[CERT-daily] Tageszusammenfassung - 19.02.2020
Daily end-of-shift report
team at cert.at
Wed Feb 19 18:50:26 CET 2020
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 18-02-2020 18:00 − Mittwoch 19-02-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ SMS Attack Spreads Emotet, Steals Bank Credentials ∗∗∗
---------------------------------------------
A new Emotet campaign is spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan.
---------------------------------------------
https://threatpost.com/sms-attack-spreads-emotet-bank-credentials/153015/
∗∗∗ Jetzt updaten: Exploit-Code für Lücke in Microsoft SQL Server veröffentlicht ∗∗∗
---------------------------------------------
Updates für MS SQL Server 2012, 2014 und 2016 vom Patch Tuesday beheben eine Sicherheitslücke, für die nun Proof-of-Concept-Code vorliegt.
---------------------------------------------
https://heise.de/-4663968
∗∗∗ Firmware-Sicherheitslücken: Angriffe auf Notebooks von Dell, HP und Lenovo ∗∗∗
---------------------------------------------
Notebook-Hersteller verbauen allerlei Komponenten von Zulieferern, denen selbst einfache Schutzmaßnahmen fehlen.
---------------------------------------------
https://heise.de/-4664246
∗∗∗ E-Mail der DNS Austria ist betrügerisch ∗∗∗
---------------------------------------------
Zahlreiche Website-BesitzerInnen erhalten momentan ein E-Mail einer DNS Austria – einem Unternehmen, das angeblich Domainnamen registriert. Sie werden darüber informiert, dass jemand ihre Domain mit einer anderen Endung registrieren möchte. Ihnen wird die Möglichkeit geboten, diese Domain zuvor zu kaufen. Überweisen Sie der DNS Austria kein Geld, es handelt sich um ein betrügerisches Vorgehen und das Unternehmen existiert nicht.
---------------------------------------------
https://www.watchlist-internet.at/news/e-mail-der-dns-austria-ist-betruegerisch/
=====================
= Vulnerabilities =
=====================
∗∗∗ Spacelabs Xhibit Telemetry Receiver (XTR) ∗∗∗
---------------------------------------------
This medical advisory contains mitigations for an improper input validation vulnerability in Spacelabs Xhibit Telemetry Receiver hardware
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsma-20-049-01
∗∗∗ GE Ultrasound products ∗∗∗
---------------------------------------------
This medical advisory contains mitigations for a protection mechanism failure vulnerability in GE ultrasound products.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsma-20-049-02
∗∗∗ Honeywell INNCOM INNControl 3 ∗∗∗
---------------------------------------------
This advisory contains mitigations for an improper privilege management vulnerability in Honeywells INNCOM INNControl 3 energy management platform.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-049-01
∗∗∗ Emerson OpenEnterprise ∗∗∗
---------------------------------------------
This advisory contains mitigations for a heap-based buffer overflow vulnerability in Emersons OpenEnterprise SCADA Server software.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-049-02
∗∗∗ VMSA-2020-0003 ∗∗∗
---------------------------------------------
vRealize Operations for Horizon Adapter updates address multiple security vulnerabilities (CVE-2020-3943, CVE-2020-3944, CVE-2020-3945)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2020-0003.html
∗∗∗ Zero-Day Vulnerability in ThemeREX Addons Plugin Exploited in the Wild ∗∗∗
---------------------------------------------
Description: Remote Code Execution Affected Plugin: ThemeREX Addons Plugin Slug: trx_addons Affected Versions: Versions greater than 1.6.50 CVSS Score: 9.8 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Patched Version: Currently No Patch. Today, February 18th, our Threat Intelligence team was notified of a vulnerability present in ThemeREX Addons, a WordPress plugin installed on an estimated 44,000 sites.
---------------------------------------------
https://www.wordfence.com/blog/2020/02/zero-day-vulnerability-in-themerex-addons-plugin-exploited-in-the-wild/
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox, java-1.7.0-openjdk, ksh, and sudo), Debian (php7.0 and python-django), Fedora (cacti, cacti-spine, mbedtls, and thunderbird), openSUSE (chromium, re2), Oracle (firefox, java-1.7.0-openjdk, and sudo), Red Hat (openjpeg2 and sudo), Scientific Linux (java-1.7.0-openjdk and sudo), SUSE (dbus-1, dpdk, enigmail, fontforge, gcc9, ImageMagick, ipmitool, php72, sudo, and wicked), and Ubuntu (clamav, linux, linux-aws, linux-aws-hwe, linux-azure,
---------------------------------------------
https://lwn.net/Articles/812851/
∗∗∗ Bugtraq: [TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP) ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/542236
∗∗∗ Cisco Security Advisories ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/publicationListing.x
∗∗∗ FortiOS URL redirection attack via the admin password change page ∗∗∗
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-19-179
∗∗∗ Huawei Security Advisories ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/all-bulletins?name=security-advisories&year=2020
∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4135). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-denial-of-service-cve-2020-4135/
∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4161) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-denial-of-service-cve-2020-4161/
∗∗∗ Security Bulletin: A vulnerability have been identified in Netty shipped with IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library (CVE-2019-16869) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-have-been-identified-in-netty-shipped-with-ibm-tivoli-netcool-omnibus-transport-module-common-integration-library-cve-2019-16869/
∗∗∗ Security Bulletin: A vulnerability has been identified in FasterXML Jackson library shipped with IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2019-14540) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-fasterxml-jackson-library-shipped-with-ibm-tivoli-netcool-omnibus-common-integration-libraries-cve-2019-14540/
∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4200). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-denial-of-service-cve-2020-4200/
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-4663) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-ibm-websphere-application-server-liberty-vulnerability-cve-2019-4663/
∗∗∗ Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-multiple-ibm-rational-products-based-on-ibm-jazz-technology/
∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to privilege escalation (CVE-2020-4230). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-privilege-escalation-cve-2020-4230/
∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2019-4429) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-cross-site-scripting-cve-2019-4429/
∗∗∗ Security Bulletin: Vulnerability in Netty affects IBM Netcool Agile Service Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-netty-affects-ibm-netcool-agile-service-manager/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list