Daily

daily@lists.cert.at

1 participants
3249 discussions

Tageszusammenfassung - 19.05.2020
by Daily end-of-shift report 19 May '20

19 May '20

===================== = End-of-Day report = ===================== Timeframe: Montag 18-05-2020 18:00 − Dienstag 19-05-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ NXNSAttack: Effizienter Angriff auf Nameserver ∗∗∗ --------------------------------------------- Eine neue Form von Denial-of-Service-Angriff nutzt die DNS-Architektur, um mit wenig Aufwand viel Serverlast und Traffic zu erzeugen. --------------------------------------------- https://www.golem.de/news/nxnsattack-effizienter-angriff-auf-nameserver-200… ∗∗∗ Phishers are trying to bypass Office 365 MFA via rogue apps ∗∗∗ --------------------------------------------- Phishers are trying to bypass the multi-factor authentication (MFA) protection on users’ Office 365 accounts by tricking them into granting permissions to a rogue application. The app allows attackers to access and modify the contents of the victim’s account, but also to retain that access indefinitely, Cofense researchers warn. --------------------------------------------- https://www.helpnetsecurity.com/2020/05/19/office-365-bypass-mfa/ ∗∗∗ Hohe Kosten statt Krediten auf kreditvolks-online.com ∗∗∗ --------------------------------------------- Die betrügerische Website kreditvolks-online.com wirbt momentan mit günstigen Krediten um Kundschaft. Die Kriminellen hinter der Website missbrauchen dabei beispielsweise das Logo der Volksbank, der Bawag P.S.K., der Commerzbank oder der Deutsche Kreditbank AG, um Vertrauen zu stiften. Bevor angebliche Kredite ausgezahlt werden, müssen zahlreiche Gebühren bezahlt werden. Eine tatsächliche Auszahlung findet schlussendlich nie statt und alle Zahlungen sind verloren! --------------------------------------------- https://www.watchlist-internet.at/news/hohe-kosten-statt-krediten-auf-kredi… ∗∗∗ FBI warns about attacks on Magento online stores via old plugin vulnerability ∗∗∗ --------------------------------------------- FBI says hackers have been planting card skimmers on online stores by exploiting a 2017 bug in the MAGMI plugin. --------------------------------------------- https://www.zdnet.com/article/fbi-warns-about-attacks-on-magento-online-sto… ∗∗∗ Hundreds of thousands of QNAP devices vulnerable to remote takeover attacks ∗∗∗ --------------------------------------------- A firmware patch has been released last year, in November. --------------------------------------------- https://www.zdnet.com/article/hundreds-of-thousands-of-qnap-devices-vulnera… ===================== = Vulnerabilities = ===================== ∗∗∗ VU#534195: Bluetooth devices supporting LE and specific BR/EDR implementations are vulnerable to method confusion attacks ∗∗∗ --------------------------------------------- [...] It is possible for an unauthenticated, adjacent attacker to man-in-the-middle (MITM) attack the pairing process and force each victim device into a different Association Model, possibly granting the attacker the ability to initiate any Bluetooth operation on either attacked device. --------------------------------------------- https://kb.cert.org/vuls/id/534195 ∗∗∗ VU#647177: Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks ∗∗∗ --------------------------------------------- [...] It is possible for an unauthenticated, adjacent attacker to impersonate a previously paired/bonded device and successfully authenticate without knowing the link key. This could allow an attacker to gain full access to the paired device by performing a Bluetooth Impersonation Attack (BIAS). --------------------------------------------- https://kb.cert.org/vuls/id/647177 ∗∗∗ Sicherheitsupdate: Nitro PDF Pro könnte Daten leaken ∗∗∗ --------------------------------------------- Die Entwickler der PDF-Anwendung Nitro PDF Pro haben mehrere Sicherheitslücken geschlossen. --------------------------------------------- https://heise.de/-4724062 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dpdk and exim4), Fedora (openconnect, perl-Mojolicious, and php), Red Hat (kernel and kpatch-patch), Slackware (sane), and Ubuntu (bind9, dpdk, exim4, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-oem, linux-oracle, linux-snapdragon, and linux, linux-aws, linux-lts-xenial, linux-raspi2, linux-snapdragon). --------------------------------------------- https://lwn.net/Articles/820859/ ∗∗∗ F-Secure Linux Security: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/05/warn… ∗∗∗ LibreOffice: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/05/warn… ∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by a cross-site request forgery vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Solr (lucene) affect IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in WebSphere Application Server Liberty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio… ∗∗∗ Security Bulletin: InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-infosphere-information-se… ∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by a cross-site scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an SQLite vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged user to cause denial of service in kernal ( CVE-2020-4411) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an SQLite vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect B2B API of IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged user to cause denial of service( CVE-2020-4412) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Rowhammer hardware vulnerability CVE-2020-10255 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K60570139 ∗∗∗ Adobe Creative Cloud: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0476 ∗∗∗ Internet Systems Consortium BIND: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0474 ∗∗∗ Dovecot: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0479 ∗∗∗ Ruby on Rails: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0477 ∗∗∗ MISP: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0480 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.05.2020
by Daily end-of-shift report 18 May '20

