[CERT-daily] Tageszusammenfassung - 18.03.2020

Daily end-of-shift report team at cert.at
Wed Mar 18 18:24:44 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 17-03-2020 18:00 − Mittwoch 18-03-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks ∗∗∗
---------------------------------------------
A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol (RDP) connection exposed to the Internet. 
---------------------------------------------
https://thehackernews.com/2020/03/trickbot-malware-rdp-bruteforce.html


∗∗∗ Home-Office? – Aber sicher! ∗∗∗
---------------------------------------------
Eine empfohlene Maßnahme im Kontext der Corona-Prävention ist die intensivere Nutzung von Home-Office und mobilem Arbeiten. Dafür gilt es, pragmatische Lösungen zu finden, die einerseits die Arbeitsfähigkeit einer Organisation erhalten, gleichzeitig jedoch Vertraulichkeit, Verfügbarkeit und Integrität gewährleisten.
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Empfehlungen_mobiles_Arbeiten_180320.html


∗∗∗ Sicher arbeiten im Homeoffice! ∗∗∗
---------------------------------------------
Unzählige Unternehmen haben ihren Betrieb als Reaktion auf das Coronavirus und entsprechende Regierungsvorgaben mittlerweile auf Arbeit im Homeoffice umgestellt. Da dies einige Änderungen in alltäglichen Arbeitsprozessen bedeutet, gibt es Empfehlungen für Unternehmen und deren MitarbeiterInnen, die Schäden durch Kriminelle in der momentanen Ausnahmesituation vermeiden können.
---------------------------------------------
https://www.watchlist-internet.at/news/sicher-arbeiten-im-homeoffice/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Genuine Integrity Service (APSB20-12), Adobe Acrobat and Reader (APSB20-13), Adobe Photoshop (APSB20-14), Adobe Experience Manager (APSB20-15), Adobe ColdFusion (APSB20-16) and Adobe Bridge (APSB20-17). 
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1847


∗∗∗ Severe Flaws Patched in Responsive Ready Sites Importer Plugin ∗∗∗
---------------------------------------------
On March 2nd, our Threat Intelligence team discovered several vulnerable endpoints in Responsive Ready Sites Importer, a WordPress plugin installed on over 40,000 sites. These flaws allowed any authenticated user, regardless of privilege level, the ability to execute various AJAX actions that could reset site data, inject malicious JavaScript in pages, modify theme customizer data, import .xml and .json files, and activate plugins, among many other actions. ... We highly recommend updating to the latest version available, 2.2.7, immediately.
---------------------------------------------
https://www.wordfence.com/blog/2020/03/severe-flaws-patched-in-responsive-ready-sites-importer-plugin/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libvncserver and twisted), Fedora (libxslt), Red Hat (kernel, kernel-rt, python-flask, python-pip, python-virtualenv, slirp4netns, tomcat, and zsh), Scientific Linux (kernel, python-pip, python-virtualenv, tomcat, and zsh), SUSE (apache2-mod_auth_openidc and skopeo), and Ubuntu (apport and dino-im).
---------------------------------------------
https://lwn.net/Articles/815309/


∗∗∗ FreeRADIUS: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
FreeRADIUS ist ein Open Source Server zur Authentisierung entfernter Benutzer auf Basis des RADIUS-Protokolls (Remote Access Dial-In User Service). Ein entfernter, anonymer Angreifer kann eine Schwachstelle in FreeRADIUS ausnutzen, um Informationen offenzulegen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0235


∗∗∗ Delta Electronics Industrial Automation CNCSoft ScreenEditor ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-077-01


∗∗∗ Cisco SD-WAN Solution vManage SQL Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200318-vmanage-cypher-inject


∗∗∗ Cisco SD-WAN Solution Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwpresc-ySJGvE9


∗∗∗ Cisco SD-WAN Solution Command Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwclici-cvrQpH9v


∗∗∗ Cisco SD-WAN Solution Buffer Overflow Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanbo-QKcABnS2


∗∗∗ Cisco SD-WAN Solution vManage Stored Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200318-vmanage-xss


∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200318-05-smartphone-en


∗∗∗ Security Advisory - Logic Error Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200318-04-smartphone-en


∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200318-02-smartphone-en


∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200318-01-authentication-en


∗∗∗ Security Advisory - Double Free Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200318-01-free-en


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud January 2020 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-liberty-for-java-for-ibm-cloud-january-2020-cpu/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM eDiscovery Analyzer ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-ediscovery-analyzer-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-content-classification/


∗∗∗ Security Bulletin: A Vulnerability in Apache Log4j affects IBM LKS ART & Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-affects-ibm-lks-art-agent/


∗∗∗ Security Bulletin: OpenSSL publicly disclosed vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-2/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Apache Commons vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-apache-commons-vulnerability/


∗∗∗ Security Bulletin: Cross-Site Request Forgery (CSRF) vulnerabilities were identified on Tivoli Netcool/OMNIbus WebGUI Relationship admin page (CVE-2020-4199) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-request-forgery-csrf-vulnerabilities-were-identified-on-tivoli-netcool-omnibus-webgui-relationship-admin-page-cve-2020-4199/


∗∗∗ Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to a denial of service (CVE-2019-4720) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-liberty-for-java-for-ibm-cloud-is-vulnerable-to-a-denial-of-service-cve-2019-4720/


∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-sdk-for-node-js-in-ibm-cloud/


∗∗∗ Security Bulletin: Vulnerability in Apache CXF affects Liberty for Java for IBM Cloud(CVE-2019-12406) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-cxf-affects-liberty-for-java-for-ibm-cloudcve-2019-12406/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list