[CERT-daily] Tageszusammenfassung - 30.07.2020
Daily end-of-shift report
team at cert.at
Thu Jul 30 18:16:39 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 29-07-2020 18:00 − Donnerstag 30-07-2020 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ TrickBots new Linux malware covertly infects Windows devices ∗∗∗
---------------------------------------------
TrickBots Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/trickbots-new-linux-malware-covertly-infects-windows-devices/
∗∗∗ Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 ∗∗∗
---------------------------------------------
Posted by Maddie Stone, Project Zero. This blog post synthesizes many of our efforts and what we’ve seen over the last year. We provide a review of what we can learn from 0-day exploits detected as used in the wild in 2019.
---------------------------------------------
https://googleprojectzero.blogspot.com/2020/07/detection-deficit-year-in-review-of-0.html
∗∗∗ Security controls for ICS/SCADA environments ∗∗∗
---------------------------------------------
Supervisory control and data acquisition systems (SCADA) are a subset of ICS. These systems are unique in comparison to traditional IT systems. This makes using standard security controls written with traditional systems in mind somewhat tricky.
---------------------------------------------
https://resources.infosecinstitute.com/security-controls-for-ics-scada-environments/
∗∗∗ ESET Threat Report Q2 2020 ∗∗∗
---------------------------------------------
A view of the Q2 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts.
---------------------------------------------
https://www.welivesecurity.com/2020/07/29/eset-threat-report-q22020/
∗∗∗ Researchers exploit HTTP/2, WPA3 protocols to stage highly efficient ‘timeless timing’ attacks ∗∗∗
---------------------------------------------
Presented at this year’s Usenix conference, the technique, named ‘Timeless Timing Attacks’, exploits the way network protocols handle concurrent requests to solve one of the endemic challenges of remote timing side-channel attacks.
---------------------------------------------
https://portswigger.net/daily-swig/researchers-exploit-http-2-wpa3-protocols-to-stage-highly-efficient-timeless-timing-attacks
∗∗∗ Effective Threat Intelligence Through Vulnerability Analysis ∗∗∗
---------------------------------------------
The vulnerability ecosystem has matured considerably in the last few years. A significant amount of effort has been invested to capture, curate, taxonomize and communicate the vulnerabilities in terms of severity, impact and complexity of the associated exploit or attack.
---------------------------------------------
https://www.tripwire.com/state-of-security/vulnerability-management/effective-threat-intelligence-vulnerability-analysis-enisa/
=====================
= Vulnerabilities =
=====================
∗∗∗ Grub 2: Boothole ermöglicht Umgehung von Secure Boot ∗∗∗
---------------------------------------------
Der Fehler in dem Bootloader Grub ermöglicht damit ein dauerhaftes Bootkit. Ein komplettes Update wird aber schwierig und dauert. (grub, Linux)
---------------------------------------------
https://www.golem.de/news/grub-2-boothole-ermoeglicht-umgehung-von-secure-boot-2007-149959-rss.html
∗∗∗ CVE-2020–9934: Bypassing TCC for Unauthorized Access ∗∗∗
---------------------------------------------
In this guest blog post, security researcher Matt Shockley describes a lovely security vulnerability he uncovered in macOS.
---------------------------------------------
https://objective-see.com/blog/blog_0x4C.html
∗∗∗ Sicherheitsupdates: Gefährliche Lücken in Cisco SD-WAN und Data Center ∗∗∗
---------------------------------------------
Angreifer könnten durch Schwachstellen in Cisco-Software ganze Netzwerke übernehmen.
---------------------------------------------
https://heise.de/-4858759
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® Java™ SDK and IBM® Java™ Runtime that affect IBM® Intelligent Operations Center products (October 2019) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-that-affect-ibm-intelligent-operations-center-products-october-2019/
∗∗∗ Security Bulletin: Security Vulnerabilities in OpenSSL affect IBM Netezza Analytics ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-openssl-affect-ibm-netezza-analytics/
∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Information exposure in HTML comments vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-information-exposure-in-html-comments-vulnerability/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® Java™ SDK and IBM® Java™ Runtime that affect IBM® Intelligent Operations Center products (Apr 2020) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-that-affect-ibm-intelligent-operations-center-products-apr-2020/
∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Use of Broken or Risky Cryptographic Algorithm vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-use-of-broken-or-risky-cryptographic-algorithm-vulnerability/
∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2020, Apr 2020 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2020-apr-2020/
∗∗∗ Security Bulletin: Vulnerability in Open Source logback used in IBM Cloud Pak System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-open-source-logback-used-in-ibm-cloud-pak-system/
∗∗∗ Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM App Connect Enterprise V11 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-v11/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® Java™ SDK and IBM® Java™ Runtime that affect IBM® Intelligent Operations Center products (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-that-affect-ibm-intelligent-operations-center-products-cve-2020-2654/
∗∗∗ Security Vulnerabilities fixed in Thunderbird 68.11 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/
∗∗∗ Dell OpenManage Server Administrator: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0770
∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0768
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list