[CERT-daily] Tageszusammenfassung - 12.03.2020
Daily end-of-shift report
team at cert.at
Thu Mar 12 18:14:37 CET 2020
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 11-03-2020 18:00 − Donnerstag 12-03-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Prenotification Security Advisory for Adobe Acrobat and Reader ∗∗∗
---------------------------------------------
Adobe is planning to release security updates for Adobe Acrobat and Reader for Windows and macOS on Tuesday, March 17, 2020.
---------------------------------------------
https://helpx.adobe.com/security/products/acrobat/apsb20-13.html
∗∗∗ Live Coronavirus Map Used to Spread Malware ∗∗∗
---------------------------------------------
Cybercriminals constantly latch on to news items that captivate the publics attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software.
---------------------------------------------
https://krebsonsecurity.com/2020/03/live-coronavirus-map-used-to-spread-malware/
=====================
= Vulnerabilities =
=====================
∗∗∗ Achtung: Sicherheitspatch gegen kritische SMBv3-Lücke jetzt verfügbar ∗∗∗
---------------------------------------------
Gegen die kritische Windows-Sicherheitslücke CVE-2020-0796 gibt es jetzt einen Patch von Microsoft. Admins sollten ihre Systeme möglichst sofort akualisieren..
---------------------------------------------
https://heise.de/-4681993
∗∗∗ Flaws Riddle Zyxel’s Network Management Software ∗∗∗
---------------------------------------------
Over 16 security flaws, including multiple backdoors and hardcoded SSH server keys, plague the software.
---------------------------------------------
https://threatpost.com/flaws-zyxels-network-management-software/153554/
∗∗∗ Vulnerabilities Patched in Popup Builder Plugin Affecting over 100,000 Sites ∗∗∗
---------------------------------------------
On March 4th, our Threat Intelligence team discovered several vulnerabilities in Popup Builder, a WordPress plugin installed on over 100,000 sites. One vulnerability allowed an unauthenticated attacker to inject malicious JavaScript into any published popup, which would then be executed whenever the popup loaded.
..
We highly recommend updating to the latest version, 3.64.1, immediately.
---------------------------------------------
https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-popup-builder-plugin-affecting-over-100000-sites/
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (kernel), Debian (dojo, firefox-esr, sleuthkit, and wpa), Fedora (cacti, cacti-spine, and python-psutil), Oracle (kernel), Red Hat (kernel), Scientific Linux (kernel), SUSE (ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, ...), Ubuntu (firefox).
---------------------------------------------
https://lwn.net/Articles/814652/
∗∗∗ ABB eSOMS ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-072-01
∗∗∗ ABB Asset Suite ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-072-02
∗∗∗ Rockwell Automation Allen-Bradley Stratix 5950 ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-072-03
∗∗∗ XSS vulnerability in the FortiManager via the buffer parameter ∗∗∗
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-19-271
∗∗∗ Information disclosure through diagnose debug commands in FortiWeb ∗∗∗
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-19-269
∗∗∗ XSS Vulnerability in Disclaimer Description of a Replacement Message in FortiWeb ∗∗∗
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-20-001
∗∗∗ Unquoted Service Path exploit in FortiClient ∗∗∗
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-19-281
∗∗∗ Authorizations Bypass in the FortiPresence portal parameters ∗∗∗
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-19-258
∗∗∗ XSS vulnerability in the URL Description of URL filter ∗∗∗
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-19-270
∗∗∗ XSS vulnerability in the Anomaly Detection Parameter Name ∗∗∗
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-19-265
∗∗∗ FortiSIEM is vulnerable to a CSRF attack ∗∗∗
---------------------------------------------
https://fortiguard.com/psirt/ FG-IR-19-240
∗∗∗ Security Advisory - Out of Bounds Read Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200311-01-buffer-en
∗∗∗ Security Advisory - Improper Authentication Vulnerability in Huawei Smartphone ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200311-01-smartphone-en
∗∗∗ Security Advisory - Improper Authentication Vulnerability in Huawei Smartphone ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200311-01-informationleak-en
∗∗∗ Security Advisory - Improper Integrity Checking Vulnerability on some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200311-01-integrity-en
∗∗∗ Security Bulletin: Vulnerability from Apache HttpClient affects IBM Cloud Pak System (CVE-2012-5783) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-from-apache-httpclient-affects-ibm-cloud-pak-system-cve-2012-5783/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-bus-and-ibm-app-connect-enterpise-v11/
∗∗∗ Security Bulletin: Multiple vulnerabilities in HTTP/2 implementation used by Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-http-2-implementation-used-by-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/
∗∗∗ Security Bulletin: An information disclosure security vulnerability has been identified with the embedded Content Navigator component shipped with IBM Business Automation Workflow (CVE-2019-4679) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-an-information-disclosure-security-vulnerability-has-been-identified-with-the-embedded-content-navigator-component-shipped-with-ibm-business-automation-workflow-cve-2019-4679/
∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-spss-statistics-2/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list