[CERT-daily] Tageszusammenfassung - 21.04.2020
Daily end-of-shift report
team at cert.at
Tue Apr 21 18:16:46 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Montag 20-04-2020 18:00 − Dienstag 21-04-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Windows 10 SMBGhost RCE exploit demoed by researchers ∗∗∗
---------------------------------------------
A proof-of-concept remote code execution (RCE) exploit for the Windows 10 CVE-2020-0796 wormable pre-auth remote code execution vulnerability was developed and demoed today by researchers at Ricerca Security.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/windows-10-smbghost-rce-exploit-demoed-by-researchers/
∗∗∗ SpectX: Log Parser for DFIR, (Tue, Apr 21st) ∗∗∗
---------------------------------------------
I hope this finds you all safe, healthy, and sheltered to the best of your ability. In February I received a DM via Twitter from Liisa at SpectX regarding my interest in checking out SpectX. Never one to shy away from a tool review offer, I accepted. SpectX, available in a free, community desktop version, is a log parser and query engine that enables you to investigate incidents via log files from multiple sources such as log servers, AWS, Azure, Google Storage, Hadoop, ELK and SQL-databases.
---------------------------------------------
https://isc.sans.edu/diary/rss/26040
∗∗∗ Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining ∗∗∗
---------------------------------------------
Recently, we wrote an article about more than 8,000 unsecured Redis instances found in the cloud. In this article, we expound on how these instances can be abused to perform remote code execution (RCE), as demonstrated by malware samples captured in the wild.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/l3TOyRDK1yA/
∗∗∗ Grouping Linux IoT Malware Samples With Trend Micro ELF Hash ∗∗∗
---------------------------------------------
We created Trend Micro ELF Hash (telfhash), an open-source clustering algorithm that effectively clusters Linux IoT malware created using ELF files.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/tFHtqxisecc/
∗∗∗ Kerberos Tickets on Linux Red Teams ∗∗∗
---------------------------------------------
At FireEye Mandiant, we conduct numerous red team engagements within Windows Active Directory environments. Consequently, we frequently encounter Linux systems integrated within Active Directory environments. Compromising an individual domain-joined Linux system can provide useful data on its own, but the best value is obtaining data, such as Kerberos tickets, that will facilitate lateral movement techniques.
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2020/04/kerberos-tickets-on-linux-red-teams.html
∗∗∗ Unsichere Deserialisierung gefährdet Steam-Spiele ∗∗∗
---------------------------------------------
Viele Videospiele, die .Net oder Unity verwenden, sind angreifbar und führen Schadcode aus. Steam bietet die Möglichkeit einer wurmähnlichen Infektion.
---------------------------------------------
https://heise.de/-4706122
∗∗∗ 46% of SMBs have been targeted by ransomware, 73% have paid the ransom ∗∗∗
---------------------------------------------
Ransomware attacks are not at all unusual in the SMB community, as 46% of these businesses have been victims. And 73% of those SMBs that have been the targets of ransomware attacks actually have paid a ransom, Infrascale reveals. Yet, more than a quarter of the total SMB survey group said they lack a plan to mitigate a ransomware attack.
---------------------------------------------
https://www.helpnetsecurity.com/2020/04/21/paying-ransom/
∗∗∗ BSI aktualisiert den Mindeststandard TLS ∗∗∗
---------------------------------------------
Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat zum 9. April 2020 den "Mindeststandard zur Verwendung von Transport Layer Security (TLS)" aktualisiert.
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/AktualisierterMST_TLS_210420.html
∗∗∗ Microsoft Will Not Patch Security Bypass Flaw Abusing MSTSC ∗∗∗
---------------------------------------------
A DLL side-loading vulnerability related to the Microsoft Terminal Services Client (MSTSC) can be exploited to bypass security controls, but Microsoft says it will not be releasing a patch due to exploitation requiring elevated privileges.
