===================== = End-of-Day report = =====================
Timeframe: Freitag 25-09-2020 18:00 − Montag 28-09-2020 18:00 Handler: Stephan Richter Co-Handler: n/a
===================== = News = =====================
∗∗∗ Some Tyler Technologies Customers Targeted with The Installation of a Bomgar Client, (Mon, Sep 28th) ∗∗∗ --------------------------------------------- One of our readers, a Tyler Technologies's customer, reported to us that he found this morning the Bomgar client[1] (BeyondTrust) installed on one of his servers. There is an ongoing discussion on Reddit with the same kind of reports[2]. --------------------------------------------- https://isc.sans.edu/diary/rss/26610
∗∗∗ Magento Credit Card Stealing Malware: gstaticapi ∗∗∗ --------------------------------------------- Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information. To obtain sensitive details, the malware loads external javascript whenever the URL contains “checkout” — this location typically belongs to the step in Magento’s checkout process where users enter their sensitive credit card information and shipping details. --------------------------------------------- https://blog.sucuri.net/2020/09/magento-credit-card-stealing-malware-gstatic...
∗∗∗ Kostenloses Entschlüsselungstool für Erpressungstrojaner ThunderX ist da ∗∗∗ --------------------------------------------- Sicherheitsforscher haben einen Fehler in der Verschlüsselung durch die Ransomware ThunderX entdeckt und bieten nun Hilfe an. --------------------------------------------- https://heise.de/-4913470
===================== = Vulnerabilities = =====================
∗∗∗ Jetzt patchen! AgeLocker Ransomware hat es auf Qnap NAS abgesehen ∗∗∗ --------------------------------------------- Besitzer von Netzwerkspeichern (NAS) der Firma Qnap, sollten ihr Gerät aus Sicherheitsgründen auf den aktuellen Stand bringen. --------------------------------------------- https://heise.de/-4913513
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, libdbi-perl, linux-4.19, lua5.3, mediawiki, nfdump, openssl1.0, qt4-x11, qtbase-opensource-src, ruby-gon, and yaws), Fedora (f2fs-tools, grub2, libxml2, perl-DBI, singularity, xawtv, and xen), Mageia (cifs-utils, kio-extras, libproxy, mbedtls, nodejs, novnc, and pdns), openSUSE (bcm43xx-firmware, chromium, conmon, fuse-overlayfs, libcontainers-common, podman, firefox, libqt4, libqt5-qtbase, openldap2, ovmf, pdns, rubygem-actionpack-5_1, and [...] --------------------------------------------- https://lwn.net/Articles/832831/
∗∗∗ MediaWiki: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen, einen Cross-Site Scripting Angriff durchzuführen, Daten zu manipulieren oder weitere Angriffe mit nicht spezifizierten Auswirkungen durchzuführen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0923
∗∗∗ MediaWiki: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen oder Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0934
∗∗∗ Trend Micro Apex One: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann mehrere Schwachstellen in Trend Micro Apex One ausnutzen, um seine Privilegien zu erhöhen, Code zur Ausführung zu bringen und Informationen offenzulegen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0925
∗∗∗ F5 BIG-IP: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in F5 BIG-IP ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-0927
∗∗∗ Security Advisory - Buffer Overflow Vulnerability BootHole in GRUB2 Secure Boot ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200923-0...
∗∗∗ Security Bulletin: Insecure Use of InnerHTML or OuterHTML in IBM Enterprise Records ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-insecure-use-of-innerhtml-...
∗∗∗ Security Bulletin: Dynamically constructed href attribute in IBM Enterprise Records ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-dynamically-constructed-hr...
∗∗∗ Security Bulletin: Apache Commons Codec Vulnerability Affects IBM Control Center ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-codec-vulne...
∗∗∗ Security Bulletin: Multiple Java Vulnerabilities Impact IBM Control Center ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-java-vulnerabilit...
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to a Node.js lodash vulnerability (CVEID: 183560) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulne...
∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Private – OpenSSL (CVE-2019-1563, CVE-2019-1549, CVE-2019-1547) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-a...
∗∗∗ Security Bulletin: IBM Event Streams is affected by a Node.js http-proxy and lodash module vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affec...
∗∗∗ Security Bulletin: IBM Event Streams is affected by a vulnerability in the Go runtime (CVE-2020-16845) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affec...
∗∗∗ Security Bulletin: IBM Event Streams is affected by a Redis vulnerability (CVE-2020-14147) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affec...
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an Elasticsearch vulnerability (CVE-2019-7614) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulne...
∗∗∗ Security Bulletin: Publicly disclosed vulnerability from OpenSSH affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnera...
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to a Netty vulnerability (CVE-2020-11612) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulne...
∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Private – Logstash (CVE-2019-7620) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-a...
∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.12.0 ESR + CVE-2020-15664) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.2.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-o...
∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.12.0 ESR + CVE-2020-15659) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.2.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-o...
∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.12.0 ESR) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.2.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-o...
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Kibana vulnerabilities (CVE-2020-7015, CVE-2020-7013, CVE-2020-7012) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulne...
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to a Kubernetes vulnerability (CVEID: 182747) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulne...
∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Private – Node.js (CVE-2019-15605, CVE-2019-15606) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-a...