[CERT-daily] Tageszusammenfassung - 07.04.2020
Daily end-of-shift report
team at cert.at
Tue Apr 7 18:27:26 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Montag 06-04-2020 18:00 − Dienstag 07-04-2020 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ corp.com: Microsoft kauft gefährliche Domain ∗∗∗
---------------------------------------------
Alte, fehlerhaft konfigurierte Windowsversionen verbinden sich häufig zur Domain corp.com und geben Daten preis.
---------------------------------------------
https://www.golem.de/news/corp-com-microsoft-kauft-gefaehrliche-domain-2004-147770-rss.html
∗∗∗ Web server protection: Web application firewalls for web server protection ∗∗∗
---------------------------------------------
Firewalls are an integral part of the tools necessary in securing web servers. In this article, we will discuss all relevant aspects of web application firewalls. We’ll explore a few concepts that touch on these firewalls, both from a compliance and technical point of view, as well as examine a few examples of how [...]
---------------------------------------------
https://resources.infosecinstitute.com/web-server-protection-web-application-firewalls-for-web-server-protection/
∗∗∗ Unkillable xHelper and a Trojan matryoshka ∗∗∗
---------------------------------------------
It was the middle of last year that we detected the start of mass attacks by the xHelper Trojan on Android smartphones, but even now the malware remains as active as ever.
---------------------------------------------
https://securelist.com/unkillable-xhelper-and-a-trojan-matryoshka/96487/
∗∗∗ ENISA publishes a Tool for the Mapping of Dependencies to International Standards ∗∗∗
---------------------------------------------
The web tool presents the mapping of the indicators demonstrated in the report Good practices on interdependencies between OES and DSPs to international information security standards. This report analysed the dependencies and interdependencies between Operators of Essential Services (OES) and Digital Service Providers (DSPs) and identified a number of indicators to assess them. These indicators are mapped to international standards and frameworks, namely ISO IEC 27002, COBIT5, the NIS [...]
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/enisa-publishes-a-tool-for-the-mapping-of-dependencies-to-international-standards
∗∗∗ Jetzt patchen! Über 350.000 Microsoft Exchange Server immer noch attackierbar ∗∗∗
---------------------------------------------
Auch wenn Angreifer schon seit Ende Februar Ausschau nach verwundbaren Exchange Servern halten, haben viele Admins offensichtlich noch nicht gepatcht.
---------------------------------------------
https://heise.de/-4698421
∗∗∗ Google Patches Critical RCE Vulnerabilities in Androids System Component ∗∗∗
---------------------------------------------
Google this week released the April 2020 set of security patches for the Android operating system to address over 50 vulnerabilities, including four critical issues in the System component.
---------------------------------------------
https://www.securityweek.com/google-patches-critical-rce-vulnerabilities-androids-system-component
∗∗∗ Vorsicht Phishing: Amazon führt keine 3-Stufen-Authentifizierung ein ∗∗∗
---------------------------------------------
Kriminelle geben sich als Amazon aus und behaupten, eine „neue 3-Stufen-Authentifizierung für alle Kunden verbindlich einzuführen“. Angeblich in Zusammenarbeit mit Ihrer Bank und Ihrem E-Mail-Provider. Klicken Sie keinesfalls auf den Link in der E-Mail. Sie gelangen auf eine gefälschte Amazon Login-Seite. Kriminelle stehlen Ihre Zugangsdaten!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-phishing-amazon-fuehrt-keine-3-stufen-authentifizierung-ein/
∗∗∗ More Medical Record Security Flaws ∗∗∗
---------------------------------------------
Tenable Research recently disclosed a number of security-related bugs in a popular open-source medical records application - OpenMRS. This blog details our findings.
---------------------------------------------
https://medium.com/tenable-techblog/more-medical-record-security-flaws-81759f673a0
=====================
= Vulnerabilities =
=====================
∗∗∗ Critical Vulnerabilities in the WP Lead Plus X WordPress Plugin ∗∗∗
---------------------------------------------
On March 3, 2020, our Threat intelligence team discovered a number of vulnerabilities in WP Lead Plus X, a WordPress plugin with over 70,000 installations designed to allow site owners to create landing and squeeze pages on their sites. These vulnerabilities allowed an authenticated attacker with minimal permissions, such as a subscriber, to create or [...]
---------------------------------------------
https://www.wordfence.com/blog/2020/04/critical-vulnerabilities-in-the-wp-lead-plus-x-wordpress-plugin/
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (kernel, kernel-headers, and kernel-tools), openSUSE (glibc and qemu), Red Hat (chromium-browser, container-tools:1.0, container-tools:rhel8, firefox, ipmitool, kernel, kernel-rt, krb5-appl, ksh, nodejs:10, nss-softokn, python, qemu-kvm, qemu-kvm-ma, telnet, and virt:rhel), Scientific Linux (ipmitool and telnet), SUSE (ceph and firefox), and Ubuntu (haproxy, linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-hwe, linux-kvm, linux-oracle, [...]
---------------------------------------------
https://lwn.net/Articles/817003/
∗∗∗ Joomla! plugin "AcyMailing" vulnerable to arbitrary file uploads ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN56890693/
∗∗∗ Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-tomcat-affects-ibm-platform-symphony-2/
∗∗∗ Security Bulletin: Security vulnerabilities in Dojo and jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-dojo-and-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm/
∗∗∗ Security Bulletin: Log Analysis is vulnerable to Injection Attacks ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-log-analysis-is-vulnerable-to-injection-attacks/
∗∗∗ Multiple XSS vulnerabilities in TAO Open Source Assessment Platform ∗∗∗
---------------------------------------------
https://sec-consult.com/./en/blog/advisories/multiple-xss-vulnerabilities-in-tao-open-source-assessment-platform/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list