[CERT-daily] Tageszusammenfassung - 04.06.2020
Daily end-of-shift report
team at cert.at
Thu Jun 4 18:35:12 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 03-06-2020 18:00 − Donnerstag 04-06-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Sophisticated Info-Stealer Targets Air-Gapped Devices via USB ∗∗∗
---------------------------------------------
The newly discovered USBCulprit malware is part of the arsenal of an APT known as Cycldek, which targets government entities.
---------------------------------------------
https://threatpost.com/info-stealer-air-gapped-devices-usb/156262/
∗∗∗ AddTrust: Auswirkungen auf E-Mail-Dienste durch abgelaufenes Zertifkat ∗∗∗
---------------------------------------------
Obwohl das abgelaufene AddTrust-Zwischenzertifikat in erster Linie alte Clients betrifft, kann es durchaus Auswirkungen auf den regulären E-Mail-Betrieb haben.
---------------------------------------------
https://heise.de/-4774588
∗∗∗ Bekannte stecken coronabedingt im Ausland und brauchen Geld? ∗∗∗
---------------------------------------------
Kriminelle nützen gehackte E-Mail-Accounts, übernommene Facebook-Konten und Ähnliches, um ihren Opfern Geld aus der Tasche zu ziehen. So kann es passieren, dass Sie scheinbar von einer guten Freundin oder einem guten Freund eine Nachricht bekommen. Diese säßen im Ausland fest und könnten wegen Covid-19 nicht zurück nach Hause kommen. Um ihnen zu helfen, sollen Sie ihnen Geld per Bargeldtransferdienst schicken. Vorsicht: es handelt sich um einen Betrugsversuch!
---------------------------------------------
https://www.watchlist-internet.at/news/bekannte-stecken-coronabedingt-im-ausland-und-brauchen-geld/
=====================
= Vulnerabilities =
=====================
∗∗∗ Updates für IOS, NX-OS und Co. – Cisco flickt seine Netzwerkbetriebssysteme ∗∗∗
---------------------------------------------
Ein ganzes Bündel frisch veröffentlichter Updates behebt zahlreiche Sicherheitsprobleme, von denen viele als "High" bis "Critical" eingestuft wurden.
---------------------------------------------
https://heise.de/-4774667
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr), Fedora (firefox and prboom-plus), Oracle (bind), Red Hat (firefox), and SUSE (osc).
---------------------------------------------
https://lwn.net/Articles/822220/
∗∗∗ MISP 2.4.126 released (Spring release edition) ∗∗∗
---------------------------------------------
[...] This version includes a security fix and various quality of life improvements.Security fix - fixed XSSFixed a persistent XSS (CVE-2020-13153) that could be triggered by correlating an attribute via the freetext import tool with an attribute that contains a javascript payload in the comment field.
---------------------------------------------
https://www.misp-project.org/2020/06/04/MISP.2.4.126.released.html
∗∗∗ HPESBHF04005 rev.1 - HPE Edgeline EL300 Converged Edge System Running HPE Integrated System Manager (iSM), Remote Denial of Service ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04005en_us
∗∗∗ GnuTLS: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0532
∗∗∗ Services - Moderately critical - Access bypass - SA-CONTRIB-2020-022 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-022
∗∗∗ Security Bulletin: IBM QRadar is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2020-4509) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-is-vulnerable-to-an-xml-external-entity-injection-xxe-attack-cve-2020-4509/
∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services v2.1.1 (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-corporate-payment-services-v2-1-1-cve-2020-2654/
∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OS Command Injection vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-os-command-injection-vulnerabilities-2/
∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-improper-restriction-of-excessive-authentication-attempts-vulnerability/
∗∗∗ Security Bulletin: A vulnerability in Python affects IBM Cloud App Management (CVE-2020-8492) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-python-affects-ibm-cloud-app-management-cve-2020-8492/
∗∗∗ Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-10/
∗∗∗ Security Bulletin: A vulnerability in Apache CXF affects IBM Cloud App Management (CVE-2019-12406) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-cxf-affects-ibm-cloud-app-management-cve-2019-12406/
∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Use of a Broken or Risky Cryptographic Algorithm vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-use-of-a-broken-or-risky-cryptographic-algorithm-vulnerability/
∗∗∗ Security Bulletin: Three vulnerabilities in Nimbus JOSE+JWT affect IBM Spectrum Conductor ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-three-vulnerabilities-in-nimbus-josejwt-affect-ibm-spectrum-conductor/
∗∗∗ Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php
∗∗∗ Cayin Content Management Server 11.0 Root Remote Command Injection ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php
∗∗∗ Cayin Signage Media Player 3.0 Root Remote Command Injection ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5569.php
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list