[CERT-daily] Tageszusammenfassung - 13.03.2020

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 12-03-2020 18:00 − Freitag 13-03-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Dimitri Robl

=====================
=       News        =
=====================

∗∗∗ CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware ∗∗∗
---------------------------------------------
The security research team at DomainTools recently observed an uptick in suspicious Coronavirus and COVID-19 domains, leading them to discover CovidLock, a malicious Android App.
---------------------------------------------
https://www.domaintools.com/resources/blog/covidlock-mobile-coronavirus-tracking-app-coughs-up-ransomware


∗∗∗ mTAN abgefangen: Betrüger räumten Konten in Österreich leer ∗∗∗
---------------------------------------------
Mit SIM-Swapping haben Kriminelle bei Dutzenden Österreichern Geld abgehoben. Nun wurden sie verhaftet. (TAN, Malware)
---------------------------------------------
https://www.golem.de/news/mtan-abgefangen-betrueger-raeumten-konten-in-oesterreich-leer-2003-147234-rss.html


∗∗∗ Persistent Cross-Site Scripting, the MSSQL Way ∗∗∗
---------------------------------------------
If you save wide Unicode brackets (i.e. ＜＞) into a char or varchar field, MSSQL Server will convert them into HTML brackets (i.e. ). So, ＜img src=x onerror=alert(pxss)＞ will be converted to  compliments of the backend DB. This will likely help you sneak past server-side filters, WAFs, etc. and execute a persistent Cross-Site Scripting (PXSS) attack. As a bonus, .NET request validation will not detect it.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/persistent-cross-site-scripting-the-mssql-way/


∗∗∗ Tor team warns of Tor Browser bug that runs JavaScript on sites it shouldnt ∗∗∗
---------------------------------------------
Tor team says its working on a fix, but has no timeline.
---------------------------------------------
https://www.zdnet.com/article/tor-team-warns-of-tor-browser-bug-that-runs-javascript-on-sites-it-shouldnt/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (firefox, golang-golang-x-crypto, kernel, mbedtls, ppp, and python-django), Debian (slirp and yubikey-val), Fedora (firefox, java-1.8.0-openjdk-aarch32, mbedtls, monit, seamonkey, sympa, and zsh), Gentoo (chromium, e2fsprogs, firefox, groovy, postgresql, rabbitmq-c, ruby, and vim), Mageia (ppp), openSUSE (kernel), and SUSE (glibc, kernel, openstack-manila, php5, and squid).
---------------------------------------------
https://lwn.net/Articles/814817/


∗∗∗ Update - Kritische Sicherheitslücke in Microsoft SMBv3 - Patch und Workarounds verfügbar ∗∗∗
---------------------------------------------
03. März 2020 Update: 13. März 2020 Beschreibung Microsoft hat außerhalb des monatlichen Patch-Zyklus ein Security Advisory mit Workarounds für eine kritische Sicherheitslücke in Microsoft Server Message Block 3.1.1 (SMBv3) veröffentlicht. CVE-Nummern: CVE-2020-0796 CVSS Base Score: 10.0 (laut CERT/CC)  Update: 13. März 2020 Microsoft gibt unter https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 ebenfalls einen CVSS Base Score
---------------------------------------------
https://cert.at/de/warnungen/2020/3/kritische-sicherheitslucke-in-microsoft-smbv3-workarounds-verfugbar


∗∗∗ Security Bulletin: PowerVC is impacted by information leakage from nova APIs during external exception (CVE-2019-14433) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-powervc-is-impacted-by-information-leakage-from-nova-apis-during-external-exception-cve-2019-14433/


∗∗∗ Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-ibm-sdk-java-technology-edition/


∗∗∗ Security Bulletin: Content Collector for Email is affected by a 3RD PARTY Path Traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-email-is-affected-by-a-3rd-party-path-traversal-vulnerability-in-the-administrative-console-in-ibm-websphere-application-server-was/


∗∗∗ Security Bulletin: Content Collector for Email is affected by a cross-site scripting vulnerability in WebSphere Application Server Admin Console ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-email-is-affected-by-a-cross-site-scripting-vulnerability-in-websphere-application-server-admin-console/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect Snapshot for VMware (CVE-2019-2989) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-ibm-spectrum-protect-snapshot-for-vmware-cve-2019-2989/


∗∗∗ Security Bulletin: A vulnerability in Python affects IBM Operations Analytics Predictive Insights (CVE-2019-18348) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-python-affects-ibm-operations-analytics-predictive-insights-cve-2019-18348/


∗∗∗ Security Bulletin: Content Collector for Email is affected by a File traversal vulnerability in WebSphere Application Server Admin Console ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-email-is-affected-by-a-file-traversal-vulnerability-in-websphere-application-server-admin-console/


∗∗∗ Security Bulletin: Content Collector for Email is affected by a Information disclosure vulnerability in WebSphere Application Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-email-is-affected-by-a-information-disclosure-vulnerability-in-websphere-application-server-2/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for ACH Services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-ach-services/


∗∗∗ VMSA-2020-0004 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2020-0004.html


∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0228

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily