[CERT-daily] Tageszusammenfassung - 16.06.2020

Daily end-of-shift report team at cert.at
Tue Jun 16 18:13:12 CEST 2020 

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 15-06-2020 18:00 − Dienstag 16-06-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ New Java STRRAT ships with .crimson ransomware module ∗∗∗
---------------------------------------------
This Java based malware installs RDPWrap, steals credentials, logs keystrokes and remote controls Windows systems. It may soon be capable to infect without Java installed.
---------------------------------------------
https://www.gdatasoftware.com/blog/strrat-crimson


∗∗∗ SOHO Device Exploitation ∗∗∗
---------------------------------------------
This blog describes one such session of auditing the Netgear R7000 router, analyzing the resulting vulnerability, and the exploit development process that followed. The write-up and code for the vulnerability described in this blog post can be found in our NotQuite0DayFriday repository.
---------------------------------------------
https://blog.grimm-co.com/2020/06/soho-device-exploitation.html


∗∗∗ The Curious Case of Copy & Paste – on risks of pasting arbitrary content in browsers ∗∗∗
---------------------------------------------
This writeup is a summary of my research on issues in handling copying and pasting in: browsers, popular WYSIWYG editors, and websites.
---------------------------------------------
https://research.securitum.com/the-curious-case-of-copy-paste/


∗∗∗ 19 Zero-Day Vulnerabilities Amplified by the Supply Chain ∗∗∗
---------------------------------------------
The JSOF research lab has discovered a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. The 19 vulnerabilities, given the name Ripple20, affect hundreds of millions of devices (or more), and include multiple remote code execution vulnerabilities. The risks inherent in this situation are high. Just a few examples: data could be stolen off of a printer, an infusion pump behavior changed, or industrial control devices could be made to [...]
---------------------------------------------
https://www.jsof-tech.com/ripple20/


∗∗∗ Fake-Trachtenshops werben auf Facebook & Instagram ∗∗∗
---------------------------------------------
Auf Facebook und Instagram sind wir umgeben von Werbung, jedoch ist nicht jede Werbeschaltung seriös. Aktuell werben die Fake-Shops marjo-trachten.com, statuskelidmode.de und linennew.com intensiv mit Facebook-Anzeigen. Wer dort bestellt hat, wird trotz Bezahlung keine oder nur minderwertige Ware bekommen!
---------------------------------------------
https://www.watchlist-internet.at/news/fake-trachtenshops-werben-auf-facebook-instagram/


∗∗∗ Warning issued over hackable security cameras ∗∗∗
---------------------------------------------
The owners of the vulnerable indoor cameras are advised to unplug the devices immediately
---------------------------------------------
https://www.welivesecurity.com/2020/06/15/warning-issued-hackable-security-cameras/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Campaign Classic (APSB20-34), Adobe After Effects (APSB20-35), Adobe Illustrator (APSB20-37), Adobe Premiere Pro (APSB20-38), Adobe Premiere Rush (APSB20-39) and Adobe Audition (APSB20-40). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1884


∗∗∗ Beckhoff Security Advisory 2020-002: EtherLeak in TwinCAT RT network driver ∗∗∗
---------------------------------------------
In case an network interface sends Ethernet frames with payloads smaller than the minimum frame length, memory content is disclosed within the padding.
---------------------------------------------
https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2020-002.pdf


∗∗∗ Root-Lücke bedroht IBM Spectrum Protect Server ∗∗∗
---------------------------------------------
Unter anderem gefährliche Sicherheitslücken in IBMs Datenbankmanagementsystem Db2 gefährden Spectrum Protect Server.
---------------------------------------------
https://heise.de/-4785158


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (galera, grafana, libjcat, libvirt, mariadb-connector-c, and perl), Gentoo (asterisk, bubblewrap, cyrus-imapd, faad2, json-c, openconnect, openjdk-bin, pcre2, PEAR-Archive_Tar, thunderbird, and tomcat), Mageia (mbedtls and scapy), openSUSE (libntlm, libupnp, prboom-plus, varnish, and xen), Oracle (libexif), Red Hat (kpatch-patch), Scientific Linux (libexif), SUSE (mariadb, nodejs6, and poppler), and Ubuntu (apport).
---------------------------------------------
https://lwn.net/Articles/823199/


∗∗∗ Synology-SA-20:13 CallStranger ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to obtain sensitive information or conduct denial-of-service attack via a susceptible version of Synology Router Manager (SRM) or Media Server.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_13


∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0588


∗∗∗ Security Bulletin: Vulnerabilities addressed in IBM Cloud Pak System (CVE-2019-4521, CVE-2019-4095) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-addressed-in-ibm-cloud-pak-system-cve-2019-4521-cve-2019-4095-2/


∗∗∗ Security Bulletin: IBM MQ is vulnerable to a denial of service attack due to an error within the Data Conversion logic. (CVE-2020-4310) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-attack-due-to-an-error-within-the-data-conversion-logic-cve-2020-4310/


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU for WebSphere MQ Internet Pass-Thru – April 2020 – Includes Oracle April 2020 CPU (CVE-2020-2781) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-for-websphere-mq-internet-pass-thru-april-2020-includes-oracle-april-2020-cpu-cve-2020-2781/


∗∗∗ Security Bulletin: IBM MQ Appliance is affected by OpenSSL vulnerabilities (CVE-2019-1547 and CVE-2019-1563) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-openssl-vulnerabilities-cve-2019-1547-and-cve-2019-1563/


∗∗∗ Security Bulletin: IBM MQ and MQ Appliance could allow an authenticated user cause a denial of service due to a memory leak. (CVE-2020-4267) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-mq-appliance-could-allow-an-authenticated-user-cause-a-denial-of-service-due-to-a-memory-leak-cve-2020-4267/


∗∗∗ Security Bulletin: Security Vulnerabilities in IBM® Java SDK April 2020 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-april-2020-cpu-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology/


∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-sdk-for-node-js-in-ibm-cloud-2/


∗∗∗ Security Bulletin: IBM MQ Appliance is affected by Network Security Services (NSS) vulnerabilities (CVE-2019-11729 and CVE-2019-11745) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-network-security-services-nss-vulnerabilities-cve-2019-11729-and-cve-2019-11745/


∗∗∗ Security Bulletin: Cross-site scripting vulnerability in IBM Cloud Pak System (CVE-2019-4098) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-in-ibm-cloud-pak-system-cve-2019-4098-2/


∗∗∗ Security Bulletin: IBM MQ AMQP channels fail to block connections restricted by SSLPEER setting (CVE-2020-4320) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-amqp-channels-fail-to-block-connections-restricted-by-sslpeer-setting-cve-2020-4320/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list