[CERT-daily] Tageszusammenfassung - 28.07.2020
Daily end-of-shift report
team at cert.at
Tue Jul 28 18:17:13 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Montag 27-07-2020 18:00 − Dienstag 28-07-2020 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS Devices ∗∗∗
---------------------------------------------
Called QSnatch (or Derek), the data-stealing malware is said to have compromised 62,000 devices since reports emerged last October, with a high degree of infection in Western Europe and North America. ... "All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes," the US Cybersecurity and Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre (NCSC) said in the alert.
---------------------------------------------
https://thehackernews.com/2020/07/qnap-nas-malware-attack.html
∗∗∗ Team Pangu demonstrated an unpatchable SEP vulnerability in iOS ∗∗∗
---------------------------------------------
Xu Hao a member of Team Pangu says they have found an “unpatchable” vulnerability on the Secure Enclave Processor (SEP) chip in iPhones. Hao presented his talk – Attack Secure Boot of SEP – on 24th July at MOSEC 2020 in Shanghai, China.
---------------------------------------------
https://androidrookies.com/team-pangu-demonstrates-unpatchable-secure-enclave-processor-sep-chip-vulnerability-in-ios/
∗∗∗ IT-Sicherheit: Public Cloud kann zum Einfallstor in Unternehmen werden ∗∗∗
---------------------------------------------
Schlecht gepflegte Workloads und Authentifizierungsschwächen in Cloud-Umgebungen untergraben die Sicherheit – von beidem gibt es reichlich, meint eine Studie.
---------------------------------------------
https://heise.de/-4856561
∗∗∗ Vorsicht: 500 Euro Amazon-Geschenkkarte führt in Abo-Falle ∗∗∗
---------------------------------------------
Freuen Sie sich nicht zu früh, wenn Sie eine 500 Euro Amazon-Geschenkkarte in Ihrem E-Mail-Posteingang finden. Sie werden in eine Abo-Falle gelockt, denn dieses E-Mail stammt nicht von Amazon! Klicken Sie nicht auf den Link und verschieben Sie das E-Mail in den Spam-Ordner. Haben Sie auf den Link geklickt und Kreditkartendaten angeführt, wird Ihnen Monat für Monat ein Betrag zwischen 50 und 90 Euro abgebucht! Lesen Sie hier, wie Sie dieses betrügerische Abo kündigen!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-500-euro-amazon-geschenkkarte-fuehrt-in-abo-falle/
=====================
= Vulnerabilities =
=====================
∗∗∗ Reverse String WooCommerce WordPress Credit Card Swiper ∗∗∗
---------------------------------------------
As 2020 continues to be the worst year in almost anybody’s lifetime, allow me to take this opportunity to stoke the fires of your existential dread even further. As a sequel to my last blog post earlier this year about the credit card swiper that I found on a WordPress ecommerce website using WooCommerce, today I found another very noteworthy infection of the same variety.
---------------------------------------------
https://blog.sucuri.net/2020/07/reverse-string-woocommerce-wordpress-credit-card-swiper.html
∗∗∗ TYPO3-CORE-SA-2020-008: Sensitive Information Disclosure ∗∗∗
---------------------------------------------
It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains ..
---------------------------------------------
https://typo3.org/security/advisory/typo3-core-sa-2020-008
∗∗∗ TYPO3-CORE-SA-2020-007: Potential Privilege Escalation ∗∗∗
---------------------------------------------
In case an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch typo3conf/LocalConfiguration.php which again contains the encryptionKey as well as credentials of the database management system being used.
---------------------------------------------
https://typo3.org/security/advisory/typo3-core-sa-2020-007
∗∗∗ TYPO3-PSA-2020-001: Critical vulnerability in legacy versions of TYPO3 CMS ∗∗∗
---------------------------------------------
It has been discovered that TYPO3 CMS is susceptible to sensitive information disclosure in previous TYPO3 versions which are not maintained by the community anymore.
---------------------------------------------
https://typo3.org/security/advisory/typo3-psa-2020-001
∗∗∗ TYPO3-EXT-SA-2020-014: Sensitive Information Disclosure in extension "Media Content Element" (mediace) ∗∗∗
---------------------------------------------
It has been discovered that the extension "Media Content Element" (mediace) is susceptible to Sensitive Information Disclosure.
---------------------------------------------
https://typo3.org/security/advisory/typo3-ext-sa-2020-014
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by openSUSE (cacti, cacti-spine, go1.13, SUSE Manager Client Tools, and tomcat), Red Hat (postgresql-jdbc and python-pillow), Slackware (mozilla), SUSE (python-Django and python-Pillow), and Ubuntu (clamav, librsvg, libslirp, linux-gke-5.0, linux-oem-osp1, linux-hwe, linux-azure-5.3, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-oracle-5.3, and sqlite3).
---------------------------------------------
https://lwn.net/Articles/827232/
∗∗∗ Security Vulnerabilities fixed in Thunderbird 78.1 ∗∗∗
---------------------------------------------
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/
∗∗∗ Security Vulnerabilities fixed in Firefox 79 ∗∗∗
---------------------------------------------
Severity: high
- CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker
- CVE-2020-6514: WebRTC data channel leaks internal address to peer
- CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy
- CVE-2020-15659: Memory safety bugs fixed in Firefox 79
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/
∗∗∗ JSA11041 - 2020-07 Security Bulletin: Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of large packets requiring fragmentation (CVE-2020-1655) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11041&actp=RSS
∗∗∗ JSA11036 - 2020-07 Security Bulletin:Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of small fragments requiring reassembly (CVE-2020-1649) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11036&actp=RSS
∗∗∗ Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service vulnerability (CVE-2020-4466) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-a-denial-of-service-vulnerability-cve-2020-4466/
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2020-2654/
∗∗∗ Security Bulletin: Pentest results for IBM Netcool Operations Insight found a security vulnerability. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-pentest-results-for-ibm-netcool-operations-insight-found-a-security-vulnerability/
∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-cross-site-scripting-vulnerability-3/
∗∗∗ Security Bulletin: XML parsing vulnerability in Apache Santuario might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2019-12400 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-xml-parsing-vulnerability-in-apache-santuario-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2019-12400/
∗∗∗ Security Bulletin: Security Bulletin: A Vulnerability in IBM® Java™ SDK and IBM® Java™ Runtime that affect IBM® Intelligent Operations Center products (CVE-2019-2949) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-a-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-that-affect-ibm-intelligent-operations-center-products-cve-2019-2949/
∗∗∗ Security Bulletin: SB0003782 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-sb0003782/
∗∗∗ Security Bulletin: Novalink is impacted by Swagger vulnerability affects WebSphere Application Server Liberty ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-swagger-vulnerability-affects-websphere-application-server-liberty/
∗∗∗ Security Bulletin: IBM Ingelligent Operations Center is Vulnerable to Stored Cross-Site Scripting (CVE-2020-4318) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-ingelligent-operations-center-is-vulnerable-to-stored-cross-site-scripting-cve-2020-4318/
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by multiple libxml2 vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-libxml2-vulnerabilities/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list