18 May '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 15-05-2020 18:00 − Montag 18-05-2020 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Disruption on the horizon ∗∗∗ --------------------------------------------- [...] As cyber security professionals we are often caught in the wake of disruptive changes as a result of technology adoption (i.e. Cloud), changes in operational paradigms (i.e. DevOps), or regulatory/compliance developments (i.e. GDPR, CCPA, etc.). Recognizing this, how can we proactively identify such changes before they start to impact our operations? --------------------------------------------- https://cybersecurity.att.com/blogs/security-essentials/disruption-on-the-h… ∗∗∗ Antivirus & Multiple Detections, (Sun, May 17th) ∗∗∗ --------------------------------------------- "When a file contains more than one signature, for example EICAR and a real virus, what will the antivirus report?". --------------------------------------------- https://isc.sans.edu/diary/rss/26134 ∗∗∗ WordPress Malware Collects Sensitive WooCommerce Data ∗∗∗ --------------------------------------------- During a recent investigation, our team found malicious code that reveals how attackers are performing reconnaissance to identify if sites are actively using WooCommerce in a compromised hosting environment. These compromised websites are victims of the ongoing wave of exploits against vulnerable WordPress plugins. --------------------------------------------- https://blog.sucuri.net/2020/05/wordpress-malware-collects-sensitive-woocom… ∗∗∗ Evading Detection with Excel 4.0 Macros and the BIFF8 XLS Format ∗∗∗ --------------------------------------------- Abusing legacy functionality built into the Microsoft Office suite is a tale as old as time. One functionality that is popular with red teamers and maldoc authors is using Excel 4.0 Macros to embed standard malicious behavior in Excel files and then execute phishing campaigns with these documents. These macros, which are fully documented online, can make web requests, execute shell commands, access win32 APIs, and have many other capabilities which are desirable to malware authors. --------------------------------------------- https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ ∗∗∗ Mandrake Android Spyware Remained Undetected for 4 Years ∗∗∗ --------------------------------------------- Security researchers at Bitdefender have identified a highly sophisticated Android spyware platform that managed to remain undetected for four years. --------------------------------------------- https://www.securityweek.com/mandrake-android-spyware-remained-undetected-4… ∗∗∗ Ethical dilemmas with responsible disclosure ∗∗∗ --------------------------------------------- We do a LOT of disclosures, probably starting one a day on average. Between us, we spend a man day or so per week just managing disclosures. It creates pain [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/ethical-dilemmas-with-respons… ∗∗∗ The ProLock ransomware doesn’t tell you one important thing about decrypting your files ∗∗∗ --------------------------------------------- Have your computers been hit by the ProLock ransomware? You might want to read this before you pay any money to the criminals behind the attack. --------------------------------------------- https://www.grahamcluley.com/prolock-ransomware-decryption/ ===================== = Vulnerabilities = ===================== ∗∗∗ Critical WordPress plugin bug allows for automated takeovers ∗∗∗ --------------------------------------------- Attackers can exploit a critical vulnerability in the WP Product Review Lite plugin installed on over 40,000 WordPress sites to inject malicious code and potentially take over vulnerable websites. --------------------------------------------- https://www.bleepingcomputer.com/news/security/critical-wordpress-plugin-bu… ∗∗∗ PHOENIX CONTACT improper access control exists on FL NAT devices when using MAC-based port security (Update A) ∗∗∗ --------------------------------------------- [...] Update 2020-05-18: Firmware V2.90 is released and available for download. --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-020 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apache-log4j1.2, exim4, libexif, and openconnect), Fedora (chromium, condor, java-1.8.0-openjdk, java-1.8.0-openjdk-aarch32, mingw-ilmbase, mingw-OpenEXR, sleuthkit, and squid), Mageia (jbig2dec, libreswan, netkit-telnet, ntp, and suricata), openSUSE (mailman and nextcloud), SUSE (autoyast2, file, git, gstreamer-plugins-base, libbsd, libvirt, libvpx, libxml2, mailman, and openexr), and Ubuntu (dovecot and json-c). --------------------------------------------- https://lwn.net/Articles/820814/ ∗∗∗ WebKitGTK 2.29.1 released! ∗∗∗ --------------------------------------------- This is the first development release leading toward 2.30 series.What’s new in the WebKitGTK 2.29.1 release? Stop using GTK theming to render form controls. Add API to disable GTK theming for scrollbars too. Fix several race conditions and threading issues in the media player. Add USER_AGENT_BRANDING build option. Add paste as plain text option to the context menu for rich editable content. Fix several crashes and rendering issues. --------------------------------------------- https://webkitgtk.org/2020/05/18/webkitgtk2.29.1-released.html ∗∗∗ Cisco Firepower Detection Engine Secure Sockets Layer Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Bulletin: Vulnerabiliity in IBM Java shipped with IBM Transformation Extender Advanced (CVE-2018-12547) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabiliity-in-ibm-jav… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java shipped with IBM Transformation Extender Advanced (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple IBM Runtime Environments Java Technology Edition vulnerabilities affect IBM Transformation Extender ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-runtime-envi… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-1938) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-open-source-apache-tomcat… ∗∗∗ Security Bulletin: Vulnerability CVE-2020-4345 in SQL affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2020-43… ∗∗∗ Security Bulletin: Security vulnerability in WAS Liberty used by IBM Transformation Extender Advanced (CVE-2017-1681) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java shipped with IBM Transformation Extender Advanced ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: vulnerabilities in in IBM® Runtime Environment Java™ Version 8 affect IBM WIoTP MessageGateway (CVE-2020-2805, CVE-2020-2803, CVE-2020-2781, CVE-2020-2755, CVE-2020-2754) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-in-ibm… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect B2B API of IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Linux kernel vulnerability CVE-2019-20636 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K45501314 ∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0472 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.05.2020
by Daily end-of-shift report 15 May '20

