[CERT-daily] Tageszusammenfassung - 16.07.2020

Daily end-of-shift report team at cert.at
Thu Jul 16 18:30:25 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 15-07-2020 18:00 − Donnerstag 16-07-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ BlackRock - the Trojan that wanted to get them all ∗∗∗
---------------------------------------------
Around May 2020 ThreatFabric analysts have uncovered a new strain of banking malware dubbed BlackRock that looked pretty familiar. After investigation, it became clear that this newcomer is derived from the code of the Xerxes banking malware, which itself is a strain of the LokiBot Android banking Trojan. The source code of the Xerxes malware was made public by its author around May 2019, which means that it is accessible to any threat actor.
---------------------------------------------
https://www.threatfabric.com/blogs/blackrock_the_trojan_that_wanted_to_get_them_all.html


∗∗∗ Windows Server Containers Are Open, and Here’s How You Can Break Out ∗∗∗
---------------------------------------------
We demonstrate a complete technique to escalate privileges and escape Windows Server Containers.The post Windows Server Containers Are Open, and Here’s How You Can Break Out appeared first on Unit42.
---------------------------------------------
https://unit42.paloaltonetworks.com/windows-server-containers-vulnerabilities/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Xen Security Advisory XSA-329 - Linux ioperm bitmap context switching issues ∗∗∗
---------------------------------------------
IO port permissions dont get rescinded when context switching to an unprivileged task. Therefore, all userspace can use the IO ports granted to the most recently scheduled task with IO port permissions.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-329.html


∗∗∗ Schadcode-Lücken gefährden Router von Cisco ∗∗∗
---------------------------------------------
Der Netzwerkausrüster Cisco holt zum Rundumschlag aus und veröffentlicht quer durch die eigenen Produktreihen Sicherheitsupdates.
---------------------------------------------
https://heise.de/-4845109
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2020%2F07%2F15&firstPublishedEndDate=2020%2F07%2F16&limit=50


∗∗∗ 2 Million Users Affected by Vulnerability in All in One SEO Pack ∗∗∗
---------------------------------------------
On July 10, 2020, our Threat Intelligence team discovered a vulnerability in All In One SEO Pack, a WordPress plugin installed on over 2 million sites. This flaw allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim accessed the wp-admin panel's [...]
---------------------------------------------
https://www.wordfence.com/blog/2020/07/2-million-users-affected-by-vulnerability-in-all-in-one-seo-pack/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (evolution-data-server and webkit2gtk), Fedora (kernel, snapd, and xen), openSUSE (thunderbird and xen), Oracle (dbus and thunderbird), Red Hat (java-1.8.0-openjdk, java-11-openjdk, jbig2dec, sane-backends, and thunderbird), Scientific Linux (kernel), SUSE (cairo, containerd, docker, docker-runc, golang-github-docker-libnetwork, google-compute-engine, mailman, mercurial, openconnect, openexr, and xrdp), and Ubuntu (libvpx and snapd).
---------------------------------------------
https://lwn.net/Articles/826288/


∗∗∗ Synology-SA-20:18 DSM ∗∗∗
---------------------------------------------
Multiple vulnerabilities allow remote attackers to conduct man-in-the-middle attacks via a susceptible version of Synology DiskStation Manager (DSM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_18


∗∗∗ Trend Micro Internet Security: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0724


∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0721


∗∗∗ macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT211289


∗∗∗ iOS 13.6 and iPadOS 13.6 ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT211288


∗∗∗ tvOS 13.4.8 ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT211290


∗∗∗ watchOS 6.2.8 ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT211291


∗∗∗ Security Advisory - Windows DNS Server Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200716-01-dns-en


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Oct 2019 CPU (CVE-2019-2949) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-application-manager-oct-2019-cpu-cve-2019-2949/


∗∗∗ Security Bulletin: XML External Entity Injection (XXE) Vulnerability Affects IBM Secure External Authentication Server (CVE-2020-4462) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-xml-external-entity-injection-xxe-vulnerability-affects-ibm-secure-external-authentication-server-cve-2020-4462/


∗∗∗ Security Bulletin: Cross-site Scripting and Vulnerable library – JQuery v1.11.1 affects IBM Engineering Workflow Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-and-vulnerable-library-jquery-v1-11-1-affects-ibm-engineering-workflow-management/


∗∗∗ Security Bulletin: Missing Cookie Attribute Vulnerability Affects IBM Secure Proxy ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-missing-cookie-attribute-vulnerability-affects-ibm-secure-proxy/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Jan 2020 CPU (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-application-manager-jan-2020-cpu-cve-2020-2654/


∗∗∗ Security Bulletin: IBM Java Runtime Vulnerability Affects IBM Secure External Authentication Server (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerability-affects-ibm-secure-external-authentication-server-cve-2020-2654/


∗∗∗ Security Bulletin: : HTTP Header Weakness Affects IBM Secure External Authentication Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-http-header-weakness-affects-ibm-secure-external-authentication-server/


∗∗∗ Security Bulletin: Cross-site scripting vulnerability affects IBM Jazz Foundation and IBM Engineering products. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-ibm-jazz-foundation-and-ibm-engineering-products/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Jan 2020 CPU (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-jan-2020-cpu-cve-2020-2654/


∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-2/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list