[CERT-daily] Tageszusammenfassung - 06.02.2020
Daily end-of-shift report
team at cert.at
Thu Feb 6 18:08:40 CET 2020
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 05-02-2020 18:00 − Donnerstag 06-02-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Philips Hue: Kritische Sicherheitslücke in smarten Lampen ∗∗∗
---------------------------------------------
Hacker können mit einer Antenne das Netzwerk der User und damit verbundene Computer übernehmen.
---------------------------------------------
https://futurezone.at/produkte/philips-hue-kritische-sicherheitsluecke-in-smarten-lampen/400747308
∗∗∗ Fake browser update pages are "still a thing", (Wed, Feb 5th) ∗∗∗
---------------------------------------------
SocGholish is a term I first saw in signatures from the EmergingThreats Pro ruleset to describe fake browser update pages used to distribute malware like a NetSupport RAT-based malware package or Chthonic banking malware. Although this activity has continued into 2020, I hadn't run across an example until this week.
---------------------------------------------
https://isc.sans.edu/diary/rss/25774
∗∗∗ This crafty malware makes you retype your passwords so it can steal them ∗∗∗
---------------------------------------------
Metamorfo banking trojan has expanded its campaign to target online users banking services.
---------------------------------------------
https://www.zdnet.com/article/this-crafty-malware-makes-you-retype-your-passwords-so-it-can-steal-them/
=====================
= Vulnerabilities =
=====================
∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB20-05) ∗∗∗
---------------------------------------------
A prenotification security advisory (APSB20-05) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, February 11, 2020. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well as the Adobe PSIRT Blog.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1828
∗∗∗ Views Bulk Operations (VBO) - Moderately critical - Access bypass - SA-CONTRIB-2020-003 ∗∗∗
---------------------------------------------
Project: Views Bulk Operations (VBO)Date: 2020-February-05Security risk: Moderately critical 12∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Access bypassDescription: Views Bulk Operations provides enhancements to running bulk actions on views.The module contains an access bypass vulnerability that might allow users to execute views actions that they should not have access to.
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-003
∗∗∗ Hintertür in vielen Überwachungskameras mit HiSilicon-Chips ∗∗∗
---------------------------------------------
Die Firmware zahlreicher IP-Kameras mit Systems-on-Chip (SoCs) der Huawei-Sparte HiSilicon erlaubt Root-Zugriff via telnet.
---------------------------------------------
https://heise.de/-4654525
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (kernel-rt, qemu-kvm, spamassassin, and Xorg), Debian (ruby-rack-cors), Fedora (glibc), openSUSE (ImageMagick), Oracle (ipa, kernel, and qemu-kvm), SUSE (systemd), and Ubuntu (exiv2, mbedtls, and systemd).
---------------------------------------------
https://lwn.net/Articles/811678/
∗∗∗ Auth0 < 3.11.3 - Unauthenticated Reflected XSS via wle Parameter ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/10059
∗∗∗ Ultimate Membership Pro < 8.6.1 - Multiple Critical Vulnerabilities ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/10061
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM WIoTP MessageGateway (CVE-2020-2604, CVE-2020-2659) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-wiotp-messagegateway-cve-2020-2604-cve-2020-2659/
∗∗∗ Security Bulletin: Windows installers of IBM Cloud CLI prior to 0.16.2 are signed using SHA1 certificate ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-windows-installers-of-ibm-cloud-cli-prior-to-0-16-2-are-signed-using-sha1-certificate/
∗∗∗ Security Bulletin: Vulnerability of Embedded CF CLI In IBM Cloud CLI ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-of-embedded-cf-cli-in-ibm-cloud-cli/
∗∗∗ BIG-IP Edge Client for Windows vulnerability CVE-2020-5855 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K55102004
∗∗∗ BIG-IP TMM AWS vulnerability CVE-2020-5856 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K00025388
∗∗∗ BIG-IP TMM vulnerability CVE-2020-5854 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K50046200
∗∗∗ Atlassian Jira Software: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0099
∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0104
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list