[CERT-daily] Tageszusammenfassung - 20.02.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 19-02-2020 18:00 − Donnerstag 20-02-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Cybergang Favors G Suite and Physical Checks For BEC Attacks ∗∗∗
---------------------------------------------
Exaggerated Lion, a newly discovered cybercrime group, uses new and unique tactics to target U.S. companies in BEC attacks.
---------------------------------------------
https://threatpost.com/cybergang-favors-g-suite-and-physical-checks-for-bec-attacks/153074/


∗∗∗ Nearly half of hospital Windows systems still vulnerable to RDP bugs ∗∗∗
---------------------------------------------
Almost half of connected hospital devices are still exposed to the wormable BlueKeep Windows flaw nearly a year after it was announced, according to a report released this week.
---------------------------------------------
https://nakedsecurity.sophos.com/2020/02/20/nearly-half-of-hospital-windows-systems-still-vulnerable-to-rdp-bugs/


∗∗∗ Building a Stronger Cybersecurity Community: 8th ENISA Industry Event ∗∗∗
---------------------------------------------
On 17 February 2020, the EU Agency for Cybersecurity organised its 8th Industry Event in Brussels.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/building-a-stronger-cybersecurity-community-fifth-enisa-industry-event


∗∗∗ Telecom Security Authorities meeting in Brussels ∗∗∗
---------------------------------------------
Last week the EU Agency for Cybersecurity hosted the 30th Article 13a meeting in Brussels.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/telecom-security-authorities-meeting-in-brussels


∗∗∗ Sicherheitsupdates: Ciscos High-Availability-Feature heißt Angreifer willkommen ∗∗∗
---------------------------------------------
Cisco kümmert sich unter anderem um kritische Lücken in Smart Software Manager, Email Security Appliance & Co.
---------------------------------------------
https://heise.de/-4664787


∗∗∗ Betrügerische Trading-Plattformen nehmen frühere Opfer ins Visier ∗∗∗
---------------------------------------------
Unseriöse Trading-Plattformen versuchen ihren Opfern mit unterschiedlichsten Maschen das Geld aus der Tasche zu ziehen. Einige frühere Betroffene werden nun erneut kontaktiert, obwohl sie bereits jeglichen Kontakt abgebrochen hatten: Angeblich wurden zwischenzeitlich hohe Gewinne erzielt, die nach Zahlung der Steuern beantragt werden könnten. Hier darf nichts bezahlt werden!
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-trading-plattformen-nehmen-fruehere-opfer-ins-visier/


∗∗∗ Exploiting Jira for Host Discovery ∗∗∗
---------------------------------------------
Last October I dived into the world of Jira Software (version 8.4.1) in the hope of discovering new vulnerabilities. Initially, I came across a few Cross-Site Request Forgery (CSRF) weaknesses, leading me to a vulnerability that allows a user to instruct the Jira server to initiate connections to other hosts of my choice.
---------------------------------------------
https://medium.com/tenable-techblog/exploiting-jira-for-host-discovery-43be3cddf023



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Critical Adobe Flaws Fixed in Out-of-Band Update ∗∗∗
---------------------------------------------
Two critical Adobe vulnerabilities have been fixed in Adobe After Effects and Adobe Media Encoder.
---------------------------------------------
https://threatpost.com/critical-adobe-flaws-fixed-in-out-of-band-update/153060/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (netty and netty-3.9), Fedora (ceph, dovecot, poppler, and webkit2gtk3), openSUSE (inn and rmt-server), Oracle (openjpeg2), Red Hat (rabbitmq-server), Scientific Linux (openjpeg2), SUSE (dnsmasq, rsyslog, and slurm), and Ubuntu (php7.0).
---------------------------------------------
https://lwn.net/Articles/812924/


∗∗∗ jQuery vulnerability CVE-2015-9251 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K29562170


∗∗∗ PHP: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0147


∗∗∗ Duplicator < 1.3.28 - Unauthenticated Arbitrary File Download ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/10078


∗∗∗ Profile - Moderately critical - Access Bypass - SA-CONTRIB-2020-004 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-004


∗∗∗ Security Bulletin: SQL Injection Affects IBM Emptoris Spend Analysis (CVE-2019-4752) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-affects-ibm-emptoris-spend-analysis-cve-2019-4752/


∗∗∗ Security Bulletin: Resilient is vulnerable to Using Components with Known Vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-resilient-is-vulnerable-to-using-components-with-known-vulnerabilities/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-websphere-cast-iron-solution/


∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2019-4640) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-security-secret-server-cve-2019-4640/


∗∗∗ Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-cast-iron-solution-app-connect-professional-is-affected-by-apache-tomcat-vulnerabilities-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-node-js-affect-ibm-i/


∗∗∗ Security Bulletin: IBM API Connect has addressed the following vulnerability. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-has-addressed-the-following-vulnerability/


∗∗∗ Security Bulletin: IBM API Connect is impacted by a vulnerability in Kubernetes(CVE-2019-11251) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-vulnerability-in-kubernetescve-2019-11251/


∗∗∗ Security Bulletin: SQL Injection Affects IBM Emptoris Strategic Supply Management Platform (CVE-2019-4752) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-affects-ibm-emptoris-strategic-supply-management-platform-cve-2019-4752/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-websphere-cast-iron-solution-app-connect-professional/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily