[CERT-daily] Tageszusammenfassung - 14.04.2020
Daily end-of-shift report
team at cert.at
Tue Apr 14 18:12:29 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 10-04-2020 18:00 − Dienstag 14-04-2020 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Think Fast: Time Between Disclosure, Patch Release and VulnerabilityExploitation — Intelligence for Vulnerability Management, Part Two ∗∗∗
---------------------------------------------
One of the critical strategic and tactical roles that cyber threat intelligence (CTI) plays is in the tracking, analysis, and prioritization of software vulnerabilities that could potentially put an organization’s data, employees and customers at risk. In this four-part blog series, FireEye Mandiant Threat Intelligence highlights the value of CTI in enabling vulnerability management, and unveils new research into the latest threats, trends and recommendations.
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2020/04/time-between-disclosure-patch-release-and-vulnerability-exploitation.html
∗∗∗ WhatsApp-Nachricht: Billa verlost keinen 250 € Gutschein ∗∗∗
---------------------------------------------
Sie haben von einem WhatsApp-Kontakt einen Link zu einem Billa-Gutschein erhalten und fragen sich was dahintersteckt? Die Watchlist Internet hat sich diesen sogenannten Kettenbrief näher angesehen! Unser Fazit: Sie erhalten weder einen Gutschein, noch stammt diese Verlosung von Billa.
---------------------------------------------
https://www.watchlist-internet.at/news/whatsapp-nachricht-billa-verlost-keinen-250-eur-gutschein/
∗∗∗ APT41 Using New Speculoos Backdoor to Target Organizations Globally ∗∗∗
---------------------------------------------
Unit 42 identifies new payload, named Speculoos, exploiting CVE-2019-19781 to target organizations around the world, including state government in the United States.
---------------------------------------------
https://unit42.paloaltonetworks.com/apt41-using-new-speculoos-backdoor-to-target-organizations-globally/
∗∗∗ Malicious Attackers Target Government and Medical Organizations With COVID-19 Themed Phishing Campaigns ∗∗∗
---------------------------------------------
New research shows COVID-19 themed phishing campaigns are targeting healthcare organizations and medical research facilities around the world.
---------------------------------------------
https://unit42.paloaltonetworks.com/covid-19-themed-cyber-attacks-target-government-and-medical-organizations/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe ColdFusion (APSB20-18), Adobe After Effects (APSB20-21) and Adobe Digital Editions (APSB20-23). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1859
∗∗∗ Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update ∗∗∗
---------------------------------------------
Oracle will detail 405 new security vulnerabilities Tuesday, part of its quarterly Critical Patch Update Advisory.
---------------------------------------------
https://threatpost.com/oracle-tackles-405-bugs-for-april-quarterly-patch-update/154737/
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (haproxy), Gentoo (chromium and libssh), openSUSE (ansible, chromium, gmp, gnutls, libnettle, libssh, mgetty, nagios, permissions, and python-PyYAML), and Oracle (firefox, kernel, qemu-kvm, and telnet).
---------------------------------------------
https://lwn.net/Articles/817399/
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (thunderbird), Debian (thunderbird), Fedora (drupal7-ckeditor, nrpe, and php-robrichards-xmlseclibs1), Red Hat (firefox and kernel), SUSE (quartz), and Ubuntu (thunderbird).
---------------------------------------------
https://lwn.net/Articles/817471/
∗∗∗ SSA-102233: SegmentSmack in VxWorks-based Industrial Devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-102233.txt
∗∗∗ SSA-162506: DHCP Client Vulnerability in SIMOTICS CONNECT 400, Desigo PXC/PXM, APOGEE MEC/MBC/PXC, APOGEE PXC Series, and TALON TC Series ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-162506.txt
∗∗∗ SSA-359303: Debug Port in TIM 3V-IE and 4R-IE Family Devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-359303.txt
∗∗∗ SSA-377115: SegmentSmack in Linux IP-Stack based Industrial Devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-377115.txt
∗∗∗ SSA-593272: SegmentSmack in Interniche IP-Stack based Industrial Devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-593272.txt
∗∗∗ SSA-886514: Persistent XSS Vulnerabilities in the Web Interface of Climatix POL908 and POL909 Modules ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-886514.txt
∗∗∗ Security Bulletin: A vulnerability in IBM Java affect IBM Decision Optimization Center (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-affect-ibm-decision-optimization-center-cve-2020-2654/
∗∗∗ Security Bulletin: A vulnerability in IBM Java affects IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-affects-ibm-ilog-cplex-optimization-studio-and-ibm-cplex-enterprise-server-cve-2020-2654/
∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Services (CVE-2019-4732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-corporate-services-cve-2019-4732/
∗∗∗ Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Platform Symphony and IBM Spectrum Symphony ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-affect-ibm-platform-symphony-and-ibm-spectrum-symphony-3/
∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Services v2.1.1 (CVE-2019-4732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-corporate-services-v2-1-1-cve-2019-4732/
∗∗∗ Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability/
∗∗∗ Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere (CVE-2019-10209, 10211, 10210, 10208) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-postgresql-vulnerabilities-in-ibm-robotic-process-automation-with-automation-anywhere-cve-2019-10209-10211-10210-10208/
∗∗∗ Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere (CVE-2019-10164) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-postgresql-vulnerabilities-in-ibm-robotic-process-automation-with-automation-anywhere-cve-2019-10164/
∗∗∗ Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-postgresql-vulnerabilities-in-ibm-robotic-process-automation-with-automation-anywhere/
∗∗∗ XSA-318 - Bad continuation handling in GNTTABOP_copy ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-318.html
∗∗∗ XSA-316 - Bad error path in GNTTABOP_map_grant ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-316.html
∗∗∗ XSA-314 - Missing memory barriers in read-write unlock paths ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-314.html
∗∗∗ XSA-313 - multiple xenoprof issues ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-313.html
∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0303
∗∗∗ SAP Patchday April 2020 ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0300
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list