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware as a sub-process of a trusted application. --------------------------------------------- https://thehackernews.com/2020/08/zoom-software-vulnerabilities.html ∗∗∗ TeamViewer: Fernwartungstool wies gefährliche Schwachstelle auf ∗∗∗ --------------------------------------------- Wer TeamViewer unter Windows länger nicht aktualisiert hat, sollte dies zügig nachholen: Eine Schwachstelle erlaubt(e) unter Umständen unbefugte Fernzugriffe. --------------------------------------------- https://heise.de/-4866337 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox, java-1.8.0-openjdk, java-11-openjdk, libvncserver, postgresql-jdbc, and thunderbird), Debian (firejail and gupnp), Fedora (cutter-re, postgresql-jdbc, radare2, and webkit2gtk3), openSUSE (chromium, firefox, kernel, and python-rtslib-fb), Oracle (container-tools:ol8, kernel, and nss and nspr), Scientific Linux (thunderbird), and SUSE (firefox, kernel, postgresql10 and postgresql12, python-ipaddress, and xen). --------------------------------------------- https://lwn.net/Articles/828309/ ∗∗∗ Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2020-4541) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-af… ∗∗∗ Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential information disclosure id 177835 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-man… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server July 2020 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Security vulnerability affects the Lifecycle Query Engine that is shipped with Jazz Reporting Service (CVE-2020-4533) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-af… ∗∗∗ Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential information disclosure id 177835 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-man… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Check Services (CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Security vulnerability affects the Lifecycle Query Engine that is shipped with Jazz Reporting Service (CVE-2020-4539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-af… ∗∗∗ Security Bulletin: Version 10.19.0 of Node.js included in IBM Netcool Operations Insight 1.6.0.x has several security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-version-10-19-0-of-node-j… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.08.2020
by Daily end-of-shift report 07 Aug '20

07 Aug '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 06-08-2020 18:00 − Freitag 07-08-2020 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücken: Millionen Smartphones mit Snapdragon-Chip verwundbar ∗∗∗ --------------------------------------------- Der DSP-Prozessor in den weit verbreiteten Snapdragon-Chips von Qualcomm enthält hunderte Sicherheitslücken. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-millionen-smartphones-mit-snap… ∗∗∗ Exploiting Android Messengers with WebRTC: Part 3 ∗∗∗ --------------------------------------------- Posted by Natalie Silvanovich, Project ZeroThis is a three-part series on exploiting messenger applications using vulnerabilities in WebRTC. CVE-2020-6514 discussed in the blog post was fixed on July 14 with these CLs.This series highlights what can go wrong when applications dont apply WebRTC patches and when the communication and notification of security issues breaks down. --------------------------------------------- https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messenger… ∗∗∗ Spam and phishing in Q2 2020 ∗∗∗ --------------------------------------------- In Q2 2020, the largest share of spam (51.45 percent) was recorded in April. The average percentage of spam in global email traffic was 50,18%, down by 4.43 percentage points from the previous reporting period. --------------------------------------------- https://securelist.com/spam-and-phishing-in-q2-2020/97987/ ∗∗∗ TA551 (Shathak) Word docs push IcedID (Bokbot), (Fri, Aug 7th) ∗∗∗ --------------------------------------------- I've been tracking malicious Word documents from the TA551 (Shathak) campaign This year, we've seen a lot of Valak malware from TA551, but in recent weeks this campaign has been pushing IcedID malware tp English-speaking targets. --------------------------------------------- https://isc.sans.edu/diary/rss/26438 ∗∗∗ Making the Most Out of WLAN Event Log Artifacts ∗∗∗ --------------------------------------------- If you have taken FOR500 (Windows Forensic Analysis) or utilize the FOR500 "Evidence of..." poster, you are probably familiar with the WLAN Event Log listed under the Network Activity/Physical Location section of the poster. This Windows event log (Microsoft-Windows-WLAN-AutoConfig/Operational) records wireless networks that a system has associated with as well as captures network characteristics that can be used for geolocation. In recent testing involving this artifact, a