---------------------------------------------
https://www.securityweek.com/microsoft-will-not-patch-security-bypass-flaw-abusing-mstsc
∗∗∗ Zahlungsaufforderungen von angeblichen Streamingdiensten sind Fake ∗∗∗
---------------------------------------------
bodaflix.de, ebaflix.de, teraflix.de, nodaflix.de – angeblich kostenlose Streamingdienste. Nach einer Registrierung erhalten Sie jedoch eine Zahlungsaufforderung über 395,88 Euro. Wird diese ignoriert, folgen meist weitere Zahlungsaufforderungen und Mahnungen von vermeintlichen Inkassobüros. Überweisen Sie kein Geld und antworten Sie auch nicht! Es handelt sich um ein betrügerisches Schreiben.
---------------------------------------------
https://www.watchlist-internet.at/news/zahlungsaufforderungen-von-angeblichen-streamingdiensten-sind-fake/
∗∗∗ Hey there! Are you using WhatsApp? Your account may be hackable ∗∗∗
---------------------------------------------
Can someone take control of your WhatsApp account by just knowing your phone number? We ran a small test to find out.
---------------------------------------------
https://www.welivesecurity.com/2020/04/20/hey-there-using-whatsapp-your-account-hackable/
=====================
= Vulnerabilities =
=====================
∗∗∗ P5 FNIP-8x16A/FNIP-4xSH CSRF Stored Cross-Site Scripting ∗∗∗
---------------------------------------------
The controller suffers from CSRF and XSS vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Input passed to several GET/POST parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a [...]
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5564.php
∗∗∗ [R2] Tenable.sc 5.14.0 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
Tenable.sc leverages third-party software to help provide underlying functionality. One third-party component (jQuery) was found to contain vulnerabilities, and updated versions have been made available by the providers.
---------------------------------------------
https://www.tenable.com/security/tns-2020-02
∗∗∗ Versionsverwaltung: Erneute Sicherheitswarnung für Git ∗∗∗
---------------------------------------------
Updates beheben eine Schwachstelle in Git, die der jüngsten ähnelt und ebenfalls die Credential-Helper-Programme betrifft.
---------------------------------------------
https://heise.de/-4706272
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (webkit2gtk), Debian (awl, git, and openssl), Red Hat (chromium-browser, git, http-parser, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, qemu-kvm-ma, rh-git218-git, and rh-maven35-jackson-databind), Scientific Linux (advancecomp, avahi, bash, bind, bluez, cups, curl, dovecot, doxygen, evolution, expat, file, firefox, gettext, git, GNOME, httpd, ImageMagick, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, kernel, lftp, [...]
---------------------------------------------
https://lwn.net/Articles/818223/
∗∗∗ High-Severity Vulnerability in OpenSSL Allows DoS Attacks ∗∗∗
---------------------------------------------
An update released on Tuesday for OpenSSL patches a high-severity vulnerability that can be exploited for denial-of-service (DoS) attacks.
---------------------------------------------
https://www.securityweek.com/high-severity-vulnerability-openssl-allows-dos-attacks
∗∗∗ [20200403] - Core - Incorrect access control in com_users access level deletion function ∗∗∗
---------------------------------------------
https://developer.joomla.org/security-centre/811-20200403-core-incorrect-access-control-in-com-users-access-level-deletion-function.html
∗∗∗ [20200402] - Core - Missing checks for the root usergroup in usergroup table ∗∗∗
---------------------------------------------
https://developer.joomla.org/security-centre/810-20200402-core-missing-checks-for-the-root-usergroup-in-usergroup-table.html
∗∗∗ [20200401] - Core - Incorrect access control in com_users access level editing function ∗∗∗
---------------------------------------------
https://developer.joomla.org/security-centre/809-20200401-core-incorrect-access-control-in-com-users-access-level-editing-function.html
∗∗∗ 2020-04-21: SECURITY ABB Central Licensing System Vulnerabilities, impact on System 800xA, Compact HMI and Control Builder Safe ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch
∗∗∗ 2020-04-21: SECURITY Multiple Vulnerabilities in ABB Central Licensing System ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231&LanguageCode=en&DocumentPartId=&Action=Launch
∗∗∗ 2020-04-21: SECURITY Inter process communication vulnerability in System 800xA ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch
∗∗∗ Security Bulletin: A denial of service vulnerability in IBM WebSphere Liberty Profile affects IBM Spectrum Conductor and IBM Spectrum Conductor with Spark ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-denial-of-service-vulnerability-in-ibm-websphere-liberty-profile-affects-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list