[CERT-daily] Tageszusammenfassung - 24.04.2020
Daily end-of-shift report
team at cert.at
Fri Apr 24 18:22:13 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 23-04-2020 18:00 − Freitag 24-04-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Protecting your organization against password spray attacks ∗∗∗
---------------------------------------------
If your users sign in with guessable passwords, you may be at risk of a password spray attack.The post Protecting your organization against password spray attacks appeared first on Microsoft Security.
---------------------------------------------
https://www.microsoft.com/security/blog/2020/04/23/protecting-organization-password-spray-attacks/
∗∗∗ Malicious Excel With a Strong Obfuscation and Sandbox Evasion, (Fri, Apr 24th) ∗∗∗
---------------------------------------------
For a few weeks, we see a bunch of Excel documents spread in the wild with Macro V4[1]. But VBA macros remain a classic way to drop the next stage of the attack on the victims computer. The attacker has many ways to fetch the next stage. He can download it from a compromised server or a public service like pastebin.com, dropbox.com, or any other service that allows sharing content. The problem is, in this case, that it generates more noise via new network flows and the attack [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/26048
∗∗∗ Gefahren durch Webshells: NSA nennt beliebte Einfallstore für Server-Angriffe ∗∗∗
---------------------------------------------
US- und australische Behörden geben Tipps zum Aufspüren von Webshells und nennen einige teils recht alte, bei Angreifern aber noch immer beliebte Lücken.
---------------------------------------------
https://heise.de/-4709470
∗∗∗ When in Doubt: Hang Up, Look Up, & Call Back ∗∗∗
---------------------------------------------
Many security-conscious people probably think theyd never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Heres how one security and tech-savvy reader got taken for more than $10,000 in an elaborate, weeks-long ruse.
---------------------------------------------
https://krebsonsecurity.com/2020/04/when-in-doubt-hang-up-look-up-call-back/
=====================
= Vulnerabilities =
=====================
∗∗∗ Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution ∗∗∗
---------------------------------------------
The FTTH provisioning solution suffers from an unauthenticated remote code execution vulnerability due to an unsafe deserialization of Java objects (ViewState) triggered via the javax.faces.ViewState HTTP POST parameter. The deserialization can cause the vulnerable JSF web application to execute arbitrary Java functions, malicious Java bytecode, and system shell commands with root privileges.
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5565.php
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (lib32-openssl), Debian (git), Gentoo (chromium, firefox, git, and openssl), Oracle (kernel and python-twisted-web), Red Hat (python-twisted-web), Scientific Linux (python-twisted-web), and SUSE (file-roller, kernel, and resource-agents).
---------------------------------------------
https://lwn.net/Articles/818565/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBMJava SDK affect IBM Cloud App Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibmjava-sdk-affect-ibm-cloud-app-management/
∗∗∗ Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service attack caused by an authenticated user crafting a malicious message (CVE-2019-4656) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-a-denial-of-service-attack-caused-by-an-authenticated-user-crafting-a-malicious-message-cve-2019-4656/
∗∗∗ Security Bulletin: IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. (CVE-2019-4619) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-allow-a-local-attacker-to-obtain-sensitive-information-by-inclusion-of-sensitive-data-within-trace-cve-2019-4619/
∗∗∗ Security Bulletin: IBM Cloud App Management is vulnerable to cross-site request forgery (CVE-2019-4750) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-app-management-is-vulnerable-to-cross-site-request-forgery-cve-2019-4750/
∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Cloud App Management (CVE-2020-2593) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-cloud-app-management-cve-2020-2593/
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a tcpdump vulnerability (CVE-2018-19519) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-tcpdump-vulnerability-cve-2018-19519/
∗∗∗ Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service attack due to an error in the Channel processing function. (CVE-2019-4762) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-a-denial-of-service-attack-due-to-an-error-in-the-channel-processing-function-cve-2019-4762/
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2020-4267) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2020-4267/
∗∗∗ Security Bulletin: Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud App Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-mozilla-firefox-affect-ibm-cloud-app-management/
∗∗∗ Security Bulletin: IBM MQ Appliance could allow a local attacker to obtain sensitive information. (CVE-2019-4719) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-allow-a-local-attacker-to-obtain-sensitive-information-cve-2019-4719/
∗∗∗ BIG-IQ HA vulnerability CVE-2020-5870 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K69422435
∗∗∗ BIG-IQ HA vulnerability CVE-2020-5869 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K28855111
∗∗∗ BIG-IQ Grafana vulnerability CVE-2020-5868 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K37130415
∗∗∗ HPESBHF03947 rev.1 - HPE UIoT, Remote Unauthorized Access and Access to Sensitive Data ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03947en_us
∗∗∗ Red Hat Enterprise Linux: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0362
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list