15 May '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 14-05-2020 18:00 − Freitag 15-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ ProLock Ransomware teams up with QakBot trojan for network access ∗∗∗ --------------------------------------------- ProLock is a relatively new malware on the ransomware scene but has quickly attracted attention by targeting businesses and local governments and demanding huge ransoms for file decryption. --------------------------------------------- https://www.bleepingcomputer.com/news/security/prolock-ransomware-teams-up-… ∗∗∗ RATicate drops info stealing malware and RATs on industrial targets ∗∗∗ --------------------------------------------- Security researchers from Sophos have identified a hacking group that abused NSIS installers to deploy remote access tools (RATs) and information-stealing malware in attacks targeting industrial companies. --------------------------------------------- https://www.bleepingcomputer.com/news/security/raticate-drops-info-stealing… ∗∗∗ Angriffe auf Hochleistungsrechner: Waren es Krypto-Miner? ∗∗∗ --------------------------------------------- Zahlreiche Hochleistungsrechenzentren sind nach Angriffen vom Netz. Hinweise deuten auf Krypto-Mining, doch für den Chef des LRZ greift das zu kurz. --------------------------------------------- https://heise.de/-4722488 ∗∗∗ The Unattributable "db8151dd" Data Breach ∗∗∗ --------------------------------------------- I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer. Its about a data breach with almost 90GB of personal information in it across tens of millions of records - including mine. Heres what I know: [...] --------------------------------------------- https://www.troyhunt.com/the-unattributable-db8151dd-data-breach/ ∗∗∗ Erpressungsmails mit echtem Passwort im Umlauf ∗∗∗ --------------------------------------------- In letzter Zeit häufen sich Beschwerden von Internet-NutzerInnen zu Erpressungsmails. Die Erpresser geben dabei an, ein Masturbationsvideo von den Betroffenen zu besitzen und fordern dazu auf einen bestimmten Betrag in Form von Bitcoins zu bezahlen. Die AdressatInnen sind von dieser Masche besonders verunsichert, da die Hacker ein echtes Passwort als scheinbaren Beweis kennen. Doch es besteht kein Grund zur Sorge. Die Erpresser haben weder ihren Computer gehackt, noch belastendes Material [...] --------------------------------------------- https://www.watchlist-internet.at/news/erpressungsmails-mit-echtem-passwort… ∗∗∗ Mirai and Hoaxcalls Botnets Target Legacy Symantec Web Gateways ∗∗∗ --------------------------------------------- New Hoaxcalls and Mirai botnet campaigns found targeting end-of-life Symantec Secure Web Gateways via Remote Code Execution vulnerability.The post Mirai and Hoaxcalls Botnets Target Legacy Symantec Web Gateways appeared first on Unit42. --------------------------------------------- https://unit42.paloaltonetworks.com/hoaxcalls-mirai-target-legacy-symantec-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apt, inetutils, and log4net), Fedora (kernel, mailman, and viewvc), Gentoo (chromium, freerdp, libmicrodns, live, openslp, python, vlc, and xen), Oracle (.NET Core, container-tools:1.0, and kernel), Red Hat (kernel-rt), Scientific Linux (kernel), SUSE (kernel, libvirt, python-PyYAML, and syslog-ng), and Ubuntu (json-c). --------------------------------------------- https://lwn.net/Articles/820634/ ∗∗∗ Vulnerabilities in SoftPAC Virtual Controller Expose OT Networks to Attacks ∗∗∗ --------------------------------------------- Vulnerabilities discovered by a researcher at industrial cybersecurity firm Claroty in Opto 22’s SoftPAC virtual programmable automation controller (PAC) expose operational technology (OT) networks to attacks. --------------------------------------------- https://www.securityweek.com/vulnerabilities-softpac-virtual-controller-exp… ∗∗∗ Cisco Firepower Threat Defense Software Generic Routing Encapsulation Tunnel IPv6 Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Threat Defense Software VPN System Logging Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco MDS 9000 Series Switches Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Bulletin: Vulnerability in embedded IBM Websphere Application Server Liberty affects IBM Watson Compare and Comply for IBM Cloud Pak for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-embedded… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server April 2020 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities have been identified in OpenSSL, a product which ships with IBM Tivoli Nework Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting that affects Liberty for Java for IBM Cloud (CVE-2020-4303, CVE-2020-4304) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… ∗∗∗ PostgreSQL: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0471 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.05.2020
by Daily end-of-shift report 14 May '20

