[CERT-daily] Tageszusammenfassung - 17.06.2020

Daily end-of-shift report team at cert.at
Wed Jun 17 18:13:18 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 16-06-2020 18:00 − Mittwoch 17-06-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Do cybercriminals play cyber games during quarantine? ∗∗∗
---------------------------------------------
Thanks to the coronavirus pandemic, the role of the Internet in our lives has undergone changes, including irreversible ones. We decided to take a closer look at the changes around us through the prism of information security, starting with the video game industry.
---------------------------------------------
https://securelist.com/do-cybercriminals-play-cyber-games-during-quarantine/97241/


∗∗∗ When NTP Kills Your Sandbox ∗∗∗
---------------------------------------------
If it’s common to say that “Everything is a Freaking DNS problem“, other protocols can also be the source of problems… NTP (“Network Time Protocol”) is also a good candidate! A best practice is to synchronize all your devices via NTP but also to set up the same timezone! We [...]
---------------------------------------------
https://blog.rootshell.be/2020/06/17/when-ntp-kills-your-sandbox/


∗∗∗ A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software ∗∗∗
---------------------------------------------
[...] The vulnerability represents a new attack vector that allows attackers to create fake USB devices, fully trusted by the Windows operating system (kernel), to attack a machine in unconventional and unexpected ways.
---------------------------------------------
https://labs.sentinelone.com/click-from-the-backyard-cve-2020-9332/


∗∗∗ Ripple20 erschüttert das Internet der Dinge ∗∗∗
---------------------------------------------
Eine Reihe von teils kritischen Sicherheitslücken in einer TCP/IP-Implementierung gefährdet Geräte in Haushalten, Krankenhäusern und Industrieanlagen.
---------------------------------------------
https://heise.de/-4786249


∗∗∗ Embedded security fails in ICS ∗∗∗
---------------------------------------------
Over the last 5 years, we’ve seen an increasing use of open-source software in ICS (Industrial Control Systems) devices, with a move away from traditional RTOS (Real Time Operating System) [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/embedded-security-fails-in-ics/


∗∗∗ Vorsicht bei der Wohnungssuche: Günstige Traumwohnung könnte Betrug sein! ∗∗∗
---------------------------------------------
Es ist kaum zu glauben: Zentrale Lage in der Wiener Innenstadt. Eingerichtet mit neuesten Möbeln und Geräten. 87m2 und dazu noch eine Terrasse oder einen Balkon. Das Beste daran: Die Miete beträgt nur 450 Euro monatlich, weit unter dem Durchschnitt also. Kennen Sie ähnlich verlockende Wohnungsinserate? Wenn ja, sollten Sie vorsichtig sein und sich den Anbieter oder die Anbieterin genauer ansehen, bevor Sie bei dem verlockenden Schnäppchen zusagen!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-bei-der-wohnungssuche-guenstige-traumwohnung-koennte-betrug-sein/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ SaltStack FrameWork Vulnerabilities Affecting Cisco Products ∗∗∗
---------------------------------------------
On April 29, 2020, the Salt Open Core team notified their community regarding the following two CVE-IDs:  CVE-2020-11651: Authentication Bypass Vulnerability CVE-2020-11652: Directory Traversal Vulnerability  Cisco Modeling Labs Corporate Edition (CML), Cisco TelePresence IX5000 Series, and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG


∗∗∗ ICS Advisory (ICSA-20-168-01) - Treck TCP/IP Stack ∗∗∗
---------------------------------------------
CISA is aware of a public report, known as "Ripple20" that details vulnerabilities found in the Treck TCP/IP stack. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-168-01


∗∗∗ Linux-Kernel: ACPI-Bug hebelt Schutzmechanismen von UEFI Secure Boot aus ∗∗∗
---------------------------------------------
Ein Bug im Linux-Mainline-Kernel könnte Angreifern das Laden unsignierter Kernel-Module trotz UEFI Secure Boot ermöglichen. PoC-Code und ein Patch liegen vor.
---------------------------------------------
https://heise.de/-4786877


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (dbus and intel-ucode), CentOS (libexif), Debian (vlc), SUSE (xen), and Ubuntu (dbus, libexif, and nss).
---------------------------------------------
https://lwn.net/Articles/823283/


∗∗∗ Security Bulletin: WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-used-in-ibm-websphere-application-server-in-ibm-cloud-is-vulnerable-to-a-server-side-request-forgery-vulnerability-cve-2020-4365/


∗∗∗ Security Bulletin: Security Vulnerabilities in IBM® Java SDK April 2020 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-april-2020-cpu-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology-2/


∗∗∗ Security Bulletin: Information disclosure vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4532 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-affects-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4532/


∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server and IBM WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-http-server-and-ibm-websphere-application-server-used-in-ibm-websphere-application-server-in-ibm-cloud/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list