[CERT-daily] Tageszusammenfassung - 25.11.2020

Daily end-of-shift report team at cert.at
Wed Nov 25 18:22:06 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 24-11-2020 18:00 − Mittwoch 25-11-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Light-Based Attacks Expand in the Digital Home ∗∗∗
---------------------------------------------
The team that hacked Amazon Echo and other smart speakers using a laser pointer continue to investigate why MEMS microphones respond to sound.
---------------------------------------------
https://threatpost.com/light-based-attacks-digital-home/161583/


∗∗∗ [SANS ISC] Live Patching Windows API Calls Using PowerShell ∗∗∗
---------------------------------------------
I published the following diary on isc.sans.edu: “Live Patching Windows API Calls Using PowerShell“: It’s amazing how attackers can be imaginative when it comes to protecting themselves and preventing security controls to do their job. Here is an example of a malicious PowerShell script that patches live a DLL function [...]
---------------------------------------------
https://blog.rootshell.be/2020/11/25/sans-isc-live-patching-windows-api-calls-using-powershell/


∗∗∗ IBM: Aktuelle Security-Updates sichern diverse Produkte gegen Angriffe ab ∗∗∗
---------------------------------------------
Schwachstellen von "Low" bis "High" wurden aus Netezza Host Management, aus Resilient, Spectrum Protect (Plus), TNPM Wireline und weiteren Produkten beseitigt.
---------------------------------------------
https://heise.de/-4970430


∗∗∗ Stantinko Proxy Trojan Masquerades as Apache Servers ∗∗∗
---------------------------------------------
A threat group tracked as Stantinko was observed using a new version of a Linux proxy Trojan that poses as Apache servers to remain undetected.
---------------------------------------------
https://www.securityweek.com/stantinko-proxy-trojan-masquerades-apache-servers


∗∗∗ This critical software flaw is now being used to break into networks - so update fast ∗∗∗
---------------------------------------------
A vulnerability in MobileIron mobile device management software is being used by state-backed hackers and organised crime, warns security agency.
---------------------------------------------
https://www.zdnet.com/article/this-software-flaw-is-being-used-to-break-into-networks-now-so-update-fast/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitslücken in McAfee Endpoint Security machen Windows angreifbar ∗∗∗
---------------------------------------------
Es gibt wichtige Updates für McAfee Endpoint Security. Unter bestimmten Voraussetzungen könnten Angreifer Schadcode ausführen.
---------------------------------------------
https://heise.de/-4970655


∗∗∗ 2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software ∗∗∗
---------------------------------------------
cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection on an account. The issue, tracked as "SEC-575" and discovered by researchers from Digital Defense, has been remedied by the company in versions 11.92.0.2, [...]
---------------------------------------------
https://thehackernews.com/2020/11/2-factor-authentication-bypass-flaw.html


∗∗∗ Cisco DNA Spaces Connector Command Injection Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary [...]
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dna-cmd-injection-rrAYzOwc


∗∗∗ Cisco Edge Fog Fabric Resource Exposure Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-eff-incperm-9E6h4yBz


∗∗∗ VMSA-2020-0023.3 VMware ESXi, Workstation, Fusion and NSX-T updates address multiple security vulnerabilities (CVE-2020-3981, CVE-2020-3982, CVE-2020-3992, CVE-2020-3993, CVE-2020-3994, CVE-2020-3995) ∗∗∗
---------------------------------------------
Updated security advisory to add VMware Cloud Foundation 3.x and 4.x versions in the response matrix of section 3(a).
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2020-0023.html


∗∗∗ VMSA-2020-0026.1 VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) ∗∗∗
---------------------------------------------
Updated security advisory to add VMware Cloud Foundation 3.x and 4.x versions in the response matrix of sections 3(a) and 3(b).
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2020-0026.html


∗∗∗ ICS Advisory (ICSA-20-329-02) Fuji Electric V-Server Lite ∗∗∗
---------------------------------------------
Successful exploitation of this vulnerability could allow for remote code execution on the device.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02


∗∗∗ ICS Advisory (ICSA-20-329-01) Rockwell Automation FactoryTalk Linx ∗∗∗
---------------------------------------------
Successful exploitation of these vulnerabilities could allow a denial-of-service condition, remote code execution, or leak information that could be used to bypass address space layout randomization (ASLR).
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-20-329-01


∗∗∗ MISP: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1170


∗∗∗ Red Hat Virtualization: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1169


∗∗∗ NETGEAR GS108Ev3 vulnerable to cross-site request forgery ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN27806339/


∗∗∗ Security Advisory - Command Injection Vulnerability in ManageOne Product ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201125-01-commandinjection-en


∗∗∗ Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Smartphones ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201125-01-outofboundread-en

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list