14 May '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 13-05-2020 18:00 − Donnerstag 14-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ COMpfun authors spoof visa application with HTTP status-based Trojan ∗∗∗ --------------------------------------------- In autumn 2019 we published a story about how a COMpfun successor known as Reductor infected files on the fly to compromise TLS traffic. Later in November 2019 we revealed a new Trojan using the same code base as COMPFun. --------------------------------------------- https://securelist.com/compfun-http-status-based-trojan/96874/ ∗∗∗ Patch Tuesday Revisited - CVE-2020-1048 isnt as "Medium" as MS Would Have You Believe, (Thu, May 14th) ∗∗∗ --------------------------------------------- Looking at our patch Tuesday list, I looked a bit closer at CE-2020-1048 (Print Spooler Privilege Escalation) and Microsoft&#;x26;#;39;s ratings for that one. Microsoft rated this as: --------------------------------------------- https://isc.sans.edu/diary/rss/26124 ∗∗∗ Danger zone! Brit research supercomputer ARCHERs login nodes exploited in cyber-attack, admins reset passwords and SSH keys ∗∗∗ --------------------------------------------- Assault on TOP500-listed machine may have hit Euro HPC too, warn sysops Updated One of Britains most powerful academic supercomputers has fallen victim to a "security exploitation" of its login nodes, forcing the rewriting of all user passwords and SSH keys.… --------------------------------------------- https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/13/uk_arche… ∗∗∗ Vulnerability in Google WordPress Plugin Grants Attacker Search Console Access ∗∗∗ --------------------------------------------- On April 21st, our Threat Intelligence team discovered a vulnerability in Site Kit by Google, a WordPress plugin installed on over 300,000 sites. This flaw allows any authenticated user, regardless of capability, to become a Google Search Console owner for any site running the Site Kit by Google plugin. We filed a security issue report ...Read MoreThe post Vulnerability in Google WordPress Plugin Grants Attacker Search Console Access appeared first on Wordfence. --------------------------------------------- https://www.wordfence.com/blog/2020/05/vulnerability-in-google-wordpress-pl… ===================== = Vulnerabilities = ===================== ∗∗∗ reCAPTCHA v3 - Critical - Access bypass - SA-CONTRIB-2020-019 ∗∗∗ --------------------------------------------- Project: reCAPTCHA v3Date: 2020-May-13Security risk: Critical 18∕25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypassDescription: The reCaptcha v3 module enables you to protect your forms using the Google reCaptcha V3.If the reCaptcha v3 challenge succeeds, all the other form validations are bypassed. This makes it possible for attackers to submit invalid or incomplete forms.This vulnerability only affects forms that are protected by reCaptcha v3 and have --------------------------------------------- https://www.drupal.org/sa-contrib-2020-019 ∗∗∗ Webform - Critical - Access bypass - SA-CONTRIB-2020-018 ∗∗∗ --------------------------------------------- Project: WebformDate: 2020-May-13Security risk: Critical 15∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: This webform module enables you to build a Term checkboxes element.The module doesnt sufficiently check term view access when rendering Term checkboxes elements. Unpublished terms will always appear in the Term checkboxes element.Solution: Install the latest version:If you use the Webform module for Drupal 8.x, upgrade to Webform --------------------------------------------- https://www.drupal.org/sa-contrib-2020-018 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apt and libreswan), Fedora (glpi, grafana, java-latest-openjdk, mailman, and oddjob), Oracle (container-tools:2.0, container-tools:ol8, kernel, libreswan, squid:4, and thunderbird), SUSE (apache2, grafana, and python-paramiko), and Ubuntu (apt and libexif). --------------------------------------------- https://lwn.net/Articles/820520/ ∗∗∗ Security Bulletin: Multiple vulnerabilities have been Identified In WebSphere Liberty Server shipped with IBM Global Mailbox ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in IBM MQ Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Multiple security vulnerabilities have been Identified In Jackson Databind library shipped with IBM Global Mailbox ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Information Disclosure Security Vulnerability Afftects IBM Stering B2B Integrator GPM Web App (CVE-2020-4299) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-se… ∗∗∗ Security Bulletin: Jackson-databind Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-20330) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-security… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jetty Affect IBM Sterling B2B Integrator (CVE-2018-12545, CVE-2019-10241) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Multiple memory corruption vulnerabilities in IBM i2 Analyst's Notebook and IBM i2 Analyst's Notebook Premium ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-memory-corruptio… ∗∗∗ Security Bulletin: Permission security vulnerability exists in IBM Sterling File Gateway (CVE-2020-4259) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-permission-security-vulne… ∗∗∗ Security Bulletin: IBM API Connect is impacted by vulnerabilities in PHP (CVE-2020-7069, CVE-2020-7059) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impact… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.05.2020
by Daily end-of-shift report 13 May '20

