===================== = End-of-Day report = =====================

Timeframe: Montag 09-03-2020 18:00 − Dienstag 10-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner

===================== = News = =====================

∗∗∗ Microsoft Exchange Server Flaw Exploited in APT Attacks ∗∗∗ --------------------------------------------- The vulnerability in question (CVE-2020-0688) exists in the control panel of Exchange, Microsoft’s mail server and calendaring server, and was fixed as part of Microsoft’s February Patch Tuesday updates. However, researchers in a Friday advisory said that unpatched servers are being exploited in the wild by unnamed advanced persistent threat (APT) actors. --------------------------------------------- https://threatpost.com/microsoft-exchange-server-flaw-exploited-in-apt-attac...

∗∗∗ Variant of Paradise Ransomware Targets Office IQY Files ∗∗∗ --------------------------------------------- A new variant of the Paradise ransomware attacks rarely-targeted Microsoft Office Excel IQY files, providing a new and relatively inobtrusive way to infiltrate and hijack an organization’s network, researchers have found. --------------------------------------------- https://threatpost.com/variant-of-paradise-ransomware-targets-office-iqy-fil...

∗∗∗ How poor IoT security is allowing this 12-year-old malware to make a comeback ∗∗∗ --------------------------------------------- Conficker peaked in 2009, but unsupported connected devices are allowing it to spread in 2020 - and the healthcare sector is where its infected the most targets. --------------------------------------------- https://www.zdnet.com/article/how-poor-iot-security-is-allowing-this-ten-yea...

===================== = Vulnerabilities = =====================

∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libvpx and network-manager-ssh), Fedora (cacti, cacti-spine, and podman), openSUSE (chromium and python-bleach), Oracle (curl), Red Hat (ansible and qemu-kvm), SUSE (gd, ipmitool, and php7), and Ubuntu (runc and sqlite3). --------------------------------------------- https://lwn.net/Articles/814493/

∗∗∗ MISP: Mehrere Schwachstellen ermöglichen Cross-Site Scripting ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in MISP ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K20-0206

∗∗∗ SAP Security Patch Day – March 2020 ∗∗∗ --------------------------------------------- On 10th of March 2020, SAP Security Patch Day saw the release of 16 Security Notes. There are 2 updates to previously released Patch Day Security Notes. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305

*** Joomla Security Updates (Severity: low) *** --------------------------------------------- ∗ [20200306] - Core - SQL injection in Featured Articles menu parameters https://developer.joomla.org/security-centre/807-20200306-core-sql-injection... ∗ [20200304] - Core - Identifier collisions in com_users https://developer.joomla.org/security-centre/805-20200304-core-identifier-co... ∗ [20200305] - Core - Incorrect Access Control in com_fields SQL field https://developer.joomla.org/security-centre/806-20200305-core-incorrect-acc... ∗ [20200303] - Core - Incorrect Access Control in com_templates https://developer.joomla.org/security-centre/804-20200303-core-incorrect-acc... ∗ [20200302] - Core - XSS in Protostar and Beez3 https://developer.joomla.org/security-centre/803-20200302-core-xss-in-protos... ∗ [20200301] - Core - CSRF in com_templates image actions https://developer.joomla.org/security-centre/802-20200301-core-csrf-in-com-t...

∗∗∗ TYPO3-EXT-SA-2020-003: Multiple vulnerabilities in extension "Magalone Flipbook for TYPO3" (magaloneflipbook) ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2020-003

∗∗∗ TYPO3-EXT-SA-2020-002: Remote Code Execution in extension "PHPUnit" (phpunit) ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2020-002

∗∗∗ TYPO3-EXT-SA-2020-001: SQL Injection in extension "phpmyadmin" (phpmyadmin) ∗∗∗ --------------------------------------------- https://typo3.org/security/advisory/typo3-ext-sa-2020-001

∗∗∗ SSA-938930: Cross-Site Scripting Vulnerability in Spectrum Power™ 5 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-938930.txt

∗∗∗ SSA-508982: Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-508982.txt

∗∗∗ SSA-844761: Multiple Vulnerabilities in CCS, FTP and Streaming Services of SiNVR Video Management Solution ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-844761.txt

∗∗∗ Security Bulletin: Vulnerability in DCNM Network Management Software used by IBM c-type SAN directors and switches. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-dcnm-netw...

∗∗∗ Security Bulletin: Vulnerability in DCNM Network Management Software used by IBM c-type SAN directors and switches. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-dcnm-netw...

∗∗∗ Security Bulletin: An information disclosure vulnerability has been identified with the embedded Content Platform Engine component shipped with IBM Business Automation Workflow (CVE-2019-4572) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-an-information-disclosure-...

∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2019 – Includes Oracle Oct 2019 CPU minus CVE-2019-2949 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-ed...

∗∗∗ Security Bulletin: IBM Workload scheduler 9.3 vulnerable to CVE-2019-4608 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-workload-scheduler-9-3...