[CERT-daily] Tageszusammenfassung - 20.03.2020
Daily end-of-shift report
team at cert.at
Fri Mar 20 18:45:29 CET 2020
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 19-03-2020 18:00 − Freitag 20-03-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ WHO Chief Impersonated in Phishing to Deliver HawkEye Malware ∗∗∗
---------------------------------------------
An ongoing phishing campaign delivering emails posing as official messages from the Director-General of the World Health Organization (WHO) is actively spreading HawkEye malware payloads onto the devices of unsuspecting victims.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/who-chief-impersonated-in-phishing-to-deliver-hawkeye-malware/
∗∗∗ Firefox Reenables Insecure TLS to Improve Access to COVID19 Info ∗∗∗
---------------------------------------------
Mozilla says that the support for the insecure TLS 1.0 and TLS 1.1 will be reenabled in the latest version of Firefox to maintain access to government sites with COVID19 information that havent yet upgraded to TLS 1.2 or TLS 1.3.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/firefox-reenables-insecure-tls-to-improve-access-to-covid19-info/
∗∗∗ PrivEsc in Lenovo Vantage. Two minutes later ∗∗∗
---------------------------------------------
TL;DR The latest and greatest Lenovo Vantage software which ships with the most recent Lenovo devices is affected by a privilege escalation vulnerability.
---------------------------------------------
https://www.pentestpartners.com/security-blog/privesc-in-lenovo-vantage-two-minutes-later/
∗∗∗ New Mirai Variant Targets Zyxel Network-Attached Storage Devices ∗∗∗
---------------------------------------------
Unit 42 researchers discovered a new Mirai variant, dubbed Mukashi, exploiting CVE-2020-9054 to infect vulnerable versions of Zyxel network-attached storage (NAS) devices.
---------------------------------------------
https://unit42.paloaltonetworks.com/new-mirai-variant-mukashi/
∗∗∗ Security flaws found in popular password managers ∗∗∗
---------------------------------------------
Not all they’re cracked up to be? Several password vaults have been found to contain vulnerabilities, both new and previously disclosed but never patched, a study says
---------------------------------------------
https://www.welivesecurity.com/2020/03/19/security-flaws-found-in-popular-password-managers/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (bluez and chromium), Debian (icu, rails, thunderbird, and twisted), Fedora (chromium and webkit2gtk3), Gentoo (bsdiff, cacti, clamav, fribidi, libgit2, pecl-imagick, phpmyadmin, pyyaml, and tomcat), openSUSE (wireshark), Oracle (firefox, icu, python-imaging, thunderbird, and zsh), Scientific Linux (thunderbird), SUSE (firefox, nghttp2, thunderbird, and tomcat), and Ubuntu (twisted).
---------------------------------------------
https://lwn.net/Articles/815591/
∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0246
∗∗∗ Symantec Veritas NetBackup: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0244
∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4304) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2019-4304/
∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is affected by vulnerabilities in WebSphere Application Server Liberty (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/
∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4663) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2019-4663/
∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4441) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2019-4441/
∗∗∗ Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server (CVE-2019-17573) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-cxf-affects-websphere-application-server-cve-2019-17573/
∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-node-js-vulnerabilities-2/
∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2014-3603) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2014-3603/
∗∗∗ Security Bulletin: Information Disclosure in Cognos Business Intelligence (Cognos BI) shipped with Tivoli Common Reporting (CVE-2019-1547, CVE-2019-1549, CVE-2019-1563) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-cognos-business-intelligence-cognos-bi-shipped-with-tivoli-common-reporting-cve-2019-1547-cve-2019-1549-cve-2019-1563/
∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4720) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2019-4720/
∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affecting-tivoli-netcool-omnibus-multiple-cves/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list