13 May '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 12-05-2020 18:00 − Mittwoch 13-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ US govt shares list of most exploited vulnerabilities since 2016 ∗∗∗ --------------------------------------------- US Government cybersecurity agencies and specialists today have released a list of the top 10 routinely exploited security vulnerabilities between 2016 and 2019. --------------------------------------------- https://www.bleepingcomputer.com/news/security/us-govt-shares-list-of-most-… ∗∗∗ Ramsay Malware Targets Air-Gapped Networks ∗∗∗ --------------------------------------------- The cyber-espionage toolkit is under active development. --------------------------------------------- https://threatpost.com/ramsay-malware-air-gapped-networks/155695/ ∗∗∗ Angreifer könnten Symantec Endpoint Protection als Sprungbrett nutzen ∗∗∗ --------------------------------------------- Symantecs Entwickler haben mehrere Sicherheitslücken in Endpoint Protection und Endpoint Protection Manager geschlossen. --------------------------------------------- https://heise.de/-4720697 ∗∗∗ Tinder-Bots betrügen mit scheinbarer Verifizierung ∗∗∗ --------------------------------------------- Internet-BetrügerInnen treiben auch auf Dating-Plattform ihr Unwesen und versuchen den Menschen durch Flirten Geld aus der Tasche zu ziehen. Bei einer dieser Betrugsmaschen geben Fake-Profile auf Tinder vor, dass sie sich sicherer fühlen würden, wenn sich das Tinder-Match verifizieren lässt. Das Opfer dieser Masche erhält einen Link dafür. Doch tatsächlich geht es dabei nicht darum, Vertrauen und Sicherheit vor einem Date herzustellen, [...] --------------------------------------------- https://www.watchlist-internet.at/news/tinder-bots-betruegen-mit-scheinbare… ===================== = Vulnerabilities = ===================== ∗∗∗ Unmittelbar Patchen: Kritische Schwachstelle in SAP® ABAP Systemen (CVE-2020-6262) ∗∗∗ --------------------------------------------- Das SEC Consult Vulnerability Lab hat eine kritische Code-Injection-Schwachstelle (CVE-2020-6262), mit einem CVSSv3 Score von 9.9, in SAP® Service Data Download (ein Teil des SAP® Solution Manager Plugin ST-PI), identifiziert. --------------------------------------------- https://www.sec-consult.com/./blog/2020/05/unmittelbar-patchen-kritische-sc… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (java-1.8.0-openjdk and seamonkey), Gentoo (firefox, lrzip, qemu, squid, and thunderbird), Oracle (thunderbird), Red Hat (buildah, kernel, kernel-alt, kernel-rt, kpatch-patch, podman, python-pip, python-virtualenv, and qemu-kvm), Scientific Linux (kernel), Slackware (mariadb), SUSE (openconnect), and Ubuntu (file, firefox, iproute2, pulseaudio, and squid, squid3). --------------------------------------------- https://lwn.net/Articles/820409/ ∗∗∗ Mai-Patchday: Microsoft schließt 111 Sicherheitslücken ∗∗∗ --------------------------------------------- Es ist der drittgrößte Patchday in der Geschichte des Unternehmens. Anfällig sind unter anderem Windows, SharePoint, Edge und Internet Explorer. Eine Lücke in Windows erlaubt sogar eine Remotecodeausführung mit erweiterten Benutzerrechten. --------------------------------------------- https://www.zdnet.de/88379702/mai-patchday-microsoft-schliesst-111-sicherhe… ∗∗∗ Security Advisory - Out of Bounds Read Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200513-… ∗∗∗ Security Advisory - Integer Overflow Vulnerability in Android affects Several Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200513-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200513-… ∗∗∗ Security Bulletin: [All] Apache Tomcat (core only) (Publicly disclosed vulnerability) CVE-2020-1935, CVE-2019-17569 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-all-apache-tomcat-core-on… ∗∗∗ Security Bulletin: Security Vulnerabilities in IBM® Java SDK Oct 2019 and Jan 2020 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in IBM WebSphere Application Server Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-cast-iron-s… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Information Disclosure Security Vulnerability Exists in IBM Sterling B2B Integrator (CVE-2020-4312) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-se… ∗∗∗ FreeBSD: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0453 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.05.2020
by Daily end-of-shift report 12 May '20

