[CERT-daily] Tageszusammenfassung - 02.12.2020

Daily end-of-shift report team at cert.at
Wed Dec 2 18:08:34 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 01-12-2020 18:00 − Mittwoch 02-12-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Project Zero: Exploit zeigt Komplettübernahme von iPhones per WLAN ∗∗∗
---------------------------------------------
Ohne Bugfix hätten iPhones vollständig per WLAN ausgelesen werden können - über eine triviale Lücke. Apple hat den Fehler bereits behoben.
---------------------------------------------
https://www.golem.de/news/project-zero-exploit-zeigt-komplettuebernahme-von-iphones-per-wlan-2012-152542-rss.html


∗∗∗ "Free" Symchanger Malware Tricks Users Into Installing Backdoor ∗∗∗
---------------------------------------------
In a previous post, I discussed how attackers can trick website owners into installing malware onto a website - granting the attacker the same unauthorized access as if they had exploited a vulnerability or compromised login details for the website. But did you know attackers use the same tactic against other bad actors? They do this by offering free malware, even going to great lengths to include a guide on how to use it.
---------------------------------------------
https://blog.sucuri.net/2020/12/free-symchanger-malware-tricks-users-into-installing-backdoor.html


∗∗∗ Remote Code Execution: Lücken in NAS-Betriebssystem QTS von Qnap geschlossen ∗∗∗
---------------------------------------------
Die Qnap-Entwickler haben eine abgesicherte Version von QTS für NAS-Geräte aus dem eigenen Haus veröffentlicht.
---------------------------------------------
https://heise.de/-4977592


∗∗∗ Paketmanager npm: Remote Access Trojan tarnt sich als JSON-Tool ∗∗∗
---------------------------------------------
Die zwei Pakete jdb.js und db-json.js versuchen njRAT zu installieren und die Windows-Firewall passend zu öffnen.
---------------------------------------------
https://heise.de/-4977572


∗∗∗ Zahlreiche betrügerische Jobangebote von rareAI und enixAI online! ∗∗∗
---------------------------------------------
„Quereinsteiger im KI-Training“ oder „Datenerfasser/KI-Trainer“ – so oder so ähnlich klingen betrügerische Jobangebote, die derzeit auf zahlreichen Plattformen inseriert werden. Dahinter stecken die angeblichen Start-Ups rareAI oder enixAI. Doch weder die Unternehmen existieren erhalten Interessierte eine bezahlte Arbeit. Stattdessen wird der Bewerbungsprozess genutzt, um im Namen der Opfer ein Konto zu eröffnen, nebenbei klauen die Kriminellen noch [...]
---------------------------------------------
https://www.watchlist-internet.at/news/zahlreiche-betruegerische-jobangebote-von-rareai-und-enixai-online/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ ICS Advisory (ICSA-20-336-01) Schneider Electric EcoStruxure Operator Terminal Expert runtime (Vijeo XD) ∗∗∗
---------------------------------------------
Successful exploitation of this vulnerability may allow unauthorized command execution by a local user of the Windows engineering workstation, which could result in loss of availability, confidentiality, and integrity of the workstation where EcoStruxure Operator Terminal Expert runtime is installed.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-20-336-01


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (brotli, jupyter-notebook, and postgresql-9.6), Fedora (perl-Convert-ASN1 and php-pear), openSUSE (go1.15, libqt5-qtbase, mutt, python-setuptools, and xorg-x11-server), Oracle (firefox, kernel, libvirt, and thunderbird), Red Hat (rh-postgresql10-postgresql and rh-postgresql12-postgresql), SUSE (java-1_8_0-openjdk, python, python-cryptography, python-setuptools, python3, and xorg-x11-server), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi, linux, linux-aws, linux-azure, linux-kvm, linux-lts-trusty, linux-raspi2, linux-snapdragon, python-werkzeug, and xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04).
---------------------------------------------
https://lwn.net/Articles/838786/


∗∗∗ Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201202-02-privilege-en


∗∗∗ HCL Domino: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1182


∗∗∗ FreeBSD: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1185


∗∗∗ McAfee Total Protection: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1184


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 – July 2020 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-virtualization-engine-ts7700-july-2020/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in firmware supporting products shipped with IBM Clouf Pak System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-firmware-supporting-products-shipped-with-ibm-clouf-pak-system/


∗∗∗ Security Bulletin: CVE-2020-26217 XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-26217-xstream-before-version-1-4-14-is-vulnerable-to-remote-code-execution-the-vulnerability-may-allow-a-remote-attacker-to-run-arbitrary-shell-commands-only-by-manipulatin/


∗∗∗ Security Bulletin: Multiple security vulnerabilities with Administration Console for Content Platform Engine component in IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4447, CVE-2020-4459 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-with-administration-console-for-content-platform-engine-component-in-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list