[CERT-daily] Tageszusammenfassung - 07.07.2020

Tue Jul 7 18:29:03 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 06-07-2020 18:00 − Dienstag 07-07-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ HTTPS/TLS: Zwischenzertifikate von Tausenden Webseiten fehlerhaft ∗∗∗
---------------------------------------------
Viele Webseiten müssen ihre Zertifikate tauschen, da sie von Zwischenzertifikaten ausgestellt wurden, die ein Sicherheitsrisiko darstellen.
---------------------------------------------
https://www.golem.de/news/https-tls-zwischenzertifikate-von-tausenden-webseiten-fehlerhaft-2007-149498-rss.html


∗∗∗ Company web names hijacked via outdated cloud DNS records ∗∗∗
---------------------------------------------
Why hack into a server when you can just send vistors to a fake alternative instead?
---------------------------------------------
https://nakedsecurity.sophos.com/2020/07/07/company-web-names-hijacked-via-outdated-cloud-dns-records/


∗∗∗ Summary of CVE-2020-5902 F5 BIG-IP RCE Vulnerability Exploits, (Mon, Jul 6th) ∗∗∗
---------------------------------------------
Our honeypots have been busy collecting exploit attempts for CVE-2020-5902, the F5 Networks Bit IP vulnerability patched last week. Most of the exploits can be considered recognizance. We only saw one working exploit installing a backdoor. Badpackets reported seeing a DDoS bot being installed.
---------------------------------------------
https://isc.sans.edu/diary/rss/26316


∗∗∗ Vulnerability Management Maturity Model ∗∗∗
---------------------------------------------
I get it. You dread going into the office sometimes. It isn’t that you don’t like the people or the location. It’s that beast, waiting for you when you arrive, and it never seems to go away. You work hard at it, but you never seem to get ahead.
You are responsible for the vulnerability management program within your organization. Either as part of a formal program or on an ad-hoc basis, it’s your baby. Except that it isn’t a baby, it is more of an untameable monster, a minotaur in the labyrinth, waiting to surprise you as you turn the corner. 
---------------------------------------------
https://www.sans.org/blog/vulnerability-management-maturity-model


∗∗∗ Vulnerabilities Digest: June 2020 ∗∗∗
---------------------------------------------
Highlights for June 2020  Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and issues surrounding user input data sanitization. Massive local file inclusion (LFI) attempts have been discovered attempting to harvest WordPress and Magento credentials. Attackers continue to target old plugins with known vulnerabilities in an ongoing malware campaign targeting WordPress websites. 
---------------------------------------------
https://blog.sucuri.net/2020/07/vulnerabilities-digest-june-2020.html


∗∗∗ Passwortmanager gegen die Vergesslichkeit ∗∗∗
---------------------------------------------
Die Kennwortvorgaben von Webdiensten machen es fast unmöglich, alle Kennwörter im Kopf zu behalten. Passwortmanager machen das Leben leichter.
---------------------------------------------
https://heise.de/-4798284


∗∗∗ Credit card skimmer targets ASP.NET sites ∗∗∗
---------------------------------------------
This unusual web skimmer campaign goes after sites running Microsofts IIS servers with an outdated version of the ASP.NET framework.
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2020/07/credit-card-skimmer-targets-asp-net-sites/


∗∗∗ Free Microsoft Service Looks at OS Memory Snapshots to Find Malware ∗∗∗
---------------------------------------------
Microsoft on Monday unveiled Project Freta, a free service that allows users to find rootkits and other sophisticated malware in operating system memory snapshots.
---------------------------------------------
https://www.securityweek.com/free-microsoft-service-looks-os-memory-snapshots-find-malware


∗∗∗ Purple Fox Exploit Kit Targets Vulnerabilities Linked to DarkHotel Group ∗∗∗
---------------------------------------------
The developers of the Purple Fox exploit kit (EK) have added two new exploits to their arsenal, including one for a vulnerability addressed in February this year.
---------------------------------------------
https://www.securityweek.com/purple-fox-exploit-kit-targets-vulnerabilities-linked-darkhotel-group


∗∗∗ Pwning smart garage door openers ∗∗∗
---------------------------------------------
TL;DR We reversed a smart garage door opener, which appeared pretty secure at first: The firmware was encrypted, debug access was restricted, the web server wasn’t running as root, it [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/pwning-smart-garage-door-openers/


∗∗∗ Vorsicht vor knuth-kredit.online: Vorschussbetrug statt Kreditvergabe ∗∗∗
---------------------------------------------
Die Watchlist Internet erreichen Meldungen verzweifelter KonsumentInnen, die auf ihre Kreditauszahlungen warten. Während die Beantragung eines Kredites auf knuth-kredit.online noch äußerst einfach abläuft, werden anschließend unzählige Gebühren vorab in Rechnung gestellt. So fallen beispielsweise Versicherungs-, Aktivierungs- und Anwaltsgebühren, Kautionen oder sonstige Kosten an. Ein Kredit wird nie ausbezahlt und alle Zahlungen sind verloren.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-knuth-kreditonline-vorschussbetrug-statt-kreditvergabe/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (php7.3), Fedora (gst), Mageia (libvirt, mariadb, pdns-recursor, and ruby), openSUSE (chocolate-doom, coturn, kernel, live555, ntp, python3, and rust, rust-cbindgen), Oracle (virt:ol), Red Hat (file, firefox, gettext, kdelibs, kernel, kernel-alt, microcode_ctl, nghttp2, nodejs:10, nodejs:12, php, qemu-kvm, ruby, and tomcat), SUSE (libjpeg-turbo, mozilla-nspr, mozilla-nss, mozilla-nss, nasm, openldap2, and permissions), and Ubuntu (coturn, glibc, nss, [...]
---------------------------------------------
https://lwn.net/Articles/825504/


∗∗∗ Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update ∗∗∗
---------------------------------------------
Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could result in a number of security issues including: [...]
---------------------------------------------
https://support.citrix.com/article/CTX276688


∗∗∗ Android/Pixel Patchday Juli ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0671


∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-cve-2020-4386-2/


∗∗∗ Security Bulletin: BIND for IBM i is affected by CVE-2020-8616 and CVE-2020-8617 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-bind-for-ibm-i-is-affected-by-cve-2020-8616-and-cve-2020-8617/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for ACH Services (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-ach-services-cve-2020-2654/


∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-buffer-overflow-leading-to-a-privileged-escalation-cve-2020-4363-2/


∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4387) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-cve-2020-4387-2/


∗∗∗ Security Bulletin: An Information Disclosure vulnerability in IBM Websphere Libtery affects IBM License Key Server Administration & Reporting Tool and Administration Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-an-information-disclosure-vulnerability-in-ibm-websphere-libtery-affects-ibm-license-key-server-administration-reporting-tool-and-administration-agent/


∗∗∗ XSA-328 - non-atomic modification of live EPT PTE ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-328.html


∗∗∗ XSA-327 - Missing alignment check in VCPUOP_register_vcpu_info ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-327.html


∗∗∗ XSA-321 - insufficient cache write-back under VT-d ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-321.html


∗∗∗ XSA-319 - inverted code paths in x86 dirty VRAM tracking ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-319.html


∗∗∗ XSA-317 - Incorrect error handling in event channel port allocation ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-317.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily