[CERT-daily] Tageszusammenfassung - 01.04.2020

Daily end-of-shift report team at cert.at
Wed Apr 1 18:18:29 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 31-03-2020 18:00 − Mittwoch 01-04-2020 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Zoom Lets Attackers Steal Windows Credentials via UNC Links ∗∗∗
---------------------------------------------
The Zoom Windows client is vulnerable to UNC path injection in the clients chat feature that could allow attackers to steal the Windows credentials of users who click on the link.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/zoom-lets-attackers-steal-windows-credentials-via-unc-links/


∗∗∗ WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers ∗∗∗
---------------------------------------------
[...] Named "Vollgar" after the Vollar cryptocurrency it mines and its offensive "vulgar" modus operandi, researchers at Guardicore Labs said the attack employs password brute-force to breach Microsoft SQL servers with weak credentials exposed to the Internet.
---------------------------------------------
https://thehackernews.com/2020/04/backdoor-.html


∗∗∗ WordPress-SEO-Plugin Rank Math: Admin-Lücke gefährdet Websites ∗∗∗
---------------------------------------------
Eine kritische Sicherheitslücke mit Höchstwertung im WordPress-Plugin Rank Math kann Angreifer zu Admins machen. Ein Update ist verfügbar.
---------------------------------------------
https://heise.de/-4694641


∗∗∗ Kleinanzeigenbetrug: So funktioniert der Dreiecksbetrug ∗∗∗
---------------------------------------------
Ebay, Willhaben, Shpock und Co. sind beliebt, um günstige und gebrauchte Ware zu kaufen oder nicht mehr gebrauchte Gegenstände zu verkaufen. Doch auch Kriminelle fühlen sich auf diesen Kleinanzeigenportalen wohl, da sie die Anonymität im Internet gezielt nutzen können. Eine besonders perfide Betrugsfalle in diesem Bereich ist der „Dreiecksbetrug“. Hier werden sowohl KäuferInnen als auch VerkäuferInnen abgezockt.
---------------------------------------------
https://www.watchlist-internet.at/news/kleinanzeigenbetrug-so-funktioniert-der-dreiecksbetrug/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ BD Pyxis MedStation and Pyxis Anesthesia (PAS) ES System ∗∗∗
---------------------------------------------
This advisory contains mitigations for a protection mechanism failure vulnerability in BD Pyxis medical devices.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsma-20-091-01


∗∗∗ Hirschmann Automation and Control HiOS and HiSecOS Products ∗∗∗
---------------------------------------------
This advisory contains mitigations for a classic buffer overflow vulnerability in Hirschmann Automation and Control HiOS and HiSecOS software.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-091-01


∗∗∗ Mitsubishi Electric MELSEC ∗∗∗
---------------------------------------------
This advisory contains mitigations for an uncontrolled resource consumption vulnerability in Mitsubishi Electric MELSEC programmable controllers.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-091-02


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (apng2gif, gst-plugins-bad0.10, and libpam-krb5), Fedora (coturn, libarchive, and phpMyAdmin), Mageia (chromium-browser-stable, nghttp2, php, phpmyadmin, sympa, and vim), openSUSE (GraphicsMagick, ldns, phpMyAdmin, python-mysql-connector-python, python-nltk, and tor), Red Hat (advancecomp, avahi, bash, bind, bluez, buildah, chromium-browser, cups, curl, docker, dovecot, doxygen, dpdk, evolution, expat, file, gettext, GNOME, httpd, idm:DL1, [...]
---------------------------------------------
https://lwn.net/Articles/816511/


∗∗∗ Cisco NX-OS Software Anycast Gateway Invalid ARP Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-arp


∗∗∗ Cisco NX-OS Software NX-API Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-api-dos


∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200401-01-overflow-en


∗∗∗ Security Bulletin: Buffer overflow vulnerability affecting certain Aspera applications ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-buffer-overflow-vulnerability-affecting-certain-aspera-applications/


∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data returning decrypted credentials ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-returning-decrypted-credentials/


∗∗∗ Security Bulletin: IBM API Connect is impacted by an unspecified vulnerability in Java(CVE-2020-2604) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-an-unspecified-vulnerability-in-javacve-2020-2604/


∗∗∗ Security Bulletin: Possible denial of service vulnerability in Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-possible-denial-of-service-vulnerability-in-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/


∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in jackson-databind ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-jackson-databind/


∗∗∗ Security Bulletin: Vulnerability in jQuery affects IBM Tririga Application Platform (CVE-2019-11358) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jquery-affects-ibm-tririga-application-platform-cve-2019-11358/


∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by multiple vulnerabilities in Java ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-multiple-vulnerabilities-in-java-2/


∗∗∗ Security Bulletin: Vulnerabilities in Java runtime environment that IBM provides affect WebSphere eXtreme Scale ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-runtime-environment-that-ibm-provides-affect-websphere-extreme-scale/


∗∗∗ Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2020-4303, CVE-2020-4304) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-is-vulnerable-to-cross-site-scripting-cve-2020-4303-cve-2020-4304/


∗∗∗ Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server (CVE-2019-4057, CVE-2019-4101, CVE-2019-4154, CVE-2019-4386, CVE-2019-4322) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-vulnerabilities-affect-the-ibm-spectrum-protect-server-cve-2019-4057-cve-2019-4101-cve-2019-4154-cve-2019-4386-cve-2019-4322-2/


∗∗∗ Security Bulletin: Security vulnerability in IBM Java SDK affect Rational Build Forge (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-ibm-java-sdk-affect-rational-build-forge-cve-2020-2654/


∗∗∗ HPESBHF03994 rev.1 - HPE Superdome Flex with iLO4, Remote or Local Code Execution ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03994en_us


∗∗∗ HPESBST03940 rev.1 - HPE MSA 1040, HPE MSA 2040, HPE MSA 2042, HPE MSA 1050, HPE MSA 2050, and HPE MSA 2052 Multiple Remote Access Restriction Bypass ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03940en_us


∗∗∗ HPESBHF03993 rev.1 - HPE Superdome X servers with iLO4, Remote Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03993en_us


∗∗∗ HPESBHF03995 rev.1 - HPE Superdome X servers with iLO4, Multiple Remote Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03995en_us


∗∗∗ HPESBHF03986 rev.1 - HPE Superdome X servers with iLO4, Remote Code Execution and Authentication Bypass ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03986en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list