[CERT-daily] Tageszusammenfassung - 23.06.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 22-06-2020 18:00 − Dienstag 23-06-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Comparing Office Documents with WinMerge, (Mon, Jun 22nd) ∗∗∗
---------------------------------------------
Sometimes I have to compare the internals of Office documents (OOXML files, e.g. ZIP container with XML files, ...). Since they are ZIP containers, I have to compare the files within. I used to do this with with zipdump.py tool, but recently, I started to use WinMerge because of its graphical user interface.
---------------------------------------------
https://isc.sans.edu/diary/rss/26268


∗∗∗ HTTP Request Smuggling: Abusing Reverse Proxies ∗∗∗
---------------------------------------------
SANS Penetration Testing blog about exploiting differences between web servers and their reverse proxies
---------------------------------------------
https://www.sans.org/blog/http-request-smuggling-abusing-reverse-proxies?msc=rss


∗∗∗ XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers ∗∗∗
---------------------------------------------
We have recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers; these are XORDDoS malware and Kaiji DDoS malware. While the XORDDoS attack infiltrated the Docker server to infect all the containers hosted on it, the Kaiji attack deploys its own container that will contain its DDoS malware.
---------------------------------------------
https://blog.trendmicro.com/trendlabs-security-intelligence/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers/


∗∗∗ Vorschussbetrug: Ein Opfer berichtet… ∗∗∗
---------------------------------------------
Vorschussbetrug funktioniert immer ähnlich: Ihnen wird per E-Mail mitgeteilt, dass Sie auserwählt wurden, einen sehr hohen Geldbetrag zu erhalten. Jedoch müssen Sie vorab eine Geldsumme überweisen – angeblich für Zertifikate, Spesen, die Abwicklung der Überweisung oder Ähnliches. Erst dann kann der Betrag an Sie übermittelt werden. Achtung: Den angeblichen Geldbetrag erhalten Sie nie und das vorab überwiesene Geld ist weg!
---------------------------------------------
https://www.watchlist-internet.at/news/vorschussbetrug-ein-opfer-berichtet/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitsupdate Bitdefender: Websites könnten Schadcode auf PCs schleusen ∗∗∗
---------------------------------------------
In einer aktualisierten Version von Bitdefender Internet Security haben die Entwickler eine Sicherheitslücke geschlossen. Das Angriffsrisiko gilt als hoch.
---------------------------------------------
https://heise.de/-4792200


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (thunderbird), Debian (wordpress), Fedora (ca-certificates, kernel, libexif, and tomcat), openSUSE (chromium, containerd, docker, docker-runc, golang-github-docker-libnetwork, fwupd, osc, perl, php7, and xmlgraphics-batik), Oracle (unbound), Red Hat (containernetworking-plugins, dpdk, grafana, kernel, kernel-rt, kpatch-patch, libexif, microcode_ctl, ntp, pcs, and skopeo), Scientific Linux (unbound), SUSE (kernel, mariadb, mercurial, and xawtv), and Ubuntu (mutt, nfs-utils).
---------------------------------------------
https://lwn.net/Articles/824264/


∗∗∗ Atlassian Jira Software: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
Ein lokaler Angreifer kann eine Schwachstelle in Atlassian Jira Software ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0617


∗∗∗ Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020 ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-cross-site-scripting-vulnerability-2/


∗∗∗ Security Bulletin: IBM API Connect V2018 (ova) is vulnerable to denial of service (CVE-2020-8551, CVE-2020-8552) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v2018-ova-is-vulnerable-to-denial-of-service-cve-2020-8551-cve-2020-8552/


∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2020-4323) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-security-secret-server-cve-2020-4323/


∗∗∗ Security Bulletin: PowerVC is impacted by an Openstack Nova vulnerability which could leak consoleauth tokens into log files (CVE-2015-9543) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-powervc-is-impacted-by-an-openstack-nova-vulnerability-which-could-leak-consoleauth-tokens-into-log-files-cve-2015-9543/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OS Command Injection vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-os-command-injection-vulnerabilities-3/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-4/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Hard-coded passwords vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-hard-coded-passwords-vulnerability-2/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-improper-restriction-of-excessive-authentication-attempts-vulnerability-2/


∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2020-4327) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-security-secret-server-cve-2020-4327/


∗∗∗ Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2020-4413) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-security-secret-server-cve-2020-4413/


∗∗∗ KLCERT-20-014: Session token exposed in Honeywell ControlEdge PLC and RTU ∗∗∗
---------------------------------------------
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/06/23/klcert-20-014-session-token-exposed-in-honeywell-controledge-plc-and-rtu/


∗∗∗ KLCERT-20-013: Unencypted password transmission in Honeywell ControlEdge PLC and RTU ∗∗∗
---------------------------------------------
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/06/23/klcert-20-013-unencypted-password-transmission-in-honeywell-controledge-plc-and-rtu/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily