[CERT-daily] Tageszusammenfassung - 04.08.2020

Daily end-of-shift report team at cert.at
Tue Aug 4 18:22:16 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 03-08-2020 18:00 − Dienstag 04-08-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Exploiting Android Messengers with WebRTC: Part 1 ∗∗∗
---------------------------------------------
Posted by Natalie Silvanovich, Project Zero. This is a three-part series on exploiting messenger applications using vulnerabilities in WebRTC. This series highlights what can go wrong when applications dont apply WebRTC patches and when the communication and notification of security issues breaks down.
---------------------------------------------
https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-1.html


∗∗∗ Network Design: Firewall, IDS/IPS ∗∗∗
---------------------------------------------
There are many different types of devices and mechanisms within the security environment to provide a layered approach of defense. This is so that if an attacker is able to bypass one layer, another layer stands in the way to protect the network.
---------------------------------------------
https://resources.infosecinstitute.com/network-design-firewall-idsips/


∗∗∗ Certificate Transparency: a birds-eye view ∗∗∗
---------------------------------------------
The goal of this post is to build up a high-level description of CT from scratch, explaining why all the pieces are the way they are and how they fit together.
---------------------------------------------
https://emilymstark.com/2020/07/20/certificate-transparency-a-birds-eye-view.html


∗∗∗ goldscheideanstalt-solidus24.de & feingold-scheideanstalt.de fälschen Trusted Shops-Zertifikat ∗∗∗
---------------------------------------------
goldscheideanstalt-solidus24.de & feingold-scheideanstalt.de – durchaus ansprechende Webshops für Goldbarren und Goldmünzen. Das vollständige Impressum mit gültigen Angaben, sowie das Trusted Shops-Gütezeichen wirken vertrauensvoll. Doch Vorsicht: Diese Goldhändler sind Fake, Sie erhalten trotz Bezahlung keine Ware!
---------------------------------------------
https://www.watchlist-internet.at/news/goldscheideanstalt-solidus24de-feingold-scheideanstaltde-faelschen-trusted-shops-zertifikat/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ NodeJS module downloaded 7M times lets hackers inject code ∗∗∗
---------------------------------------------
A Node.js module downloaded millions of times has a security flaw that can enable attackers to perform a denial-of-service (DoS) attack on a server or get full-fledged remote shell access.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/nodejs-module-downloaded-7m-times-lets-hackers-inject-code/


∗∗∗ CVE-2020–9854: "Unauthd" ∗∗∗
---------------------------------------------
Security researcher Ilias Morad, describes an impressive exploit chain, combining three macOS logic bugs he uncovered in macOS. His exploit chain allowed a local user to elevate privileges all the way to ring-0 (kernel)!
---------------------------------------------
https://objective-see.com/blog/blog_0x4D.html


∗∗∗ Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues , (Tue, Aug 4th) ∗∗∗
---------------------------------------------
Just a quick reminder: We are continuing to see small numbers of exploit attempts against CVE-2020-3452. Cisco patched this directory traversal vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software.
---------------------------------------------
https://isc.sans.edu/diary/rss/26426


∗∗∗ Critical Vulnerability Exposes over 700,000 Sites Using Divi, Extra, and Divi Builder ∗∗∗
---------------------------------------------
On July 23, 2020, our Threat Intelligence team discovered a vulnerability present in two themes by Elegant Themes, Divi and Extra, as well as Divi Builder, a WordPress plugin. Combined, these products are installed on an estimated 700,000 sites.
---------------------------------------------
https://www.wordfence.com/blog/2020/08/critical-vulnerability-exposes-over-700000-sites-using-divi-extra-and-divi-builder/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libx11, webkit2gtk, and zabbix), Fedora (webkit2gtk3), openSUSE (claws-mail, ghostscript, and targetcli-fb), Red Hat (dbus, kpatch-patch, postgresql-jdbc, and python-pillow), Scientific Linux (libvncserver and postgresql-jdbc), SUSE (kernel and python-rtslib-fb), and Ubuntu (ghostscript, sqlite3, squid3, and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/828015/


∗∗∗ Security Bulletin: Vulnerability in Bash affects IBM Spectrum Protect Plus (CVE-2019-9924) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bash-affects-ibm-spectrum-protect-plus-cve-2019-9924/


∗∗∗ Security Bulletin: Possible denial of service attack affecting Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-possible-denial-of-service-attack-affecting-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/


∗∗∗ Security Bulletin: Incorrect file permissions allows authenticated users to recover IPMI user passwords ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-incorrect-file-permissions-allows-authenticated-users-to-recover-ipmi-user-passwords/


∗∗∗ Security Bulletin: IBM API Connect is impacted by a denial of service vulnerability in MySQL (CVE-2020-2752) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-denial-of-service-vulnerability-in-mysql-cve-2020-2752/


∗∗∗ Security Bulletin: Vulnerability in GNU gettext affects IBM Spectrum Protect Plus (CVE-2018-18751) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-gnu-gettext-affects-ibm-spectrum-protect-plus-cve-2018-18751/


∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2020-4459) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-security-secret-server-cve-2020-4459/


∗∗∗ Security Bulletin: A vulnerability in IBM® Runtime Environment Java™ Version 8.0 affects IBM CICS TX on Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-runtime-environment-java-version-8-0-affects-ibm-cics-tx-on-cloud/


∗∗∗ Security Bulletin: OpenSSH vulnerability affects IBM Spectrum Protect Plus (CVE-2020-15778) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssh-vulnerability-affects-ibm-spectrum-protect-plus-cve-2020-15778/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-monitoring-2/


∗∗∗ Security Bulletin: A vulnerability exists in IBM® Runtime Environment Java™ which affects TXSeries for Multiplatforms ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in-ibm-runtime-environment-java-which-affects-txseries-for-multiplatforms/


∗∗∗ August 2020 ∗∗∗
---------------------------------------------
https://source.android.com/security/bulletin/2020-08-01


∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0781

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list