[CERT-daily] Tageszusammenfassung - 13.10.2020

Daily end-of-shift report team at cert.at
Tue Oct 13 18:29:41 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 12-10-2020 18:00 − Dienstag 13-10-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Windows Update can be abused to execute malicious programs ∗∗∗
---------------------------------------------
The Windows Update client has just been added to the list of living-off-the-land binaries (LoLBins) attackers can use to execute malicious code on Windows systems.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/windows-update-can-be-abused-to-execute-malicious-programs/


∗∗∗ Angreifer auf US-Regierungsnetzwerke kombinieren "Zerologon" mit weiteren Lücken ∗∗∗
---------------------------------------------
Sicherheitslücken in FortiOS und MobileIron Core & Connector werden mit Zerologon zu einer Exploit-Chain verwoben, warnen CISA und FBI.
---------------------------------------------
https://heise.de/-4927692


∗∗∗ 55 Sicherheitslücken bei Apple‑Diensten entdeckt ∗∗∗
---------------------------------------------
Fünf Hacker haben in einem Zeitraum von nur 3 Monaten fast 300.000 US-Dollar an Bug-Bounty-Belohnungen erhalten
---------------------------------------------
https://www.welivesecurity.com/deutsch/2020/10/13/55-sicherheitsluecken-bei-apple-diensten-entdeckt/


∗∗∗ Anatomy of Ryuk Attack: 29 Hours From Initial Email to Full Compromise ∗∗∗
---------------------------------------------
An attack involving the Ryuk ransomware required 29 hours from an email being sent to the target to full environment compromise and the encryption of systems, according to the DFIR Report, a project that provides threat intelligence from real attacks observed by its honeypots.
---------------------------------------------
https://www.securityweek.com/anatomy-ryuk-attack-29-hours-initial-email-full-compromise


∗∗∗ Study Finds 400,000 Vulnerabilities Across 2,200 Virtual Appliances ∗∗∗
---------------------------------------------
Virtual appliances, even if they are provided by major software or cybersecurity vendors, can pose a serious risk to organizations, according to a report published on Tuesday by cloud visibility firm Orca Security.
---------------------------------------------
https://www.securityweek.com/study-finds-400000-vulnerabilities-across-2200-virtual-appliances


∗∗∗ Diese Scamming-Maschen sollten Sie kennen ∗∗∗
---------------------------------------------
Scamming, ein Sammelbegriff für zahlreiche Betrugsmaschen. Aber was ist Scamming? Mit Sicherheit kamen auch Sie bereits mit dieser Betrugsmasche in Berührung oder haben zumindest bereits davon gehört! Hier erfahren Sie mehr über die gängigsten Vorschussbetrugsmaschen und wie Sie sich davor schützen!
---------------------------------------------
https://www.watchlist-internet.at/news/diese-scamming-maschen-sollten-sie-kennen/


∗∗∗ Red Team deckt IAM-Schwächen auf ∗∗∗
---------------------------------------------
Ein Red Team von Palo Alto Networks hat aufgezeigt, wie Angreifer gezielt Lücken und Fehlkonfigurationen im Identity und Access Management (IAM) in der Cloud ausnutzen, um an kritische Informationen zu gelangen.
---------------------------------------------
https://www.zdnet.de/88388335/red-team-deckt-iam-schwaechen-auf/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Updates Available for Adobe Flash Player (APSB20-58) ∗∗∗
---------------------------------------------
Adobe has released security updates for Adobe Flash Player (APSB20-58) for Windows, macOS, Linux and Chrome OS. These updates address a vulnerability rated Critical in Adobe Flash Player. Successful exploitation could lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1925


∗∗∗ SSA-384879 (Last Update: 2020-10-13): Authentication Bypass Vulnerability in SIPORT MP ∗∗∗
---------------------------------------------
SIPORT MP version 3.2.1 fixes an authentication bypass vulnerability which could enable an attacker to impersonate other users of the system and perform administrative actions. Siemens recommends to apply the update.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-384879.txt


∗∗∗ SSA-226339 (Last Update: 2020-10-13): Multiple Web Application Vulnerabilities in Desigo Insight ∗∗∗
---------------------------------------------
The latest hotfix for Desigo Insight fixes three vulnerabilities that have been identified in the web server, including SQL injection (CVE-2020-15792), clickjacking (CVE-2020-15793), and full path disclosure (CVE-2020-15794). Siemens recommends updating to the latest version of Desigo Insight and to apply the hotfix.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-226339.txt


∗∗∗ Acronis Patches Privilege Escalation Flaws in Backup, Security Solutions ∗∗∗
---------------------------------------------
Acronis has released patches for its True Image, Cyber Backup, and Cyber Protect products to address vulnerabilities that could lead to elevation of privileges. The flaws could allow unprivileged Windows users to run code with SYSTEM privileges, a vulnerability note from the CERT Coordination Center (CERT/CC) reveals.
---------------------------------------------
https://www.securityweek.com/acronis-patches-privilege-escalation-flaws-backup-security-solutions


∗∗∗ SAP Patchday Oktober 2020 ∗∗∗
---------------------------------------------
Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in SAP Produkten und Anwendungskomponenten ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität der Anwendungen zu gefährden.
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-0972


∗∗∗ Citrix Gateway Plug-in for Windows Security Update ∗∗∗
---------------------------------------------
Vulnerabilities have been identified in Citrix Gateway Plug-in for Windows that, if exploited, could result in a local user escalating their privilege level to SYSTEM.
---------------------------------------------
https://support.citrix.com/article/CTX282684


∗∗∗ IPAS: Security Advisories for October 2020 ∗∗∗
---------------------------------------------
Hi everyone, For October 2020, we are releasing just one security advisory addressing two vulnerabilities in the BlueZ open-source Bluetooth stack. Affected Linux users are encouraged to update to Linux kernel version 5.9 or later. More information can be found in INTEL-SA-00435 and at www.bluez.org.
---------------------------------------------
https://blogs.intel.com/technology/2020/10/ipas-security-advisories-for-october-2020/


∗∗∗ Remote Desktop Services Remote Code Execution Vulnerability in Rexroth Industrial PCs ∗∗∗
---------------------------------------------
BOSCH-SA-856281: Microsoft has published information [1] for several versions of Microsoft Windows XP Microsoft Windows XP embedded Microsoft Windows 7 and Microsoft Windows 7 Embedded Standard regarding a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system if the system exposes the service to the network. Rexroth Industrial PCs on these operating systems are affected by this vulnerability.
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-856281.html


∗∗∗ Webmin: Schwachstellen ermöglichen Cross-Site Scripting ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-0973


∗∗∗ BSRT-2020-003 Vulnerability in UEM Core Impacts BlackBerry UEM ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000068112


∗∗∗ Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4557 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4557-3/


∗∗∗ Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4698 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4698-3/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Rational Functional Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affecting-rational-functional-tester-3/


∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-11/


∗∗∗ Security Bulletin: Cross Site Scripting vulnerabilities in jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-7656, CVE-2020-11022, CVE-2020-11023 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Rational Functional Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affecting-rational-functional-tester-2/


∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-spss-statistics-6/


∗∗∗ Security Bulletin: Vulnerability in Docker affects Cloud Pak Sytem (CVE-2020-13401) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-docker-affects-cloud-pak-sytem-cve-2020-13401/


∗∗∗ Security Bulletin: Publicly disclosed vulnerability from Qemu affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-qemu-affects-ibm-netezza-host-management-2/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list