[CERT-daily] Tageszusammenfassung - 11.08.2020

Daily end-of-shift report team at cert.at
Tue Aug 11 18:07:24 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 10-08-2020 18:00 − Dienstag 11-08-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Upgraded Agent Tesla malware steals passwords from browsers, VPNs ∗∗∗
---------------------------------------------
New variants of Agent Tesla remote access Trojan now come with modules dedicated to stealing credentials from applications including popular web browsers, VPN software, as well as FTP and email clients.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/upgraded-agent-tesla-malware-steals-passwords-from-browsers-vpns/


∗∗∗ SBA phishing scams: from malware to advanced social engineering ∗∗∗
---------------------------------------------
SBA loan scams continue to make the rounds targeting small business owners, CEOS, and CFOs.
---------------------------------------------
https://blog.malwarebytes.com/scams/2020/08/sba-phishing-scams-from-malware-to-advanced-social-engineering/


∗∗∗ Script-Based Malware: A New Attacker Trend on Internet Explorer ∗∗∗
---------------------------------------------
Script-based malware can be appealing for attackers who want the ability to quickly and easily develop new variants to evade detection.
---------------------------------------------
https://unit42.paloaltonetworks.com/script-based-malware/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Acrobat and Reader (APSB20-48) and Adobe Lightroom (APSB20-51). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1908


∗∗∗ vBulletin fixes ridiculously easy to exploit zero-day RCE bug ∗∗∗
---------------------------------------------
A simple one-line exploit has been published for a zero-day pre-authentication remote code execution (RCE) vulnerability in the vBulletin forum software.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/vbulletin-fixes-ridiculously-easy-to-exploit-zero-day-rce-bug/


∗∗∗ Kritische Updates für Citrix Endpoint Management ∗∗∗
---------------------------------------------
Insgesamt 5 Lücken schließt Citrix; wer eine eigene Installation betreibt, sollte schnell patchen.
---------------------------------------------
https://heise.de/-4867952


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (pillow, ruby-kramdown, wpa, and xrdp), Fedora (ark and rpki-client), Gentoo (apache, ark, global, gthumb, and iproute2), openSUSE (chromium, grub2, java-11-openjdk, libX11, and opera), Red Hat (bind, chromium-browser, java-1.7.1-ibm, java-1.8.0-ibm, and libvncserver), SUSE (LibVNCServer, perl-XML-Twig, thunderbird, and xen), and Ubuntu (samba).
---------------------------------------------
https://lwn.net/Articles/828476/


∗∗∗ iCloud for Windows 11.3 ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT211294


∗∗∗ iCloud for Windows 7.20 ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT211295


∗∗∗ SSA-809841: Buffer Overflow Vulnerability in Third-Party Component pppd ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-809841.txt


∗∗∗ SSA-786743: Code Injection Vulnerability in Advanced Reporting for Desigo CC and ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-786743.txt


∗∗∗ SSA-712518: Information Disclosure Vulnerability (Kr00k) in Industrial Wi-Fi ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-712518.txt


∗∗∗ SSA-388646: Local Privilege Escalation in Automation License Manager ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-388646.txt


∗∗∗ SSA-370042: Cross-Site-Scripting (XSS) in SICAM A8000 RTUs ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-370042.txt


∗∗∗ Security Bulletin: IBM Event Streams is affected by multiple Java vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-multiple-java-vulnerabilities/


∗∗∗ Security Bulletin: IBM Event Streams affected by multiple vulnerabilities in OpenSSL package ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-affected-by-multiple-vulnerabilities-in-openssl-package/


∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Bind affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-bind-affect-ibm-netezza-host-management/


∗∗∗ Security Bulletin: IBM Event Streams is affected by multiple Node.js vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-multiple-node-js-vulnerabilities-3/


∗∗∗ Security Bulletin: JQuery as used by IBM QRadar Network Packet Capture is vulnerable to Cross Site Scripting (XSS) (CVE-2020-11023, CVE-2020-11022) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-by-ibm-qradar-network-packet-capture-is-vulnerable-to-cross-site-scripting-xss-cve-2020-11023-cve-2020-11022/


∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-3/


∗∗∗ Security Bulletin: IBM Event Streams is affected by a vulnerability in Apache Commons Compress (CVE-2019-12402) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-a-vulnerability-in-apache-commons-compress-cve-2019-12402/


∗∗∗ Security Bulletin: IBM Event Streams is affected by a Java vulnerability (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-a-java-vulnerability-cve-2020-2654/


∗∗∗ Security Bulletin: Information disclosure in WebSphere Liberty (CVE-2020-4329) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-liberty-cve-2020-4329/


∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Libreswan affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-libreswan-affects-ibm-netezza-host-management/


∗∗∗ SAP Patchday August 2020 ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0800

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list