[CERT-daily] Tageszusammenfassung - 06.04.2020

Mon Apr 6 18:16:54 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 03-04-2020 18:00 − Montag 06-04-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Web server security: Command line-fu for web server protection ∗∗∗
---------------------------------------------
Adequate web server security requires proper understanding, implementation and use of a variety of different tools. In this article, we will take a look at some command line tools that can be used to manage the security of web servers.
---------------------------------------------
https://resources.infosecinstitute.com/web-server-security-command-line-fu-for-web-server-protection/


∗∗∗ Analyzing & Decrypting L4NC34’s Simple Ransomware ∗∗∗
---------------------------------------------
We’re constantly seeing news about computers being infected by ransomware, but very little do we hear about it affecting websites. That being said, the impact can be serious if the affected website is the webmaster’s only source of income or a business relies entirely on it’s website and online presence.
---------------------------------------------
https://blog.sucuri.net/2020/04/analyzing-decrypting-l4nc34s-simple-ransomware.html


∗∗∗ Kinsing Linux Malware Deploys Crypto-Miner in Container Environments ∗∗∗
---------------------------------------------
A campaign that has been ongoing for months is targeting misconfigured open Docker Daemon API ports to install a piece of malware named Kinsing, which in turn deploys a cryptocurrency miner in compromised container environments.
---------------------------------------------
https://www.securityweek.com/kinsing-linux-malware-deploys-crypto-miner-container-environments


∗∗∗ 8,000 Unprotected Redis Instances Accessible From Internet ∗∗∗
---------------------------------------------
Trend Micro’s security researchers discovered roughly 8,000 unsecured Redis instances that were exposed to anyone with an Internet connection. Spread all over the world, the unsecured instances were found to lack Transport Layer Security (TLS) encryption and without any password protection. Some of these instances were even deployed in public clouds.
---------------------------------------------
https://www.securityweek.com/8000-unprotected-redis-instances-accessible-internet


∗∗∗ Userdir URLs like https://example.org/~username/ are dangerous ∗∗∗
---------------------------------------------
I would like to point out a security problem with a classic variant of web space hosting. While this issue should be obvious to anyone knowing basic web security, I have never seen it being discussed publicly.  Some server operators allow every user on the system to have a personal web space where they can place files in a directory (often ~/public_html) and they will appear on the host under a URL with a tilde and their username (e.g. https://example.org/~username/).
---------------------------------------------
https://blog.hboeck.de/archives/899-Userdir-URLs-like-httpsexample.orgusername-are-dangerous.html


∗∗∗ MISP 2.4.124 released (aka the dashboard, auditing improvements) ∗∗∗
---------------------------------------------
MISP 2.4.124 releasedA new version of MISP (2.4.124) has been released. This version includes various improvements including a new multiline widgets in the dashboard, auditing improvements and many bugs fixed.
---------------------------------------------
https://www.misp-project.org/2020/04/06/MISP.2.4.124.released.html


∗∗∗ Grandstream and DrayTek Devices Exploited to Power New Hoaxcalls DDoS Botnet ∗∗∗
---------------------------------------------
A proof-of-concept for CVE-2020-8515 that was made publicly available in March is found being employed by a new DDoS botnet called hoaxcalls.
---------------------------------------------
https://unit42.paloaltonetworks.com/new-hoaxcalls-ddos-botnet/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ VU#660597: Periscope BuySpeed is vulnerable to stored cross-site scripting ∗∗∗
---------------------------------------------
Periscope BuySpeed is a "tool to automate the full procure-to-pay process efficiently and intelligently". BuySpeed version 14.5 is vulnerable to stored cross-site scripting,which could allow a local,authenticated attacker to store arbitrary JavaScript within the application.
---------------------------------------------
https://kb.cert.org/vuls/id/660597


∗∗∗ Gefährliche Sicherheitslücken in HP Support Assistant immer noch offen ∗∗∗
---------------------------------------------
Ein Sicherheitsforscher rügt HP, weil die Entwickler seit Monaten im standardmäßig installierten HP Support Assistant diverse Schwachstellen nicht schließen.
---------------------------------------------
https://heise.de/-4697583


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr, gnutls28, and libmtp), Fedora (cyrus-sasl, firefox, glibc, squid, and telnet), Gentoo (firefox), Mageia (dcraw, firefox, kernel, kernel-linus, librsvg, and python-nltk), openSUSE (firefox, haproxy, icu, and spamassassin), Red Hat (nodejs:10, openstack-manila, python-django, python-XStatic-jQuery, and telnet), Slackware (firefox), SUSE (bluez, exiv2, and libxslt), and Ubuntu (firefox).
---------------------------------------------
https://lwn.net/Articles/816886/


∗∗∗ XSS vulnerability in the Dashboard name parameter of FortiADC. ∗∗∗
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-20-012


∗∗∗ Improper Authorization vulnerability in FortiADC ∗∗∗
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-20-013


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-9/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-8/


∗∗∗ Security Bulletin: Multiple vulnerabilities in Bouncy Castle API affect IBM License Metric Tool v9. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-bouncy-castle-api-affect-ibm-license-metric-tool-v9/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-7/


∗∗∗ Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2019-16782). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ruby-on-rails-affects-ibm-license-metric-tool-v9-cve-2019-16782/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-6/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-5/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-4/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily