[CERT-daily] Tageszusammenfassung - 25.02.2020

Tue Feb 25 18:18:49 CET 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 24-02-2020 18:00 − Dienstag 25-02-2020 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Network Traffic Analysis for IR — Discovering RATs ∗∗∗
---------------------------------------------
Discovering RATs is not an easy task, as they neither show up on running processes nor slow down the computer speed. Nevertheless, incident response (IR) teams can perform a network traffic analysis to discover RATs.
---------------------------------------------
https://resources.infosecinstitute.com/network-traffic-analysis-for-ir-discovering-rats/


∗∗∗ VB2019 paper: Static analysis methods for detection of Microsoft Office exploits ∗∗∗
---------------------------------------------
Today we publish the VB2019 paper and presentation by McAfee researcher Chintan Shah in which he described static analysis methods for the detection of Microsoft Office exploits. 
---------------------------------------------
https://www.virusbulletin.com:443/blog/2020/02/vb2019-paper-static-analysis-methods-detection-microsoft-office-exploits/


∗∗∗ Fünf Jahre Updates: BSI definiert Anforderungen an sichere Smartphones ∗∗∗
---------------------------------------------
Das BSI bringt einen Katalog von Smartphone-Sicherheitskriterien heraus, die später ins IT-Sicherheitskennzeichen einfließen könnten.
---------------------------------------------
https://heise.de/-4667637


∗∗∗ ENISA publishes procurement guidelines for cybersecurity in hospitals ∗∗∗
---------------------------------------------
The Procurement Guidelines for Cybersecurity in Hospitals published by the Agency is designed to support the healthcare sector in taking informative decisions on cybersecurity when purchasing new hospital assets. It provides the information to be included in the procurement requests that hospitals publish in order to obtain IT equipment. 
---------------------------------------------
https://www.helpnetsecurity.com/2020/02/25/cybersecurity-procurement-hospitals/


∗∗∗ PayPal accounts abused en-masse for unauthorized payments ∗∗∗
---------------------------------------------
Since last Friday, users have reported seeing mysterious transactions pop up in their PayPal history as originating from their Google Pay account.
...
On February 25, 07:30am ET, PayPal told ZDNet that they have addressed the issue being exploited over the weekend. 
---------------------------------------------
https://www.zdnet.com/article/paypal-accounts-are-getting-abused-en-masse-for-unauthorized-payments/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Signature Validation Bypass Leading to RCE In Electron-Updater ∗∗∗
---------------------------------------------
As part of a security engagement for one of our customers, we have reviewed the update mechanism performed by Electron Builder, and discovered an overall lack of secure coding practices. In particular, we identified a vulnerability that can be leveraged to bypass the signature verification check hence leading to remote command execution.
---------------------------------------------
https://blog.doyensec.com/2020/02/24/electron-updater-update-signature-bypass.html


∗∗∗ McAfees WebAdvisor für Chrome und Firefox kann Hacker einladen ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für McAfees Webbrowser-Erweiterung WebAdvisor.
---------------------------------------------
https://heise.de/-4667767


∗∗∗ Zyxel Fixes 0day in Network Storage Devices ∗∗∗
---------------------------------------------
The vulnerable devices include NAS542, NAS540, NAS520, NAS326, NSA325 v2, NSA325, NSA320S, NSA320, NSA310S, NSA310, NSA221, NSA220+, NSA220, and NSA210. The flaw is designated as CVE-2020-9054.
However, many of these devices are no longer supported by Zyxel and will not be patched. Zyxel’s advice for those users is simply “do not leave the product directly exposed to the internet.”
---------------------------------------------
https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/


∗∗∗ Multiple Cross-site Scripting (XSS) Vulnerabilities in PHP-Fusion CMS ∗∗∗
---------------------------------------------
Business recommendation: Update to the latest version of PHP-Fusion.
---------------------------------------------
https://sec-consult.com/en/blog/advisories/multiple-cross-site-scripting-xss-vulnerabilities-in-php-fusion-cms/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (curl and otrs2), Fedora (NetworkManager-ssh and python-psutil), Mageia (ipmitool, libgd, libxml2_2, nextcloud, radare2, and upx), openSUSE (inn and sudo), Oracle (kernel, ksh, python-pillow, and thunderbird), Red Hat (curl, kernel, nodejs:10, nodejs:12, procps-ng, rh-nodejs10-nodejs, ruby, and systemd), SUSE (dpdk, firefox, java-1_7_1-ibm, java-1_8_0-ibm, libexif, libvpx, nodejs10, nodejs8, openssl1, pdsh, slurm_18_08, python-azure-agent, python3, webkit2gtk3), Ubuntu (libapache2-mod-auth-mellon, libpam-radius-auth, rsync).
---------------------------------------------
https://lwn.net/Articles/813250/


∗∗∗ D-LINK Router: Mehrere Schwachstellen ermöglichen Codeausführung ∗∗∗
---------------------------------------------
D-LINK Router DIR-867, D-LINK Router DIR-878, D-LINK Router DIR-882
Ein anonymer Angreifer aus dem angrenzenden Netzbereich kann mehrere Schwachstellen in D-LINK Routern ausnutzen, um beliebigen Programmcode auszuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0159


∗∗∗ Security Bulletin: IBM QRadar Advisor With Watson App for IBM QRadar SIEM uses weaker than expected cryptographic algorithms (CVE-2019-4557) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-advisor-with-watson-app-for-ibm-qradar-siem-uses-weaker-than-expected-cryptographic-algorithms-cve-2019-4557-2/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-corporate-payment-services/


∗∗∗ Security Bulletin: IBM QRadar Advisor With Watson App for IBM QRadar SIEM uses weaker than expected cryptographic algorithms (CVE-2019-4557) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-advisor-with-watson-app-for-ibm-qradar-siem-uses-weaker-than-expected-cryptographic-algorithms-cve-2019-4557/


∗∗∗ Linux sudo process vulnerability CVE-2019-18634 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K91327225?utm_source=f5support&utm_medium=RSS


∗∗∗ PHOENIX CONTACT: Advisory for multiple FL Switch GHS utilising VxWorks ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2020-002

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily