[CERT-daily] Tageszusammenfassung - 15.12.2020

Daily end-of-shift report team at cert.at
Tue Dec 15 18:14:30 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 14-12-2020 18:00 − Dienstag 15-12-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ SolarWinds hackers have a clever way to bypass multi-factor authentication ∗∗∗
---------------------------------------------
Hackers who hit SolarWinds compromised a think tank three separate times.
---------------------------------------------
https://arstechnica.com/?p=1729836


∗∗∗ Paypal‑Betrugsmaschen – Wie Sie sich schützen können ∗∗∗
---------------------------------------------
Paypal ist einer der größten und beliebtesten Zahlungsdienste und daher im Fadenkreuz vieler Cyberkrimineller. Wie kann man sich vor deren Tricks schützen?
---------------------------------------------
https://www.welivesecurity.com/deutsch/2020/12/15/betrugsmaschen-der-paypal-betrueger-wie-koennen-sie-sich-schuetzen/


∗∗∗ Vorsicht: Gefälschte Benachrichtigungen von Paketdiensten im Umlauf ∗∗∗
---------------------------------------------
Warten Sie gerade auf ein Paket? Dann nehmen Sie sich vor gefälschten Benachrichtigungen per E-Mail oder SMS im Namen der Post, DHL oder anderen Paketdiensten in Acht! Kriminelle fälschen E-Mails bekannter Zustelldienste und behaupten darin, es müssten 1-2 Euro Zustellungs- oder Zollgebühren bezahlt werden. Wird diese Gebühr per Kreditkarte bezahlt, buchen Kriminelle Monat für Monat 50-90 Euro ab.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-gefaelschte-benachrichtigungen-von-paketdiensten-im-umlauf/


∗∗∗ Hospitals are leaving millions of sensitive medical images exposed online ∗∗∗
---------------------------------------------
Cybersecurity researchers discover millions of medical files and associated personal data left discoverable on the open web due to being stored insecurely.
---------------------------------------------
https://www.zdnet.com/article/hospitals-are-leaving-millions-of-sensitive-medical-images-exposed-online/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Xen Security Advisories ∗∗∗
---------------------------------------------
Xen has released 15 Security Advisories.
---------------------------------------------
https://xenbits.xen.org/xsa/


∗∗∗ URL Spoofing Vulnerability in Bitdefender SafePay (VA-8958) ∗∗∗
---------------------------------------------
An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects Bitdefender Antivirus Plus versions prior to 25.0.7.29.
---------------------------------------------
https://www.bitdefender.com/support/security-advisories/url-spoofing-vulnerability-bitdefender-safepay-va-8958/


∗∗∗ Apple security updates ∗∗∗
---------------------------------------------
Apple has released the following security updates: iOS 14.3 and iPadOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Server 5.11, tvOS 14.3, watchOS 7.2, Safari 14.0.2, iOS 12.5, watchOS 6.3
---------------------------------------------
https://support.apple.com/en-us/HT201222


∗∗∗ libarchive vulnerability CVE-2017-5601 ∗∗∗
---------------------------------------------
An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive. [...] The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations.
---------------------------------------------
https://support.f5.com/csp/article/K50543013


∗∗∗ SECURITY BULLETIN: December 2020 Security Bulletin for Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 ∗∗∗
---------------------------------------------
Trend Micro has made a Critical Patch (CP) available for Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2. This CP addresses multiple vulnerabilities related to CRSF protection bypass, cross-site scripting (XSS), authorization/authentication bypass, command execution and unauthenticated command injections.
---------------------------------------------
https://success.trendmicro.com/solution/000283077


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libxstream-java and xen), Fedora (curl), openSUSE (curl, kernel, mariadb, and openssl-1_1), Oracle (kernel, libexif, thunderbird, and xorg-x11-server), Red Hat (curl, gd, kernel, kernel-rt, linux-firmware, net-snmp, openssl, pacemaker, python-rtslib, samba, targetcli, and xorg-x11-server), Scientific Linux (libexif, thunderbird, and xorg-x11-server), and SUSE (clamav, gdm, and kernel).
---------------------------------------------
https://lwn.net/Articles/840217/