discovery was made that may have implications for investigators. I will outline a scenario that illustrates the issue and present artifacts to help solve it. --------------------------------------------- https://www.sans.org/blog/making-the-most-out-of-wlan-event-log-artifacts/ ∗∗∗ Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach ∗∗∗ --------------------------------------------- The FireEye Front Line Applied Research & Expertise (FLARE) Team attempts to always stay on top of the most current and emerging threats. As a member of the FLARE Reverse Engineer team, I recently received a request to analyze a fairly new credential stealer identified as MassLogger. Despite the lack of novel functionalities and features, this sample employs a sophisticated technique that replaces the Microsoft Intermediate Language (MSIL) at run time to hinder static analysis. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/08/bypassing-masslogger-an… ∗∗∗ Stuxnet 2.0: Forscher erwecken alten Security-Alptraum zu neuem Leben ∗∗∗ --------------------------------------------- Auf der Blackhat USA 2020 wiesen Forscher unter anderem auf eine Zero-Day-Lücke im Windows Druckerspoolerdienst hin. Ein Patch von Microsoft soll bald folgen. --------------------------------------------- https://heise.de/-4865010 ∗∗∗ Inter skimming kit used in homoglyph attacks ∗∗∗ --------------------------------------------- Threat actors load credit card skimmers using a known phishing technique called homoglyph attacks. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2020/08/inter-skimming-kit-us… ∗∗∗ WordPress Auto-Updates: What do you have to lose? ∗∗∗ --------------------------------------------- A new feature that will allow automatic updating of plugins and themes will be available in WordPress version 5.5, which is scheduled to be released on August 11, 2020. In this core release of the world’s most popular content management system, site owners will have the option to turn auto-updates on for individual plugins and themes directly from the WordPress admin dashboard. --------------------------------------------- https://www.wordfence.com/blog/2020/08/wordpress-auto-updates-what-do-you-h… ∗∗∗ Security Awareness is as valuable today as ever ∗∗∗ --------------------------------------------- A while ago I saw a tweet that initially angered me for many reasons, but then I thought about it and wondered how much effort do companies put in to awareness and training. --------------------------------------------- https://www.pentestpartners.com/security-blog/security-awareness-is-as-valu… ∗∗∗ Zahlreiche Fake-Shops locken mit günstigen Pools, Griller & Terrassenmöbel ∗∗∗ --------------------------------------------- Egal ob im eigenen Pool schwimmen, den Griller anheizen, die Pflanzen pflegen oder einfach auf der Terrasse die Sonne genießen. Sommerzeit ist Gartenzeit. Das sehen auch BetrügerInnen so. Denn derzeit melden LeserInnen der Watchlist Internet zahlreiche Fake-Shops mit Produkten für einen schönen Sommer im Garten. Schauen Sie daher lieber genau auf vermeintliche Online-Shops, die Ihnen günstige Pools, Griller, Terrassenmöbel oder Rasenmäher verkaufen wollen! --------------------------------------------- https://www.watchlist-internet.at/news/zahlreiche-fake-shops-locken-mit-gue… ∗∗∗ Upgrade unseres Ticketsystems 2020-08-07 ∗∗∗ --------------------------------------------- Viele unserer Prozesse laufen über ein Ticketsystem, in unserem Fall ist das RTIR. Es ist jetzt Zeit geworden, hier eine radikalere Umstellung zu machen: Neue Version (Und natürlich wurde prompt während der Testphase eine radikal neue herausgegeben. Seufz.) --------------------------------------------- https://cert.at/de/blog/2020/8/upgrade-unseres-ticketsystem-20200807 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (clamav and json-c), Fedora (python2, python36, and python37), Red Hat (thunderbird), Scientific Linux (thunderbird), SUSE (java-11-openjdk, kernel, rubygem-actionview-4_2, wireshark, xen, and xrdp), and Ubuntu (openjdk-8 and ppp). --------------------------------------------- https://lwn.net/Articles/828209/ ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: WebSphere MQ Internet Pass-Thru – CVE-2020-2654 (deferred from Oracle Jan 2020 CPU) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-internet-pas… ∗∗∗ Security Bulletin: Embedded WebSphere Application Server is vulnerable to a command execution vulnerability affect Content Collector for Email ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-applic… ∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-we… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Content Collector for Email is affected by a embedded WebSphere Application Server is vulnerable to a Information Disclosure vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-ema… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily