===================== = End-of-Day report = =====================
Timeframe: Freitag 18-12-2020 18:00 − Montag 21-12-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ Aktuelle Welle mit Ping-Anrufen ∗∗∗ --------------------------------------------- Die Rundfunk und Telekom Regulierungs-GmbH (RTR) erhält derzeit vermehrt Meldungen zu Ping-Anrufen aus dem Ausland. Die Anrufe kommen insbesondere aus Tunesien (+216), Abchasien (+79407), der Schweiz (+41748) und Uganda (+256). Hier darf nicht zurückgerufen oder abgehoben werden, denn dies kann hohe Kosten verursachen. --------------------------------------------- https://www.watchlist-internet.at/news/aktuelle-welle-mit-ping-anrufen/
∗∗∗ Gitpaste-12 worm botnet returns with 30+ vulnerability exploits ∗∗∗ --------------------------------------------- Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with over 30 vulnerability exploits, according to researchers at Juniper Labs. --------------------------------------------- https://www.bleepingcomputer.com/news/security/gitpaste-12-worm-botnet-retur...
∗∗∗ Hacker Dumps Crypto Wallet Customer Data; Active Attacks Follow ∗∗∗ --------------------------------------------- Customer data from a June attack against cryptocurrency wallet firm Ledger is now public and actively being used in attacks. --------------------------------------------- https://threatpost.com/ledger-dump-active-attacks-follow/162477/
===================== = Vulnerabilities = =====================
∗∗∗ ZDI-20-1452: (0Day) Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-20-1452/
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, influxdb, lxml, node-ini, php-pear, and postsrsd), Fedora (chromium, curl, firefox, matrix-synapse, mingw-jasper, phpldapadmin, and thunderbird), Mageia (openjpeg2), openSUSE (gcc7, openssh, PackageKit, python-urllib3, slurm_18_08, and webkit2gtk3), Oracle (fapolicydbug, firefox, nginx:1.16, nodejs:12, and thunderbird), Red Hat (libpq, openssl, and thunderbird), and SUSE (curl, firefox, openssh, ovmf, slurm_17_11, slurm_18_08, slurm_20_02, and [...] --------------------------------------------- https://lwn.net/Articles/840972/
∗∗∗ Authentication Bypass Vulnerability Patched in Bouncy Castle Library ∗∗∗ --------------------------------------------- A high-severity authentication bypass vulnerability was recently addressed in the Bouncy Castle cryptography library. Founded in 2000, the project represents a collection of APIs used in cryptography for both Java and C#, with a strong emphasis on standards compliance and adaptability. --------------------------------------------- https://www.securityweek.com/authentication-bypass-vulnerability-patched-bou...
∗∗∗ Treck TCP/IP Stack ∗∗∗ --------------------------------------------- This advisory contains mitigations for Heap-based Buffer Overflow, Out-of-bounds Read, and Out-of-bounds Write vulnerabilities in Trecks TCP/IP stack, which may also be known as Kasago TCP/IP, ELMIC, Net+ OS, Quadnet, GHNET v2, Kwiknet, or AMX. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-20-353-01
∗∗∗ December 21, 2020 TNS-2020-11 [R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2020-11
∗∗∗ HCL Domino und Notes: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1254
∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Denial of Service und Codeausführung ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K20-1252
∗∗∗ Security Bulletin: Information disclosure and Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4794 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-and...
∗∗∗ Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential logout session timeout (CVE-2020-4555) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-mana...
∗∗∗ Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential logout session timeout (CVE-2020-4555) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-mana...
∗∗∗ Security Bulletin: IBM MQ could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. (CVE-2020-4592) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-an-auth...
∗∗∗ Security Bulletin: Vulnerability in BIND affects AIX (CVE-2020-8622) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-affe...
∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by denial of service vulnerabilities (CVE-2020-5481, CVE-2020-4580, CVE-2020-4579) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affect...
∗∗∗ Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential logout session timeout (CVE-2020-4555) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-mana...
∗∗∗ Security Bulletin: Financial Transaction Manager for Corporate Payment Services v2.1.1 is affected by a potential logout session timeout (CVE-2020-4555) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-mana...