[CERT-daily] Tageszusammenfassung - 30.04.2020

Thu Apr 30 18:27:32 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 29-04-2020 18:00 − Donnerstag 30-04-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Microsoft Sway abused in PerSwaysion spear-phishing operation ∗∗∗
---------------------------------------------
Multiple threat actors running phishing attacks on corporate targets have been counting on Microsoft Sway service to trick victims into giving their Office 365 login credentials.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-sway-abused-in-perswaysion-spear-phishing-operation/


∗∗∗ „Sarah“ verschickt gefälschte HOFER-Umfrage ∗∗∗
---------------------------------------------
Unter dem Namen „Sarah“ verschicken Kriminelle derzeit willkürlich SMS mit einem Link, der zu einem gefälschten HOFER-Treueprogramm führt. Versprochen werden exklusive Preise, sofern an einer Umfrage zur Kundenzufriedenheit teilgenommen wird. Wir haben uns das vermeintliche Treueprogramm genauer angeschaut. Unser Fazit: Die versprochenen Preise erhalten Sie nicht. Stattdessen hoffen die BetrügerInnen, dass sie ein Abo abschließen. Dieses würde Sie [...]
---------------------------------------------
https://www.watchlist-internet.at/news/sarah-verschickt-gefaelschte-hofer-umfrage/


∗∗∗ Cybercriminals are using Google reCAPTCHA to hide their phishing attacks ∗∗∗
---------------------------------------------
Security researchers say that they are seeing cybercriminals deploying Google’s reCAPTCHA anti-bot tool in an effort to avoid early detection of their malicious campaigns.
---------------------------------------------
https://hotforsecurity.bitdefender.com/blog/cybercriminal-are-using-google-recaptcha-to-hide-their-phishing-attacks-23156.html


∗∗∗ Cybereason warnt vor neuem mobilen Banking-Trojaner ∗∗∗
---------------------------------------------
EventBot ist erst seit März 2020 im Umlauf. Die Malware stiehlt Daten von Finanz-Apps und hebelt die 2-Faktor-Authentifizierung auf. Die Hintermänner sind so in der Lage, geschäftliche und private Finanztransaktionen zu kapern.
---------------------------------------------
https://www.zdnet.de/88379272/cybereason-warnt-vor-neuem-mobilen-banking-trojaner/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Salt peppered with holes? Automation tool vulnerable to auth bypass: Patch now ∗∗∗
---------------------------------------------
The Salt configuration tool has patched two vulnerabilities whose combined effect was to expose Salt installations to complete control by an attacker. A patch for the issues was released last night, but systems that are not set to auto-update may still be vulnerable.
---------------------------------------------
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/04/30/salt_automation_tool_vulnerable_to/


∗∗∗ WordPress Releases Security Update ∗∗∗
---------------------------------------------
WordPress 5.4 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 5.4.1.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2020/04/30/wordpress-releases-security-update


∗∗∗ macOS: Sandbox-Ausbruch per Editor ∗∗∗
---------------------------------------------
In TextEdit steckt ein Bug, mit dem böswillige Apps eigentlich verbotene Kommandos ausführen können.
---------------------------------------------
https://heise.de/-4712045


∗∗∗ High Severity Vulnerability Patched in Ninja Forms ∗∗∗
---------------------------------------------
On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress plugin with over 1 million installations. This vulnerability could allow an attacker to trick an administrator into importing a contact form containing malicious JavaScript and replace any existing contact form with the malicious version.
---------------------------------------------
https://www.wordfence.com/blog/2020/04/high-severity-vulnerability-patched-in-ninja-forms/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, git, and webkit2gtk), Debian (nodejs and tiff), Fedora (libxml2, php-horde-horde, pxz, and sqliteodbc), Oracle (python-twisted-web), Red Hat (chromium-browser, git, and rh-git218-git), Scientific Linux (python-twisted-web), SUSE (ceph, kernel, munge, openldap2, salt, squid, and xen), and Ubuntu (mailman, python3.8, samba, and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/819064/


∗∗∗ Synology-SA-20:08 Cloud Station Backup ∗∗∗
---------------------------------------------
A vulnerability allows local users to execute arbitrary code via a susceptible version of Cloud Station Backup.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_08_Cloud_Station_Backup


∗∗∗ Synology-SA-20:07 Synology Calendar ∗∗∗
---------------------------------------------
Multiple vulnerabilities allow remote authenticated users to download arbitrary files or hijack the authentication of administrators via a susceptible version of Synology Calendar.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_07_Synology_Calendar


∗∗∗ Synology-SA-20:06 DSM ∗∗∗
---------------------------------------------
Multiple vulnerabilities allow remote authenticated users to conduct denial-of-service attacks or obtain user credentials via a susceptible version of DSM.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_06_DSM


∗∗∗ Citrix Hypervisor Security Update ∗∗∗
---------------------------------------------
An issue has been discovered in Citrix Hypervisor that, if exploited, could potentially allow an attacker on the management network to enumerate valid administrative account usernames. Note that this attack does not disclose the corresponding passwords [...]
---------------------------------------------
https://support.citrix.com/article/CTX272237


∗∗∗ Security Advisory - Invalid Pointer Access Vulnerability in Huawei OceanStor Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200429-01-invalidpointer-en


∗∗∗ Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-1938) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-open-source-apache-tomcat-vulnerabilities-affect-ibm-tivoli-application-dependency-discovery-manager-cve-2020-1938/


∗∗∗ Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-2019-1551) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-messagegateway-cve-2019-1551/


∗∗∗ Security Bulletin: Publicly disclosed vulnerability found by vFinder in IBM eDiscovery Analyzer ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-found-by-vfinder-in-ibm-ediscovery-analyzer/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-sap-applications/


∗∗∗ F5 BIG-IP: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0402


∗∗∗ The BIG-IP AFM ACL and IPI features may not function as designed ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K72423000


∗∗∗ Intel QAT cryptography driver vulnerability CVE-2020-5882 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K43815022


∗∗∗ The BIG-IP ASM system may fail to mask a configured sensitive parameter in the Referer header value ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K33572148


∗∗∗ BIG-IP APM logs may contain random data after the APM session ID ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K43404365


∗∗∗ BIG-IP SSL connection Alert Timeout security exposure ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K25165813


∗∗∗ BIG-IP may not detect invalid Transfer-Encoding headers ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K10701310


∗∗∗ HPESBMU03997 rev.1 - HPE Smart Update Manager (SUM), Remote Unauthorized Access ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03997en_us


∗∗∗ OpenLDAP: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0405

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily