[CERT-daily] Tageszusammenfassung - 09.07.2020

Daily end-of-shift report team at cert.at
Thu Jul 9 18:13:23 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 08-07-2020 18:00 − Donnerstag 09-07-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Active Exploit Attempts Targeting Recent Citrix ADC Vulnerabilities CTX276688 , (Thu, Jul 9th) ∗∗∗
---------------------------------------------
I just can't get away from vulnerabilities in perimeter security devices. In the last couple of days, I spent a lot of time with our F5 BigIP honeypot. But looks like I have to revive the Citrix honeypot again. As of today, my F5 honeypot is getting hit by attempts to exploit two of the Citrix vulnerabilities disclosed this week [1]. Details with proof of concept code snippets were released yesterday [2].
---------------------------------------------
https://isc.sans.edu/diary/rss/26330


∗∗∗ Citrix provides context on Security Bulletin CTX276688 ∗∗∗
---------------------------------------------
[...] Standard procedure for most software companies in advising customers of vulnerabilities is limited to the publication of the bulletin and related CVEs. In this case, however, to avoid confusion and limit the potential for misinterpretation in the industry and our customer set, I am using this space to provide brief additional context.
---------------------------------------------
https://www.citrix.com/blogs/2020/07/07/citrix-provides-context-on-security-bulletin-ctx276688/


∗∗∗ Protecting your remote workforce from application-based attacks like consent phishing ∗∗∗
---------------------------------------------
[...] Today developers are building apps by integrating user and organizational data from cloud platforms to enhance and personalize their experiences. These cloud platforms are rich in data but in turn have attracted malicious actors seeking to gain unwarranted access to this data. One such attack is consent phishing, where attackers trick users into granting a malicious app access to sensitive data or other resources.
---------------------------------------------
https://www.microsoft.com/security/blog/?p=91507


∗∗∗ Unerwartete Kreditkartenabbuchung von shockdeals247.com? ∗∗∗
---------------------------------------------
Wurde von Ihrer Kreditkarte unerwartet Geld von shockdeals247.com abgebucht obwohl Sie dort keine Mitgliedschaft abgeschlossen haben? Können Sie sich nicht erklären, warum dieses Unternehmen Monat für Monat einen Betrag von Ihrem Konto abbucht? Sie sind höchstwahrscheinlich in eine Abo-Falle getappt! Hier erfahren Sie, wie Sie das Problem lösen können.
---------------------------------------------
https://www.watchlist-internet.at/news/unerwartete-kreditkartenabbuchung-von-shockdeals247com/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Palo-Alto-Firewalls: Root-Lücke lässt Schadcode passieren ∗∗∗
---------------------------------------------
Es gibt erneut wichtige Sicherheitsupdates für das Betriebssystem von Palo-Alto-Firewalls. Derzeit soll es noch keine Attacken geben.
---------------------------------------------
https://heise.de/-4839716


∗∗∗ Remote Code Execution Vulnerability in Zoom Client for Windows (0day) ∗∗∗
---------------------------------------------
[...] We analyzed the issue and determined it to be only exploitable on Windows 7 and older Windows systems. While Microsoft's official support for Windows 7 has ended this January, there are still millions of home and corporate users out there prolonging its life with Microsoft's Extended Security Updates or with 0patch.
---------------------------------------------
https://blog.0patch.com/2020/07/remote-code-execution-vulnerability-in.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox), Debian (ffmpeg, fwupd, ruby2.5, and shiro), Fedora (freerdp, gssdp, gupnp, mingw-pcre2, remmina, and xrdp), openSUSE (chocolate-doom), Oracle (firefox and kernel), and Ubuntu (linux, linux-lts-xenial, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon and thunderbird).
---------------------------------------------
https://lwn.net/Articles/825723/


∗∗∗ Citrix Hypervisor Security Update ∗∗∗
---------------------------------------------
Two issues have been identified in Citrix Hypervisor that may, if exploited, allow privileged code in an HVM guest VM to compromise or crash the host. These issues only apply in specific configurations; furthermore, Citrix believes that there would be [...]
---------------------------------------------
https://support.citrix.com/article/CTX277456


∗∗∗ Security advisory 2020-07-08 ∗∗∗
---------------------------------------------
OpenPGP application Resetting Code bug
---------------------------------------------
https://www.yubico.com/support/security-advisories/ysa-2020-05/


∗∗∗ Security advisory 2020-07-08 ∗∗∗
---------------------------------------------
Access code not checked for NDEF updates
---------------------------------------------
https://www.yubico.com/support/security-advisories/ysa-2020-04/


∗∗∗ Security advisory 2020-07-08 ∗∗∗
---------------------------------------------
Out of bounds read in libykpiv
---------------------------------------------
https://www.yubico.com/support/security-advisories/ysa-2020-02/


∗∗∗ Security Bulletin: Missing or insecure "Content-Security-Policy" header affecting Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-missing-or-insecure-content-security-policy-header-affecting-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/


∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management/


∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by a remote code execution vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-a-remote-code-execution-vulnerability/


∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affects-rational-business-developer-2/


∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by a Netty vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-a-netty-vulnerability-3/


∗∗∗ JSA11024 - 2020-07 Security Bulletin: Junos OS: Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash. (CVE-2020-1640) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11024&actp=RSS


∗∗∗ JSA11023 - 2020-07 Security Advisory: Junos Space and Junos Space Security Director: Multiple vulnerabilities resolved in 20.1R1 release ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11023&actp=RSS


∗∗∗ JSA11025 - 2020-07 Security Bulletin: Junos OS and Junos OS Evolved: OpenSSL Security Advisory [20 Dec 2019] ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11025&actp=RSS


∗∗∗ JSA11027 - 2020-07 Security Bulletin: Junos OS: A race condition on receipt of crafted LLDP packets leads to a memory leak and an LLDP crash. (CVE-2020-1641) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11027&actp=RSS


∗∗∗ JSA11026 - 2020-07 Security Bulletin: Junos OS: NFX150: Multiple vulnerabilities in BIOS firmware (INTEL-SA-00241) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11026&actp=RSS


∗∗∗ JSA11028 - 2020-07 Security Bulletin: Junos OS: MX Series: Services card might restart when DNS filtering is enabled (CVE-2020-1645) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11028&actp=RSS


∗∗∗ JSA11030 - 2020-07 Security Bulletin: Junos OS: RPD crash when executing specific "show ospf interface" commands from the CLI with OSPF authentication configured (CVE-2020-1643) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11030&actp=RSS


∗∗∗ JSA11031 - 2020-07 Security Bulletin: Junos OS: SRX Series: processing a malformed HTTP message when ICAP redirect service is enabled may can lead to flowd process crash or remote code execution (CVE-2020-1654) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11031&actp=RSS


∗∗∗ JSA11033 - 2020-07 Security Bulletin: Junos OS and Junos OS Evolved: RPD crash while processing a specific BGP update information. (CVE-2020-1646) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11033&actp=RSS


∗∗∗ JSA11032 - 2020-07 Security Bulletin: Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets (CVE-2020-1644) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11032&actp=RSS


∗∗∗ JSA11023 - 2020-07 Security Bulletin: Junos Space and Junos Space Security Director: Multiple vulnerabilities resolved in 20.1R1 release ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11023&actp=RSS

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list