12 May '20

===================== = End-of-Day report = ===================== Timeframe: Montag 11-05-2020 18:00 − Dienstag 12-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Astaroth’s New Evasion Tactics Make It ‘Painful to Analyze’ ∗∗∗ --------------------------------------------- The infostealer has gone above and beyond in its new anti-analysis and obfuscation tactics. --------------------------------------------- https://threatpost.com/astaroths-evasion-tactics-painful-analyze/155633/ ∗∗∗ Anubis Malware Upgrade Logs When Victims Look at Their Screens ∗∗∗ --------------------------------------------- Threat actors are cooking up new features for the sophisticated banking trojan that targets Google Android apps and devices. --------------------------------------------- https://threatpost.com/anubis-malware-upgrade-victims-screens/155644/ ∗∗∗ Analyzing Dark Crystal RAT, a C# backdoor ∗∗∗ --------------------------------------------- [...] The FLARE Team helps augment our threat intelligence by reverse engineering malware samples. Recently, FLARE worked on a new C# variant of Dark Crystal RAT (DCRat) that the threat intel team passed to us. We reviewed open source intelligence and prior work, performed sandbox testing, and reverse engineered the Dark Crystal RAT to review its capabilities [...] --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/05/analyzing-dark-crystal-… ∗∗∗ Profilbesuche auf Facebook erkennen – Geht das? ∗∗∗ --------------------------------------------- Auf Facebook kursiert momentan ein Link, der es angeblich ermöglicht, Profilzugriffe anzuzeigen. Das macht natürlich neugierig. Doch Vorsicht: Sie landen auf einer Phishing-Seite! Kriminelle greifen Ihre Facebook-Login-Daten ab und posten betrügerische Beiträge in Ihrem Namen. Und: Facebook bietet kein Tool an, dass Ihnen anzeigt, wer auf Ihrem Profil war. --------------------------------------------- https://www.watchlist-internet.at/news/profilbesuche-auf-facebook-erkennen-… ∗∗∗ Rückblick auf das erste Drittel 2020 ∗∗∗ --------------------------------------------- Jänner: BMEIA, Shitrix, BlueGate – ein besinnlicher Jahresbeginn Februar: Die (fast) letzten Augenblicke von TLS März und April: COVID-19 oder "Im Cyber nix neues" --------------------------------------------- https://cert.at/de/blog/2020/5/ruckblick-auf-das-erste-drittel-2020 ===================== = Vulnerabilities = ===================== ∗∗∗ Adobe fixes critical vulnerabilities in Acrobat, Reader, and DNG SDK ∗∗∗ --------------------------------------------- Adobe has released security updates for Adobe Acrobat, Reader, and Adobe DNG Software Development Kit that resolve a combined total of thirty-six security vulnerabilities in the three products. --------------------------------------------- https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-vulnera… ∗∗∗ Siemens SSA-352504: Urgent/11 TCP/IP Stack Vulnerabilities in Siemens Power Meters ∗∗∗ --------------------------------------------- Siemens low & high voltage power meters are affected by multiple security vulnerabilities due to the underlying Wind River VxWorks network stack. This stack is affected by eleven vulnerabilities known as the "URGENT/11". --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-352504.txt ∗∗∗ TYPO3 Core version 10.4.2 fixes multiple vulnerabilities ∗∗∗ --------------------------------------------- TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface --------------------------------------------- https://typo3.org/help/security-advisories/typo3-cms ∗∗∗ TYPO3 - vulnerabilities in multiple extensions - 2020-05-12 ∗∗∗ --------------------------------------------- TYPO3-EXT-SA-2020-004: SQL Injection in extension "phpMyAdmin" (phpmyadmin) TYPO3-EXT-SA-2020-005: Multiple vulnerabilities in extension "Direct Mail" (direct_mail) TYPO3-EXT-SA-2020-006: Broken Access Control in extension "gForum" (g_forum) TYPO3-EXT-SA-2020-007: Sensitive Data Exposure in extension "Job Fair" (jobfair) TYPO3-EXT-SA-2020-008: Cross-Site Scripting in "SVG Sanitizer" (svg_sanitizer) --------------------------------------------- https://typo3.org/help/security-advisories/typo3-extensions ∗∗∗ Sicherheitspatches: Online-Foren über vBulletin-Lücke attackierbar ∗∗∗ --------------------------------------------- Es sind mehrere abgesicherte Version der Foren-Software vBulletin erschienen. --------------------------------------------- https://heise.de/-4719217 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (a2ps and qutebrowser), openSUSE (cacti, cacti-spine, ghostscript, and python-markdown2), Oracle (kernel), Red Hat (chromium-browser, libreswan, and qemu-kvm-ma), Scientific Linux (thunderbird), and SUSE (kernel and libvirt). --------------------------------------------- https://lwn.net/Articles/820307/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/2020/05/ ∗∗∗ Bitdefender Antivirus: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0441 ∗∗∗ Exim: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0444 ∗∗∗ Symantec Endpoint Protection: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0443 ∗∗∗ SAP Patchday Mai 2020 ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0442 ∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0449 ∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Manipulation von Dateien ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0448 ∗∗∗ F5 BIG-IP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0445 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.05.2020
by Daily end-of-shift report 11 May '20

11 May '20

===================== = End-of-Day report = ===================== Timeframe: Freitag 08-05-2020 18:00 − Montag 11-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sodinokibi ransomware can now encrypt open and locked files ∗∗∗ --------------------------------------------- The Sodinokibi (REvil) ransomware has added a new feature that makes it easier to encrypt all files, even those that are opened and locked by another process. --------------------------------------------- https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-can-no… ∗∗∗ Thunderspy: Nicht patchbare Sicherheitslücken in Thunderbolt ∗∗∗ --------------------------------------------- Mit einem Schraubendreher und einem SPI-Programmer lassen sich zentrale Sicherheitsfunktionen von Thunderbolt deaktivieren. --------------------------------------------- https://www.golem.de/news/thunderspy-nicht-patchbare-sicherheitsluecken-in-… ∗∗∗ Sphinx Malware Returns to Riddle U.S. Targets ∗∗∗ --------------------------------------------- The banking trojan has upgraded and is seeing a resurgence on the back of coronavirus stimulus payment themes. --------------------------------------------- https://threatpost.com/sphinx-riddle-us-targets-modifications/155621/ ∗∗∗ Lieferzeiten & Zahlung beim Online-Shopping: Das sind Ihre Rechte ∗∗∗ --------------------------------------------- Der Watchlist Internet werden in letzter Zeit vermehrt Online-Shops gemeldet, die zwar nicht unbedingt Fake-Shops sind, sich jedoch durch verzögerte Lieferzeiten nicht an geltende Gesetze halten. Aber welche Rechte haben Sie als Konsumentin oder Konsument eigentlich? Was können Sie machen, wenn sich ein Online-Shop nicht an die vereinbarte Lieferzeit hält? Wann müssen Sie Bestellungen bezahlen? Wie können Sie Ihre Rechte geltend machen? --------------------------------------------- https://www.watchlist-internet.at/news/lieferzeiten-zahlung-beim-online-sho… ∗∗∗ Intel und Microsoft entwickeln Deep-Learning-Technik zur Malware-Analyse ∗∗∗ --------------------------------------------- Das Stamina genannte Projekt wandelt Dateien in Graustufen-Bilder um. Microsoft analysiert die Bilder auf Textur- und Struktur-Muster. Bei Tests erreicht das System eine Genauigkeit von mehr als 99 Prozent. --------------------------------------------- https://www.zdnet.de/88379578/intel-und-microsoft-entwickeln-deep-learning-… ===================== = Vulnerabilities = ===================== ∗∗∗ Vulnerabilities Patched in Page Builder by SiteOrigin Affects Over 1 Million Sites ∗∗∗ --------------------------------------------- On Monday, May 4, 2020, the Wordfence Threat Intelligence team discovered two vulnerabilities present in Page Builder by SiteOrigin, a WordPress plugin actively installed on over 1,000,000 sites. Both of these flaws allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser. --------------------------------------------- https://www.wordfence.com/blog/2020/05/vulnerabilities-patched-in-page-buil… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium and firefox), Debian (libntlm, squid, thunderbird, and wordpress), Fedora (chromium, community-mysql, crawl, roundcubemail, and xen), Mageia (chromium-browser-stable), openSUSE (chromium, firefox, LibVNCServer, openldap2, opera, ovmf, php7, python-PyYAML, rpmlint, rubygem-actionview-5_1, slirp4netns, sqliteodbc, squid, thunderbird, and webkit2gtk3), Oracle (firefox, git, gnutls, kernel, libvirt, squid, and targetcli), Red Hat [...] --------------------------------------------- https://lwn.net/Articles/820196/ ∗∗∗ VMware to Patch Recent Salt Vulnerabilities in vROps ∗∗∗ --------------------------------------------- VMware is working on patches for its vRealize Operations Manager (vROps) product to fix two recently disclosed Salt vulnerabilities that have already been exploited to hack organizations. read more --------------------------------------------- https://www.securityweek.com/vmware-patch-recent-salt-vulnerabilities-vrops ∗∗∗ Data leak, phishing security flaws disclosed in Oracle iPlanet Web Server ∗∗∗ --------------------------------------------- Security patches will not be issued to fix the problems. --------------------------------------------- https://www.zdnet.com/article/data-leak-phishing-security-flaws-exposed-in-… ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200506-… ∗∗∗ Security Bulletin: CVE-2019-4667 Lack of Built in HSTS option ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4667-lack-of-bui… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-12406) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-4720) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: A Security Vulnerability in IBM Java Runtime affects IBM Cloud Private (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Private – Node.js (CVE-2019-15605, CVE-2019-15606) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-cast-iron-s… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-17495) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cloud Private ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.05.2020
by Daily end-of-shift report 08 May '20

