[CERT-daily] Tageszusammenfassung - 21.08.2020
Daily end-of-shift report
team at cert.at
Fri Aug 21 18:19:28 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 20-08-2020 18:00 − Freitag 21-08-2020 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Malware can no longer disable Microsoft Defender via the Registry ∗∗∗
---------------------------------------------
Microsoft has removed the ability to disable Microsoft Defender and third-party security software via the Registry to prevent malware from tampering with protection settings.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/malware-can-no-longer-disable-microsoft-defender-via-the-registry/
∗∗∗ Emotet Malware Over the Years: The History of an Active Cyber-Threat ∗∗∗
---------------------------------------------
Malware strains come and go while Internet users become more and more accustomed to online threats being dealt with swiftly by the competent authorities. But what happens when a Trojan constantly eludes everyone’s best efforts to stop it in its tracks?
---------------------------------------------
https://heimdalsecurity.com/blog/emotet-malware-history/
∗∗∗ From SSRF to Compromise: Case Study ∗∗∗
---------------------------------------------
SSRF is a neat bug because it jumps trust boundaries. You go from being the user of a web application to someone on the inside, someone who can reach out and touch things on behalf of the vulnerable server. Exploiting SSRF beyond a proof-of-concept callback is often tricky because the impact is largely dependent on the environment you’re making that internal request in.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/from-ssrf-to-compromise-case-study/
∗∗∗ MISP 2.4.130 released (Various fixes, performance improvements and new features) ∗∗∗
---------------------------------------------
MISP 2.4.130 releasedA new version of MISP (2.4.130) has been released with performance improvements, multiple bugs fixed and new features.
---------------------------------------------
https://www.misp-project.org/2020/08/21/MISP.2.4.130.released.html
∗∗∗ Aggressive DDoS-Erpresser von Fancy Bear sind wieder aktiv ∗∗∗
---------------------------------------------
Vor erneuten DDoS-Erpressungen im Namen von Fancy Bear, die von großvolumigen DDoS-Attacken begleitet werden, hat jetzt das Link11 Security Operation Center gewarnt. Laut des IT-Sicherheitsanbieters Link11 zählen zu den angegriffenen Unternehmen auch KRITIS-Betreiber.
---------------------------------------------
https://www.zdnet.de/88382211/aggressive-ddos-erpresser-von-fancy-bear-sind-wieder-aktiv/
=====================
= Vulnerabilities =
=====================
*** BIND Security Advisories ***
---------------------------------------------
CVE-2020-8620: A specially crafted large TCP payload can trigger an assertion failure in tcpdns.c
CVE-2020-8621: Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c
CVE-2020-8622: A truncated TSIG response can lead to an assertion failure
CVE-2020-8623: A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c
CVE-2020-8624: update-policy rules of type "subdomain" are enforced incorrectly
---------------------------------------------
https://kb.isc.org/docs/cve-2020-8620
https://kb.isc.org/docs/cve-2020-8621
https://kb.isc.org/docs/cve-2020-8622
https://kb.isc.org/docs/cve-2020-8623
https://kb.isc.org/docs/cve-2020-8624
∗∗∗ Sicherheitsupdates: Wieder eine "vergessene" Hintertür in Cisco-Produkten ∗∗∗
---------------------------------------------
Angreifer könnten unter anderem Cisco vWAAS, Smart Software Manager und Video Surveillance 8000 Series attackieren.
---------------------------------------------
https://heise.de/-4875646
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ghostscript), Fedora (curl and mod_http2), Mageia (ngircd), openSUSE (kernel), SUSE (libreoffice), and Ubuntu (curl).
---------------------------------------------
https://lwn.net/Articles/829280/
∗∗∗ CERT/CC Warns of Vulnerabilities in Diebold Nixdorf, NCR ATMs ∗∗∗
---------------------------------------------
The CERT Coordination Center (CERT/CC) at Carnegie Mellon University has published alerts on several vulnerabilities that impact Diebold Nixdorf ProCash and NCR SelfServ automated teller machines (ATMs).
---------------------------------------------
https://www.securityweek.com/certcc-warns-vulnerabilities-diebold-nixdorf-ncr-atms
∗∗∗ Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Control (CVE-2020-4329) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-websphere-application-server-liberty-affects-ibm-spectrum-control-cve-2020-4329/
∗∗∗ Security Bulletin: Golang Vulnerabilities in IBM Cloud CLI 1.1.0 or earlier ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-golang-vulnerabilities-in-ibm-cloud-cli-1-1-0-or-earlier/
∗∗∗ Security Bulletin: IBM MQ for HPE NonStop Server is affected by vulnerability CVE-2020-4465 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4465/
∗∗∗ Security Bulletin: Information disclosure vulnerability in WebSphere Application Server Liberty ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-liberty/
∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM Spectrum Control (CVE-2020-8172, CVE-2020-8174, CVE-2020-11080) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-control-cve-2020-8172-cve-2020-8174-cve-2020-11080/
∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure and denial of service (CVE-2020-4414) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-and-denial-of-service-cve-2020-4414-2/
∗∗∗ Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Spectrum Control (CVE-2020-2654, CVE-2020-2781, CVE-2020-2800) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-sdk-affect-ibm-spectrum-control-cve-2020-2654-cve-2020-2781-cve-2020-2800/
∗∗∗ Security Bulletin: IBM MQ for HPE NonStop Server is affected by vulnerability CVE-2020-4375 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4375/
∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4589) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4589-3/
∗∗∗ August 20, 2020 TNS-2020-06 [R1] Nessus 8.11.1 Fixes One Vulnerability ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2020-06
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list