[CERT-daily] Tageszusammenfassung - 14.05.2020

Daily end-of-shift report team at cert.at
Thu May 14 18:07:12 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 13-05-2020 18:00 − Donnerstag 14-05-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Dimitri Robl

=====================
=       News        =
=====================

∗∗∗ COMpfun authors spoof visa application with HTTP status-based Trojan ∗∗∗
---------------------------------------------
In autumn 2019 we published a story about how a COMpfun successor known as Reductor infected files on the fly to compromise TLS traffic. Later in November 2019 we revealed a new Trojan using the same code base as COMPFun.
---------------------------------------------
https://securelist.com/compfun-http-status-based-trojan/96874/


∗∗∗ Patch Tuesday Revisited - CVE-2020-1048 isnt as "Medium" as MS Would Have You Believe, (Thu, May 14th) ∗∗∗
---------------------------------------------
Looking at our patch Tuesday list, I looked a bit closer at CE-2020-1048 (Print Spooler Privilege Escalation) and Microsoft&#;x26;#;39;s ratings for that one. Microsoft rated this as:
---------------------------------------------
https://isc.sans.edu/diary/rss/26124


∗∗∗ Danger zone! Brit research supercomputer ARCHERs login nodes exploited in cyber-attack, admins reset passwords and SSH keys ∗∗∗
---------------------------------------------
Assault on TOP500-listed machine may have hit Euro HPC too, warn sysops Updated One of Britains most powerful academic supercomputers has fallen victim to a "security exploitation" of its login nodes, forcing the rewriting of all user passwords and SSH keys.…
---------------------------------------------
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/13/uk_archer_supercomputer_cyberattack/


∗∗∗ Vulnerability in Google WordPress Plugin Grants Attacker Search Console Access ∗∗∗
---------------------------------------------
On April 21st, our Threat Intelligence team discovered a vulnerability in Site Kit by Google, a WordPress plugin installed on over 300,000 sites. This flaw allows any authenticated user, regardless of capability, to become a Google Search Console owner for any site running the Site Kit by Google plugin. We filed a security issue report ...Read MoreThe post Vulnerability in Google WordPress Plugin Grants Attacker Search Console Access appeared first on Wordfence.
---------------------------------------------
https://www.wordfence.com/blog/2020/05/vulnerability-in-google-wordpress-plugin-grants-attacker-search-console-access/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ reCAPTCHA v3 - Critical - Access bypass - SA-CONTRIB-2020-019 ∗∗∗
---------------------------------------------
Project: reCAPTCHA v3Date: 2020-May-13Security risk: Critical 18∕25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypassDescription: The reCaptcha v3 module enables you to protect your forms using the Google reCaptcha V3.If the reCaptcha v3 challenge succeeds, all the other form validations are bypassed. This makes it possible for attackers to submit invalid or incomplete forms.This vulnerability only affects forms that are protected by reCaptcha v3 and have
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-019


∗∗∗ Webform - Critical - Access bypass - SA-CONTRIB-2020-018 ∗∗∗
---------------------------------------------
Project: WebformDate: 2020-May-13Security risk: Critical 15∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: This webform module enables you to build a Term checkboxes element.The module doesnt sufficiently check term view access when rendering Term checkboxes elements. Unpublished terms will always appear in the Term checkboxes element.Solution: Install the latest version:If you use the Webform module for Drupal 8.x, upgrade to Webform
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-018


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (apt and libreswan), Fedora (glpi, grafana, java-latest-openjdk, mailman, and oddjob), Oracle (container-tools:2.0, container-tools:ol8, kernel, libreswan, squid:4, and thunderbird), SUSE (apache2, grafana, and python-paramiko), and Ubuntu (apt and libexif).
---------------------------------------------
https://lwn.net/Articles/820520/


∗∗∗ Security Bulletin: Multiple vulnerabilities have been Identified In WebSphere Liberty Server shipped with IBM Global Mailbox ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-websphere-liberty-server-shipped-with-ibm-global-mailbox/


∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in IBM MQ Affect IBM Sterling B2B Integrator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-mq-affect-ibm-sterling-b2b-integrator/


∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect IBM Sterling B2B Integrator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator/


∗∗∗ Security Bulletin: Multiple security vulnerabilities have been Identified In Jackson Databind library shipped with IBM Global Mailbox ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-jackson-databind-library-shipped-with-ibm-global-mailbox/


∗∗∗ Security Bulletin: Information Disclosure Security Vulnerability Afftects IBM Stering B2B Integrator GPM Web App (CVE-2020-4299) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-security-vulnerability-afftects-ibm-stering-b2b-integrator-gpm-web-app-cve-2020-4299/


∗∗∗ Security Bulletin: Jackson-databind Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-20330) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-security-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2019-20330/


∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jetty Affect IBM Sterling B2B Integrator (CVE-2018-12545, CVE-2019-10241) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jetty-affect-ibm-sterling-b2b-integrator-cve-2018-12545-cve-2019-10241/


∗∗∗ Security Bulletin: Multiple memory corruption vulnerabilities in IBM i2 Analyst's Notebook and IBM i2 Analyst's Notebook Premium ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-memory-corruption-vulnerabilities-in-ibm-i2-analysts-notebook-and-ibm-i2-analysts-notebook-premium/


∗∗∗ Security Bulletin: Permission security vulnerability exists in IBM Sterling File Gateway (CVE-2020-4259) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-permission-security-vulnerability-exists-in-ibm-sterling-file-gateway-cve-2020-4259/


∗∗∗ Security Bulletin: IBM API Connect is impacted by vulnerabilities in PHP (CVE-2020-7069, CVE-2020-7059) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-php-cve-2020-7069-cve-2020-7059-2/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list