08 May '20

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 07-05-2020 18:00 − Freitag 08-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Blue Mockingbird Monero-Mining Campaign Exploits Web Apps ∗∗∗ --------------------------------------------- The cybercriminals are using a deserialization vulnerability, CVE-2019-18935, to achieve remote code execution before moving laterally through the enterprise. --------------------------------------------- https://threatpost.com/blue-mockingbird-monero-mining/155581/ ∗∗∗ Navigating the MAZE: Tactics, Techniques and Procedures Associated WithMAZE Ransomware Incidents ∗∗∗ --------------------------------------------- Targeted ransomware incidents have brought a threat of disruptive and destructive attacks to organizations across industries and geographies. FireEye Mandiant Threat Intelligence has previously documented this threat in our investigations of trends across ransomware incidents, FIN6 activity, implications for OT networks, and other aspects of post-compromise ransomware deployment. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-proc… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, salt, and webkit2gtk), Fedora (firefox, mingw-gnutls, nss, and teeworlds), Mageia (firefox, libvncserver, matio, qt4, roundcubemail, samba, thunderbird, and vlc), Oracle (firefox and squid), SUSE (firefox, ghostscript, openldap2, rmt-server, syslog-ng, and webkit2gtk3), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/819969/ ∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0436 ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerabilities exist in IBM Data Risk Manager (CVE-2020-4427, CVE-2020-4428, CVE-2020-4429, and CVE-2020-4430) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-exist-in-… ∗∗∗ Security Bulletin: Security vulnerabilities in Dojo and jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple security vulnerabilities in Swagger UI affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.05.2020
by Daily end-of-shift report 07 May '20

