[CERT-daily] Tageszusammenfassung - 10.03.2020

Daily end-of-shift report team at cert.at
Tue Mar 10 18:16:14 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 09-03-2020 18:00 − Dienstag 10-03-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Microsoft Exchange Server Flaw Exploited in APT Attacks ∗∗∗
---------------------------------------------
The vulnerability in question (CVE-2020-0688) exists in the control panel of Exchange, Microsoft’s mail server and calendaring server, and was fixed as part of Microsoft’s February Patch Tuesday updates. However, researchers in a Friday advisory said that unpatched servers are being exploited in the wild by unnamed advanced persistent threat (APT) actors.
---------------------------------------------
https://threatpost.com/microsoft-exchange-server-flaw-exploited-in-apt-attacks/153527/


∗∗∗ Variant of Paradise Ransomware Targets Office IQY Files ∗∗∗
---------------------------------------------
A new variant of the Paradise ransomware attacks rarely-targeted Microsoft Office Excel IQY files, providing a new and relatively inobtrusive way to infiltrate and hijack an organization’s network, researchers have found.
---------------------------------------------
https://threatpost.com/variant-of-paradise-ransomware-targets-office-iqy-files/153559/


∗∗∗ How poor IoT security is allowing this 12-year-old malware to make a comeback ∗∗∗
---------------------------------------------
Conficker peaked in 2009, but unsupported connected devices are allowing it to spread in 2020 - and the healthcare sector is where its infected the most targets.
---------------------------------------------
https://www.zdnet.com/article/how-poor-iot-security-is-allowing-this-ten-year-old-malware-to-make-a-comeback/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libvpx and network-manager-ssh), Fedora (cacti, cacti-spine, and podman), openSUSE (chromium and python-bleach), Oracle (curl), Red Hat (ansible and qemu-kvm), SUSE (gd, ipmitool, and php7), and Ubuntu (runc and sqlite3).
---------------------------------------------
https://lwn.net/Articles/814493/


∗∗∗ MISP: Mehrere Schwachstellen ermöglichen Cross-Site Scripting ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in MISP ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0206


∗∗∗ SAP Security Patch Day – March 2020 ∗∗∗
---------------------------------------------
On 10th of March 2020, SAP Security Patch Day saw the release of 16 Security Notes. There are 2 updates to previously released Patch Day Security Notes.
---------------------------------------------
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305


*** Joomla Security Updates (Severity: low) ***
---------------------------------------------
∗ [20200306] - Core - SQL injection in Featured Articles menu parameters
https://developer.joomla.org/security-centre/807-20200306-core-sql-injection-in-featured-articles-menu-parameters.html
∗ [20200304] - Core - Identifier collisions in com_users
https://developer.joomla.org/security-centre/805-20200304-core-identifier-collisions-in-com-users.html
∗ [20200305] - Core - Incorrect Access Control in com_fields SQL field
https://developer.joomla.org/security-centre/806-20200305-core-incorrect-access-control-in-com-fields-sql-field.html
∗ [20200303] - Core - Incorrect Access Control in com_templates
https://developer.joomla.org/security-centre/804-20200303-core-incorrect-access-control-in-com-templates.html
∗ [20200302] - Core - XSS in Protostar and Beez3
https://developer.joomla.org/security-centre/803-20200302-core-xss-in-protostar-and-beez3.html
∗ [20200301] - Core - CSRF in com_templates image actions
https://developer.joomla.org/security-centre/802-20200301-core-csrf-in-com-templates-image-actions.html


∗∗∗ TYPO3-EXT-SA-2020-003: Multiple vulnerabilities in extension "Magalone Flipbook for TYPO3" (magaloneflipbook) ∗∗∗
---------------------------------------------
https://typo3.org/security/advisory/typo3-ext-sa-2020-003


∗∗∗ TYPO3-EXT-SA-2020-002: Remote Code Execution in extension "PHPUnit" (phpunit) ∗∗∗
---------------------------------------------
https://typo3.org/security/advisory/typo3-ext-sa-2020-002


∗∗∗ TYPO3-EXT-SA-2020-001: SQL Injection in extension "phpmyadmin" (phpmyadmin) ∗∗∗
---------------------------------------------
https://typo3.org/security/advisory/typo3-ext-sa-2020-001


∗∗∗ SSA-938930: Cross-Site Scripting Vulnerability in Spectrum Power™ 5 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-938930.txt


∗∗∗ SSA-508982: Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-508982.txt


∗∗∗ SSA-844761: Multiple Vulnerabilities in CCS, FTP and Streaming Services of SiNVR Video Management Solution ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-844761.txt


∗∗∗ Security Bulletin: Vulnerability in DCNM Network Management Software used by IBM c-type SAN directors and switches. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-dcnm-network-management-software-used-by-ibm-c-type-san-directors-and-switches-2/


∗∗∗ Security Bulletin: Vulnerability in DCNM Network Management Software used by IBM c-type SAN directors and switches. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-dcnm-network-management-software-used-by-ibm-c-type-san-directors-and-switches/


∗∗∗ Security Bulletin: An information disclosure vulnerability has been identified with the embedded Content Platform Engine component shipped with IBM Business Automation Workflow (CVE-2019-4572) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-an-information-disclosure-vulnerability-has-been-identified-with-the-embedded-content-platform-engine-component-shipped-with-ibm-business-automation-workflow-cve-2019-4572/


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2019 – Includes Oracle Oct 2019 CPU minus CVE-2019-2949 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2019-includes-oracle-oct-2019-cpu-minus-cve-2019-2949-3/


∗∗∗ Security Bulletin: IBM Workload scheduler 9.3 vulnerable to CVE-2019-4608 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-workload-scheduler-9-3-vulnerable-to-cve-2019-4608/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list