[CERT-daily] Tageszusammenfassung - 21.02.2020

Daily end-of-shift report team at cert.at
Fri Feb 21 18:08:19 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 20-02-2020 18:00 − Freitag 21-02-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Coronavirus-Malware breitet sich massiv aus ∗∗∗
---------------------------------------------
Cybersecurity-Experten warnen, dass der Coronavirus immer mehr zur Verbreitung von Malware genutzt wird.
---------------------------------------------
https://futurezone.at/digital-life/coronavirus-malware-breitet-sich-massiv-aus/400760661


∗∗∗ Subdomain-Takeover: Hunderte Microsoft-Subdomains gekapert ∗∗∗
---------------------------------------------
Ein Sicherheitsforscher konnte in den vergangenen Jahren Hunderte Microsoft-Subdomains kapern, doch trotz Meldung kümmerte sich Microsoft nur um wenige. Doch nicht nur der Sicherheitsforscher, auch eine Glücksspielseite übernahm offizielle Microsoft.com-Subdomains.
---------------------------------------------
https://www.golem.de/news/subdomain-takeover-hunderte-microsoft-subdomains-gekapert-2002-146766-rss.html


∗∗∗ Apple: Safari soll nur noch einjährige TLS-Zertifikate akzeptieren ∗∗∗
---------------------------------------------
Apples Browser Safari soll ab 1. September nur noch TLS-Zertifikate mit einer maximalen Gültigkeit von 13 Monaten akzeptieren. Betroffen sind Webseiten wie Github.com oder Microsoft.com, die derzeit auf Zwei-Jahres-Zertifikate setzen.
---------------------------------------------
https://www.golem.de/news/apple-safari-soll-nur-noch-einjaehrige-tls-zertifikate-akzeptieren-2002-146779-rss.html


∗∗∗ Quick Analysis of an Encrypted Compound Document Format, (Fri, Feb 21st) ∗∗∗
---------------------------------------------
We like when our readers share interesting samples! Even if we have our own sources to hunt for malicious content, its always interesting to get fresh meat from third parties. Robert shared an interesting Microsoft Word document that I quickly analysed. Thanks to him!
---------------------------------------------
https://isc.sans.edu/diary/rss/25826


∗∗∗ How to Find & Remove SEO Spam on WordPress ∗∗∗
---------------------------------------------
Perhaps the best way to dive into the subject of finding and removing SEO spam on WordPress is with a quick experiment — probably one you’ll want to conduct at a private location. Run a Google search with the terms buy viagra cialis. Without clicking anything (seriously, don’t), take a close look at the results. You’ll likely see one or more seemingly innocent, non-pharmaceutical websites advertising these medications.
---------------------------------------------
https://blog.sucuri.net/2020/02/remove-seo-spam-wordpress.html


∗∗∗ Fuzzing – Angriff ist die beste Verteidigung ∗∗∗
---------------------------------------------
Das automatisierte Testen von Software mit Fuzzing bietet einige Vorzüge, die sich Entwickler beim Testen zunutze machen sollten.
---------------------------------------------
https://heise.de/-4659818


∗∗∗ Over 400 ICS Vulnerabilities Disclosed in 2019: Report ∗∗∗
---------------------------------------------
More than 400 vulnerabilities affecting industrial control systems (ICS) were disclosed in 2019 and over a quarter of them had no patches when their existence was made public, according to a report published on Thursday by industrial cybersecurity firm Dragos.
---------------------------------------------
https://www.securityweek.com/over-400-ics-vulnerabilities-disclosed-2019-report


∗∗∗ Identitätsdiebstahl: Sicherheitsforscher warnen vor grundlegender Lücke in LTE-Netzen ∗∗∗
---------------------------------------------
Angreifer könnten sich als andere Personen ausgeben, und in deren Namen auftreten – Allerdings hoher Aufwand notwendig
---------------------------------------------
https://www.derstandard.at/story/2000114840745/identitaetsdiebstahl-sicherheitsforscher-warnen-vor-grundlegender-luecke-in-lte-netzen



=====================
=  Vulnerabilities  =
=====================

∗∗∗ B&R Industrial Automation Automation Studio and Automation Runtime ∗∗∗
---------------------------------------------
This advisory contains mitigations for an improper authorization vulnerability in B&R Industrial Automations Automation Studio and Automation Runtime software.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-051-01


∗∗∗ Rockwell Automation FactoryTalk Diagnostics ∗∗∗
---------------------------------------------
This advisory contains mitigations for a deserialization of untrusted data vulnerability in Rockwell Automations FactoryTalk Diagnostics software.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-051-02


∗∗∗ Honeywell NOTI-FIRE-NET Web Server (NWS-3) ∗∗∗
---------------------------------------------
This advisory contains mitigations for authentication bypass by capture relay, and path traversal vulnerabilities in Honeywells NOTI-FIRE-NET web servers.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-051-03


∗∗∗ Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App) ∗∗∗
---------------------------------------------
This advisory contains mitigations for cleartext transmission of sensitive information, origin validation error, use of hard-coded credentials, weak password recovery mechanism for forgotten password, and weak password requirements vulnerabilities in Auto-Maskins RP 210E Remote Panels, DCU 210E Control Units, and Marine Observer Pro (Android App).
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-051-04


∗∗∗ Root-Sicherheitslücke gefährdet IBM-Datenbank Db2 ∗∗∗
---------------------------------------------
Db2 von IBM ist verwundbar und Angreifer könnten schlimmstenfalls Schadcode ausführen. Vorläufige Fixes sind verfügbar.
---------------------------------------------
https://heise.de/-4665536


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (openjpeg2), Debian (cloud-init, jackson-databind, and python-reportlab), Red Hat (ksh, python-pillow, systemd, and thunderbird), Slackware (proftpd), SUSE (java-1_7_0-ibm, nodejs10, and nodejs12), and Ubuntu (ppp and squid, squid3).
---------------------------------------------
https://lwn.net/Articles/812995/


∗∗∗ Security Bulletin: IBM API Connect V5 is impacted by a denial of service vulnerability in Linux kernel (CVE-2019-11477) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v5-is-impacted-by-a-denial-of-service-vulnerability-in-linux-kernel-cve-2019-11477/


∗∗∗ Security Bulletin: Phishing Attack Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4595) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-phishing-attack-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2019-4595/


∗∗∗ Security Bulletin: Multiple Vulnerabilities identified in IBM StoredIQ ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-identified-in-ibm-storediq/


∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM License Metric Tool v9 (CVE-2019-4441). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-server-affects-ibm-license-metric-tool-v9-cve-2019-4441/


∗∗∗ Trend Micro Produkte: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0155


∗∗∗ Apache Tomcat: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0154


∗∗∗ Red Hat OpenShift Container Platform: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0157


∗∗∗ Red Hat Enterprise Linux Server: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0156

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list