07 May '20

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 06-05-2020 18:00 − Donnerstag 07-05-2020 18:00 Handler: n/a Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Gefährliche Schadsoftware-Mail im Namen von A1 ∗∗∗ --------------------------------------------- Nehmen Sie sich vor einer gefälschten A1-Mail mit dem Betreff *Wichtige Mitteilung* in Acht. Es handelt sich um eine Nachricht, die von Kriminellen verschickt wird, die Schadsoftware auf Ihrem Smartphone installieren wollen. Wenn Sie den Aufforderungen nachkommen, können die VerbrecherInnen sensible Daten von Ihrem Mobiltelefon stehlen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaehrliche-schadsoftware-mail-im-n… ∗∗∗ Large scale Snake Ransomware campaign targets healthcare, more ∗∗∗ --------------------------------------------- The operators of the Snake Ransomware have launched a worldwide campaign of cyberattacks that have infected numerous businesses and at least one health care organization over the last few days. --------------------------------------------- https://www.bleepingcomputer.com/news/security/large-scale-snake-ransomware… ∗∗∗ Cisco Webex phishing uses fake cert errors to steal credentials ∗∗∗ --------------------------------------------- A highly convincing series of phishing attacks are using fake certificate error warnings with graphics and formatting lifted from Cisco Webex emails to steal users account credentials. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisco-webex-phishing-uses-fa… ∗∗∗ Keep your IR on the Ball ∗∗∗ --------------------------------------------- Even with the myriad of security tools we have at our disposal today, cybercriminals are still able to penetrate our networks. Is it really necessary to have a Cyber Incident Response Plan in place? --------------------------------------------- https://www.domaintools.com/resources/blog/keep-your-ir-on-the-ball ∗∗∗ How a favicon delivered a web credit card skimmer to victims ∗∗∗ --------------------------------------------- Cyber crooks deploying web credit card skimmers on compromised Magento websites have a new trick up their sleeve: favicons that “turn” malicious when victims visit a checkout page. --------------------------------------------- https://www.helpnetsecurity.com/2020/05/07/favicons-card-skimmers/ ∗∗∗ Combined Attack on Elementor Pro and Ultimate Addons for Elementor Puts 1 Million Sites at Risk ∗∗∗ --------------------------------------------- On May 6, 2020, our Threat Intelligence team received reports of active exploitation of vulnerabilities in two related plugins, Elementor Pro and Ultimate Addons for Elementor. We have reviewed the log files of compromised sites to confirm this activity. As this is an active attack, we wanted to alert you so that you can take [...] --------------------------------------------- https://www.wordfence.com/blog/2020/05/combined-attack-on-elementor-pro-and… ===================== = Vulnerabilities = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB20-24) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB20-24) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, May 12, 2020. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well as the Adobe PSIRT Blog. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1869 ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- Cisco has released 34 Security Advisories for multiple products on 2020-05-06. 12 rated "High" 22 rated "Medium" --------------------------------------------- https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&first… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, keystone, mailman, and tomcat9), Fedora (ceph, firefox, java-1.8.0-openjdk, libldb, nss, samba, seamonkey, and suricata), Oracle (kernel), Scientific Linux (firefox and squid), SUSE (libvirt, php7, slirp4netns, and webkit2gtk3), and Ubuntu (linux-firmware and openldap). --------------------------------------------- https://lwn.net/Articles/819761/ ∗∗∗ For six years Samsung smartphone users have been at risk from critical security bug. Patch now ∗∗∗ --------------------------------------------- Samsung has released a security update for its popular Android smartphones which includes a critical fix for a vulnerability that affects all devices sold by the manufacturer since 2014. --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/six-yea… ∗∗∗ Joomla: Schwachstelle ermöglicht SQL-Injection ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0425 ∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0424 ∗∗∗ [webapps] Draytek VigorAP 1000C - Persistent Cross-Site Scripting ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/48436 ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics Subscription ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Node.js affects IBM App Connect Enterprise V11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability CVE-2020-8492 in Python affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2020-84… ∗∗∗ Security Bulletin: Vulnerability CVE-2019-18348 in Python affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2019-18… ∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-2949-may-affect-… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics Subscription ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssh-… ∗∗∗ Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2019-1551 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-for-hp-nonst… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.05.2020
by Daily end-of-shift report 06 May '20

06 May '20

===================== = End-of-Day report = ===================== Timeframe: Dienstag 05-05-2020 18:00 − Mittwoch 06-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Vorsicht: Betrügerische FinanzOnline E-Mails im Umlauf ∗∗∗ --------------------------------------------- „Ihre Steuerrückerstattung von 1.850 EUR wurde zurückerstattet“ heißt es in einer E-Mail, angeblich vom Finanzamt. Doch Vorsicht: Dieses E-Mail stammt nicht vom Finanzamt, sondern von Kriminellen. Klicken Sie keinesfalls auf den Link, Sie landen auf einer gefälschten FinanzOnline-Seite. Kriminelle stehlen mit dieser nachgebauten FinanzOnline-Website sensible Daten! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-betruegerische-finanzonline… ∗∗∗ Least Privilege: The Most Effective Approach to Endpoint Security ∗∗∗ --------------------------------------------- I always try to remind people that the principle of least privilege is not just about security, but about productivity as well. I have multiple customers who have decreased the number of tickets to their service desk by a whopping 75% by getting rid of end-user admin rights. --------------------------------------------- https://www.beyondtrust.com/blog/entry/least-privilege-the-most-effective-a… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libmicrodns and salt), Debian (graphicsmagick, salt, sqlite3, and wordpress), Fedora (java-11-openjdk), openSUSE (chromium and sqliteodbc), Red Hat (firefox, squid, and squid:4), Slackware (firefox and thunderbird), SUSE (ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, [...] --------------------------------------------- https://lwn.net/Articles/819600/ ∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Private – Go (CVE-2019-16276) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM Maximo Anywhere does not have device jailbreak detection. (CVE-2019-4266) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-anywhere-does-… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect for Enterprise Resource Planning on Windows (CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Information disclosure vulnerability affecting IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4446 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: Potential spoofing attack in Webshere Application Server (CVE-2020-4421) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-spoofing-attack… ∗∗∗ Security Bulletin: IBM InfoSphere QualityStage is affected by a Cross-site scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-qualitysta… ∗∗∗ HPESBHF03966 rev.1 - HPE Servers with certain Intel Core and Xeon Processors System Memory Management (SMM), Local Disclosure of Privileged Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03934 rev.1 - HPE CloudLIne servers using AMI BMC Remote Unauthorized Disclosure of Information, Unauthorized Modification and Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03961 rev.1 - Certain HPE Servers with 6th Generation Intel Core Processors and greater supporting SGX and TXT, Local Disclosure of Privileged Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily