[CERT-daily] Tageszusammenfassung - 14.01.2020

Daily end-of-shift report team at cert.at
Tue Jan 14 18:53:42 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 13-01-2020 18:00 − Dienstag 14-01-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Windows 7 Reaches End of Life Tomorrow, What You Need to Know ∗∗∗
---------------------------------------------
Its the end of an era: Windows 7 will reach end of support tomorrow, on January 14, a decade after its initial release, with Microsoft to no longer provide users with software updates and security updates or fixes.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/windows-7-reaches-end-of-life-tomorrow-what-you-need-to-know/


∗∗∗ Shitrix: Das Citrix-Desaster ∗∗∗
---------------------------------------------
Eine Sicherheitslücke in Geräten der Firma Citrix zeigt in erschreckender Weise, wie schlecht es um die IT-Sicherheit in Behörden steht. Es fehlt an den absoluten Grundlagen.
---------------------------------------------
https://www.golem.de/news/shitrix-das-citrix-desaster-2001-146047-rss.html


∗∗∗ Malware Obfuscation, Encoding and Encryption ∗∗∗
---------------------------------------------
Malware is complex and meant to confuse. Many computer users think malware is just another word for “virus” when a virus is actually a type of malware. And in addition to viruses, malware includes all sorts of malicious and unwanted code, including spyware, adware, Trojans and worms. Malware has been known to shut down [...]
---------------------------------------------
https://resources.infosecinstitute.com/malware-obfuscation-encoding-and-encryption/


∗∗∗ CISA Releases Test for Citrix ADC and Gateway Vulnerability ∗∗∗
---------------------------------------------
The Cybersecurity and Infrastructure Security Agency (CISA) has released a utility that enables users and administrators to test whether their Citrix Application Delivery Controller (ADC) and Citrix Gateway software is susceptible to the CVE-2019-19781 vulnerability. According to Citrix Security Bulletin CTX267027, beginning on January 20, 2020, Citrix will be releasing new versions of Citrix ADC and Citrix Gateway that will patch CVE-2019-19781.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2020/01/13/cisa-releases-test-citrix-adc-and-gateway-vulnerability


∗∗∗ Mehrwertdienste von Drittanbietern auf Ihrer Handyrechnung sind meist Abo-Fallen ∗∗∗
---------------------------------------------
Eine Handyrechnung, die höher ausfällt als gewohnt, bedeutet meist nichts Gutes. Oftmals finden Sie Abbuchungen von Drittanbietern, Mehrwert- oder Partnerdiensten auf Ihrer Rechnung. Sie haben wahrscheinlich unwissentlich bei einem unseriösen Anbieter einen Abo-Vertrag abgeschlossen. Ihr Geld ist höchstwahrscheinlich jedoch nicht verloren: Sie können die Rechnung beim Mobilfunkanbieter beanstanden!
---------------------------------------------
https://www.watchlist-internet.at/news/mehrwertdienste-von-drittanbietern-auf-ihrer-handyrechnung-sind-meist-abo-fallen/


∗∗∗ Microsoft spots malicious npm package stealing data from UNIX systems ∗∗∗
---------------------------------------------
Malicious JavaScript package was only active on the npm repository for two weeks.
---------------------------------------------
https://www.zdnet.com/article/microsoft-spots-malicious-npm-package-stealing-data-from-unix-systems/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Experience Manager (APSB20-01) and Adobe Illustrator (APSB20-03). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1820


∗∗∗ XSA-312 - arm: a CPU may speculate past the ERET instruction ∗∗∗
---------------------------------------------
Some CPUs can speculate past an ERET instruction and potentially perform speculative accesses to memory before processing the exception return. Since the register state is often controlled by lower privilege level (i.e guest kernel/userspace) at the point of the ERET, this could potentially be used as part of a side-channel attack.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-312.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (wordpress and xen), Mageia (graphicsmagick, kernel, makepasswd, and unbound), openSUSE (containerd, docker, docker-runc,, dia, ffmpeg-4, libgcrypt, php7-imagick, proftpd, rubygem-excon, shibboleth-sp, tomcat, trousers, and xen), Oracle (firefox), Red Hat (kernel), Scientific Linux (firefox), SUSE (e2fsprogs, kernel, and libsolv, libzypp, zypper), and Ubuntu (libgcrypt20, libvirt, nginx, sdl-image1.2, and spamassassin).
---------------------------------------------
https://lwn.net/Articles/809506/


∗∗∗ SAP Security Patch Day – January 2020 ∗∗∗
---------------------------------------------
This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape. On 14th of January 2020, SAP Security Patch Day saw the release of 6 Security Notes. There are 1 updates to previously released Patch Day [...]
---------------------------------------------
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771


∗∗∗ Siemens Security Advisories ∗∗∗
---------------------------------------------
https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications


∗∗∗ BIG-IP engineering hotfix TMM vulnerability CVE-2020-5852 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K53590702


∗∗∗ BIG-IP APM Portal Access vulnerability CVE-2020-5853 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K73183618


∗∗∗ BIG-IP engineering hotfix Trusted Platform Module vulnerability CVE-2020-5851 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K91171450


∗∗∗ Critical Authentication Bypass Vulnerability in InfiniteWP Client Plugin ∗∗∗
---------------------------------------------
https://www.wordfence.com/blog/2020/01/critical-authentication-bypass-vulnerability-in-infinitewp-client-plugin/


∗∗∗ OTRS: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0026

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list