∗∗∗ Synology-SA-20:28 File Station ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to read arbitrary files via a susceptible version of File Station.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_28


∗∗∗ Citrix Hypervisor Security Update ∗∗∗
---------------------------------------------
Several security issues have been identified that, collectively, may allow privileged code running in a guest VM to compromise the host or cause a denial of service.
---------------------------------------------
https://support.citrix.com/article/CTX286756


∗∗∗ WAGO Series 750-88x and 750-352 (Update A) ∗∗∗
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-20-308-01 WAGO Series 750-88x and 750-352 that was published November 3, 2020, on the ICS webpage on us-cert.gov. This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the WAGO Fieldbus Ethernet coupler.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-20-308-01


∗∗∗ Eclipse Jetty vulnerability CVE-2019-10241 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K01869532


∗∗∗ HCL Domino: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1237


∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1238


∗∗∗ Security Bulletin: A security vulnerability in angular.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-angular-js-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management-and-managed-service-2/


∗∗∗ Security Bulletin: Gradle version in IBP javaenv and dind images depends on vulnerable Apache Ant ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-gradle-version-in-ibp-javaenv-and-dind-images-depends-on-vulnerable-apache-ant/


∗∗∗ Security Bulletin: A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management Managed Service. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-go-affects-ibm-cloud-pak-for-multicloud-management-managed-service-4/


∗∗∗ Security Bulletin: Vulnerability in nss and nspr CVE-2019-17006. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nss-and-nspr-cve-2019-17006/


∗∗∗ Security Bulletin: A vulnerability have been identified in jwt-go shipped with IBM Netcool Operations Insight Event Integrations Operator (CVE-2020-26160) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-have-been-identified-in-jwt-go-shipped-with-ibm-netcool-operations-insight-event-integrations-operator-cve-2020-26160/


∗∗∗ Security Bulletin: A security vulnerability in Node.js serialize-javascript affects IBM Cloud Pak for Multicloud Management Managed Service. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-serialize-javascript-affects-ibm-cloud-pak-for-multicloud-management-managed-service-2/


∗∗∗ Security Bulletin: IBP javaenv and dind images ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibp-javaenv-and-dind-images/


∗∗∗ Security Bulletin: A security vulnerability in Node.js acorn and bootstrap-select affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-acorn-and-bootstrap-select-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management-and-managed-service-2/


∗∗∗ Security Bulletin: A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management Managed Service. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-go-affects-ibm-cloud-pak-for-multicloud-management-managed-service-3/


∗∗∗ Security Bulletin: Vulnerability in libssh2 CVE-2019-17498. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-libssh2-cve-2019-17498/


∗∗∗ ZDI-20-1444: (0Day) Eaton EASYsoft E70 File Parsing Type Confusion Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-20-1444/


∗∗∗ ZDI-20-1443: (0Day) Eaton EASYsoft E70 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-20-1443/


∗∗∗ ZDI-20-1442: (0Day) Eaton EASYsoft E70 File Parsing Type Confusion Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-20-1442/


∗∗∗ ZDI-20-1441: (0Day) Eaton EASYsoft E70 File Parsing Type Confusion Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-20-1441/


∗∗∗ ZDI-20-1429: D-Link DAP-1860 uhttpd Authentication Bypass Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-20-1429/


∗∗∗ ZDI-20-1428: D-Link DAP-1860 HNAP Authorization Command Injection Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-20-1428/


∗∗∗ ZDI-20-1427: D-Link Multiple Routers dhttpd Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-20-1427/


∗∗∗ ZDI-20-1426: D-Link Multiple Routers dhttpd Command Injection Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-20-1426/


∗∗∗ ZDI-20-1438: (0Day) D-Link DCS-960L HTTP Authorization Header Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-20-1438/


∗∗∗ ZDI-20-1437: (0Day) D-Link DCS-960L HNAP LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-20-1437/


∗∗∗ ZDI-20-1436: (0Day) D-Link DCS-960L HNAP Login Cookie Format String Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-20-1436/


∗∗∗ ZDI-20-1435: (0Day) D-Link DCS-960L HNAP Cookie Format String Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-20-1435/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list