[CERT-daily] Tageszusammenfassung - 16.01.2020

Thu Jan 16 18:25:17 CET 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 15-01-2020 18:00 − Donnerstag 16-01-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Microsoft Office January Security Updates Fix Code Execution Bugs ∗∗∗
---------------------------------------------
Microsoft released the January 2019 Office security updates, bundling a total of seven security updates and three cumulative updates for five different products, six of them patching flaws allowing remote code execution.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-office-january-security-updates-fix-code-execution-bugs/


∗∗∗ PoC Exploits Published For Microsoft Crypto Bug ∗∗∗
---------------------------------------------
Two proof-of-concept exploits were publicly released for the major Microsoft crypto-spoofing vulnerability.
---------------------------------------------
https://threatpost.com/poc-exploits-published-for-microsoft-crypto-bug/151931/


∗∗∗ CVE-2020-0601 Followup, (Wed, Jan 15th) ∗∗∗
---------------------------------------------
Among the patches Microsoft released yesterday, the vulnerability in the CryptoAPI got by far the most attention. Here are some answers to questions we have received about this vulnerability. Many of these questions also came from our webcast audience (for a recording, see https://sans.org/cryptoapi-isc ) Thanks to Jake Williams for helping us with the webcast!
---------------------------------------------
https://isc.sans.edu/diary/rss/25714


∗∗∗ What do Brit biz consultants and X-rated cam stars have in common? Wide open... AWS S3 buckets on public internet ∗∗∗
---------------------------------------------
Exposed: Intimate... personal details belonging to thousands of folks A pair of misconfigured cloud-hosted file silos have left thousands of peoples sensitive info sitting on the open internet.
---------------------------------------------
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/15/open_s3_buckets/


∗∗∗ Analyzing Magecart Malware - From Zero to Hero ∗∗∗
---------------------------------------------
Javascript obfuscation is not a new trend, but it is widely used today to hide malware code in many websites. This post is for technical readers who want to understand Magecart’s common obfuscation pattern, and ways to decode it.
---------------------------------------------
https://www.perimeterx.com/blog/analyzing_magecart_malware_from_zero_to_hero/


∗∗∗ Sicherheitsupdates: Lücken in VMware-Software bedrohen Android, iOS und Windows ∗∗∗
---------------------------------------------
Es sind wichtige Sicherheitsupdates für VMware Tools und Workspace ONE SDK erschienen.
---------------------------------------------
https://heise.de/-4639627


∗∗∗ Key Cloud Security Challenges and Strategies to Overcome Them ∗∗∗
---------------------------------------------
The cloud has changed how we use and consume IT services. Where data resides along with how it is transferred, stored and processed has fundamentally changed and with-it new risk management challenges. Let’s talk about some of those challenges. First and foremost, the cat is out of the bag. We’re not going back to the [...]
---------------------------------------------
https://www.tripwire.com/state-of-security/security-data-protection/cloud/key-cloud-security-challenges-strategies/


∗∗∗ Unseriöse Angebote für die digitale Vignette ∗∗∗
---------------------------------------------
Wie jedes Jahr steht bei den meisten AutofahrerInnen mit dem Jahreswechsel der Kauf einer neuen Vignette an. Diese kann analog oder digital unter anderem bei der ASFINAG, dem ÖAMTC und dem ARBÖ erworben werden. Achtung: Auch unseriöse Angebote, bei denen das gesetzliche Widerrufsrecht unterschlagen wird und zusätzliche Kosten anfallen, sind im Internet zu finden.
---------------------------------------------
https://www.watchlist-internet.at/news/unserioese-angebote-fuer-die-digitale-vignette/


∗∗∗ Beware of this sneaky phishing technique now being used in more attacks ∗∗∗
---------------------------------------------
Security company researchers warn of a large increase in conversation-hijacking attacks. Heres what they are and how to spot them.
---------------------------------------------
https://www.zdnet.com/article/beware-of-this-sneaky-phishing-technique-now-being-used-in-more-attacks/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ OSIsoft PI Vision ∗∗∗
---------------------------------------------
This advisory contains mitigations for improper access control, cross-site request forgery, cross-site scripting, and inclusion of sensitive information vulnerabilities in OSIsofts PI Vision visualization tool.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-014-06


∗∗∗ Radix - Moderately critical - Cross site scripting - SA-CONTRIB-2020-001 ∗∗∗
---------------------------------------------
Project: Radix
Date: 2020-January-15
Security risk: Moderately critical 13∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross site scripting
Description: Radix is a base theme for Drupal, with Bootstrap 4, Sass, ES6 and BrowserSync built-in. The module doesnt sufficiently filter menu titles when used in a dropdown in the main menu. This vulnerability is mitigated by the fact that an attacker must have permission to edit a menu title used in the main menu.
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-001


∗∗∗ Easily Exploitable Vulnerabilities Patched in WP Database Reset Plugin ∗∗∗
---------------------------------------------
On January 7th, our Threat Intelligence team discovered vulnerabilities in WP Database Reset, a WordPress plugin installed on over 80,000 websites. One of these flaws allowed any unauthenticated user to reset any table from the database to the initial WordPress set-up state, while the other flaw allowed any authenticated user, even those with minimal permissions, [...]
---------------------------------------------
https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (debian-lan-config and phpmyadmin), openSUSE (openssl-1_1), Oracle (firefox and kernel), Red Hat (.NET Core, git, java-11-openjdk, and thunderbird), SUSE (Mesa, python3, shibboleth-sp, slurm, and tigervnc), and Ubuntu (libpcap and nginx).
---------------------------------------------
https://lwn.net/Articles/809769/


∗∗∗ HPESBGN03975 rev.1 - HPE enhanced Internet Usage Manager (eIUM), Remote Cross Site Scripting ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03975en_us


∗∗∗ HPESBHF03978 rev.1 - HPE Superdome Flex Server, Multiple Remote Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03978en_us


∗∗∗ Foxit Reader und Foxit Phantom PDF Suite: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0052


∗∗∗ Wireshark: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0053

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily