[CERT-daily] Tageszusammenfassung - 04.12.2020

Fri Dec 4 18:22:04 CET 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 03-12-2020 18:00 − Freitag 04-12-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Achtung! Amazon-Phishing Mails boomen derzeit! ∗∗∗
---------------------------------------------
Der Black Friday ist vorbei, Weihnachten steht vor der Tür und Österreich befindet sich nach wie vor im Lockdown. All das sind Gründe, wieso der Online-Handel derzeit boomt – genauso boomen jedoch betrügerische Nachrichten, die im Namen von Amazon verschickt werden. Aktuell kursieren E-Mails, bei denen BetrügerInnen Ihnen eine doppelte Abbuchung vorgaukeln, um an Ihre Daten zu kommen.
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-amazon-phishing-mails-boomen-derzeit/


∗∗∗ Malware für den Diebstahl von Finanzdaten versteckt sich hinter Social-Media-Buttons ∗∗∗
---------------------------------------------
Die Buttons erlauben angeblich das Teilen von Inhalten per Facebook, Twitter und Instagram. Stattdessen aktivieren sie Schadcode, der es auf persönliche Informationen und Kreditkartendaten abgesehen hat. Die zugehörige Malware ist bereits seit Ende September im Umlauf.
---------------------------------------------
https://www.zdnet.de/88390301/malware-fuer-den-diebstahl-von-finanzdaten-versteckt-sich-hinter-social-media-buttons/


∗∗∗ Cybercrime: Trickbot lernt neuen Trick ∗∗∗
---------------------------------------------
Emotet-Infektionen werden zukünftig noch gefährlicher. Denn die nachgeladene Malware könnte sich im BIOS festsetzen.
---------------------------------------------
https://heise.de/-4980197


∗∗∗ Forscher warnen vor teils noch ungefixter Schwachstelle in diversen Android-Apps ∗∗∗
---------------------------------------------
Die ehemals verwundbare, durch Google bereits im März reparierte Play Core-Library wurde durch manche App-Entwickler (noch) nicht aktiv aktualisiert.
---------------------------------------------
https://heise.de/-4979478


∗∗∗ The chronicles of Emotet ∗∗∗
---------------------------------------------
More than six years have passed since the banking Trojan Emotet was first detected. During this time it has repeatedly mutated, changed direction, acquired partners, picked up modules, and generally been the cause of high-profile incidents and multimillion-dollar losses.
---------------------------------------------
https://securelist.com/the-chronicles-of-emotet/99660/


∗∗∗ Leaking Browser URL/Protocol Handlers ∗∗∗
---------------------------------------------
An important step in any targeted attack is reconnaissance. The more information an attacker can obtain on the victim the greater the chances for a successful exploitation and infiltration. Recently, we uncovered two information disclosure vulnerabilities affecting three of the major web browsers which can be leveraged to leak out a vast range of installed applications, including the presence of security products, allowing a threat actor to gain critical insights on the target.
---------------------------------------------
https://www.fortinet.com/blog/threat-research/leaking-browser-url-protocol-handlers


=====================
=  Vulnerabilities  =
=====================

∗∗∗ VMware Releases Security Updates to Address CVE-2020-4006 ∗∗∗
---------------------------------------------
VMware has released security updates to address a vulnerability—CVE-2020-4006—in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0027.2 and apply the necessary updates.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2020/12/03/vmware-releases-security-updates-address-cve-2020-4006


∗∗∗ Webserver-Sicherheitslücke: Heikle Konfigurations- und Statusdaten publiziert ∗∗∗
---------------------------------------------
Fehlkonfigurierte Webserver von Bundesbehörden und IT-Firmen präsentierten Besucher-IPs, Benutzernamen, Meeting-Kennungen und mehr offen im Internet.
---------------------------------------------
https://heise.de/-4971830


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (thunderbird), Fedora (c-ares, pdfresurrect, webkit2gtk3, and xen), openSUSE (python3), SUSE (gdm, python-pip, rpmlint, and xen), and Ubuntu (snapcraft).
---------------------------------------------
https://lwn.net/Articles/838960/


∗∗∗ WECON LeviStudioU (Update C) ∗∗∗
---------------------------------------------
This updated advisory is a follow-up to the advisory update titled ICSA-20-238-03 WECON LeviStudioU (Update B) that was published October 29, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in the WECON Technology LeviStudioU software.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03


∗∗∗ Apache Tomcat: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1195


∗∗∗ Security Advisory - Privilege Escalation Vulnerability in Huawei Smartphone ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201202-01-smartphone-en


∗∗∗ Security Advisory - Resource Management Error Vulnerability in Huawei CloudEngine 1800V Product ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201202-01-cloudengine-en


∗∗∗ Intel CPU vulnerability CVE-2020-0591 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K82356391


∗∗∗ Intel CPU vulnerability CVE-2020-0592 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K04160444


∗∗∗ QEMU vulnerability CVE-2020-27617 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K41142448


∗∗∗ Jetty vulnerability CVE-2019-10247 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K41412302


∗∗∗ Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Program Management (CVE-2020-11023, CVE-2020-11022) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-program-management-cve-2020-11023-cve-2020-11022/


∗∗∗ Security Bulletin: Trusteer Mobile SDK is vulnerable to CVE-2019-17362 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-trusteer-mobile-sdk-is-vulnerable-to-cve-2019-17362/


∗∗∗ Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Sourcing (CVE-2020-11023, CVE-2020-11022) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-sourcing-cve-2020-11023-cve-2020-11022/


∗∗∗ Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Contract Management (CVE-2020-11023, CVE-2020-11022) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-contract-management-cve-2020-11023-cve-2020-11022/


∗∗∗ Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Spend Analysis (CVE-2020-11023, CVE-2020-11022) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-spend-analysis-cve-2020-11023-cve-2020-11022/


∗∗∗ Security Bulletin: IBM API Connect is vulnerable to arbitrary code execution and security bypass in Drupal (CVE-2020-13664, CVE-2020-13665) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulnerable-to-arbitrary-code-execution-and-security-bypass-in-drupal-cve-2020-13664-cve-2020-13665-4/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2020-14579, CVE-2020-14578, CVE-2020-14577, CVE-2020-14621) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-watson-explorer-and-watson-explorer-content-analytics-studio-cve-2020-14579-cve-2020-14578-cve-2020-14577-cve-2020-14621/


∗∗∗ Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform (CVE-2020-11023, CVE-2020-11022) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform-cve-2020-11023-cve-2020-11022/


∗∗∗ Security Bulletin: Multiple security vulnerabilities with IBM Content Navigator component in IBM Business Automation Workflow – CVE-2020-4687, CVE-2020-4760, CVE-2020-4704 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-with-ibm-content-navigator-component-in-ibm-business-automation-workflow-cve-2020-4687-cve-2020-4760-cve-2020-4704/


∗∗∗ Security Bulletin: Upgrade javaenv:2.2 to address Gradle oauth authentication concerns. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-upgrade-javaenv2-2-to-address-gradle-oauth-authentication-concerns/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily