[CERT-daily] Tageszusammenfassung - 14.10.2020
Daily end-of-shift report
team at cert.at
Wed Oct 14 18:36:36 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 13-10-2020 18:00 − Mittwoch 14-10-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Patchday: Aktuelle Updates von Microsoft beugen Angriffen aus der Ferne vor ∗∗∗
---------------------------------------------
Aktive Angriffe auf die zum Patch Tuesday beseitigten, teils kritischen Sicherheitslücken wurden bislang nicht beobachtet. Zügig updaten sollte man dennoch.
---------------------------------------------
https://heise.de/-4928145
∗∗∗ Apples Sicherheitschip T2: Exploit in Aktion gezeigt ∗∗∗
---------------------------------------------
Ein Hackerteam hat demonstriert, wie sich der aktuelle Sicherheitschip im Mac knacken lässt – mit einem simplen manipulierten USB-C-Kabel.
---------------------------------------------
https://heise.de/-4928042
∗∗∗ Vorsicht vor Phishing-Anrufen im Namen von Magenta ∗∗∗
---------------------------------------------
Immer häufiger nutzen Kriminelle das Telefon, um an persönliche Daten zu kommen. Derzeit geben sich BetrügerInnen als Magenta aus und versuchen per Anruf an das Kundenpasswort der Opfer und weitere persönliche Daten zu gelangen. Heben Sie daher bei Anrufen von der Telefonnummer 0800799742 nicht ab!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-phishing-anrufen-im-namen-von-magenta/
=====================
= Vulnerabilities =
=====================
∗∗∗ For Foxits sake: Windows and Mac users alike urged to patch PhantomPDF over use-after-free vulns ∗∗∗
---------------------------------------------
CISA points spotlight at PDF reader n creator suite Windows and Mac users running Foxits popular PhantomPDF reader should update their installations to the latest version after the US CISA cybersecurity agency warned of a handful of high-severity product vulnerabilities.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2020/10/13/foxit_phantompdf_vulns_update/
∗∗∗ October 2020 Patch Tuesday: Microsoft fixes potentially wormable Windows TCP/IP RCE flaw ∗∗∗
---------------------------------------------
On this October 2020 Patch Tuesday:
Microsoft has plugged 87 security holes, including critical ones in the Windows TCP/IP stack and Microsoft Outlook and Microsoft 365 Apps for Enterprise
Adobe has delivered security updates for Adobe Flash Player
Intel warns about flaws in BlueZ, the official Linux Bluetooth protocol stack
SAP has released 15 security notes and updates to 6 previously released ones.
---------------------------------------------
https://www.helpnetsecurity.com/2020/10/13/october-2020-patch-tuesday/
∗∗∗ SAP-Patchday: Lücke mit Höchstwertung in CA Introscope Enterprise Manager gefixt ∗∗∗
---------------------------------------------
SAP-Admins sollten die verfügbaren Sicherheitsupdates zeitnah unter die Lupe nehmen und wo nötig einspielen. Die Risikoeinstufung "High" ist mehrfach vertreten.
---------------------------------------------
https://heise.de/-4928265
∗∗∗ Vulnerability Spotlight: Information leak vulnerability in Google Chrome WebGL ∗∗∗
---------------------------------------------
Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Google Chrome web browser contains a vulnerability that could be exploited by an adversary to carry out a range of malicious actions. Chrome is one of the most popular web browsers currently available to users. Cisco Talos researchers recently discovered a bug in WebGL, which is a Chrome API responsible for displaying 3-D graphics.
---------------------------------------------
https://blog.talosintelligence.com/2020/10/vuln-spotlight-chrome-web-gl-info-leak.html
∗∗∗ SonicWall VPN Portal Critical Flaw (CVE-2020-5135) ∗∗∗
---------------------------------------------
Tripwire VERT has identified a stack-based buffer overflow in SonicWall Network Security Appliance (NSA). The flaw can be triggered by an unauthenticated HTTP request involving a custom protocol handler. The vulnerability exists within the HTTP/HTTPS service used for product management as well as SSL VPN remote access.
---------------------------------------------
https://www.tripwire.com/state-of-security/vert/sonicwall-vpn-portal-critical-flaw-cve-2020-5135/
∗∗∗ Kubernetes AWS IAM Integration Issues ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2020100083
∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-0975
∗∗∗ Trend Micro AntiVirus for Mac: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-0977
∗∗∗ Security Advisory - Denial of Service Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201014-02-dos-en
∗∗∗ Security Advisory - Buffer Overflow Vulnerability in the Bluetooth Module of Some Huawei Mobile Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201014-01-bluetooth-en
∗∗∗ Security Advisory - Privilege Escalation Vulnerability in Some Huawei Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201014-01-privilege-en
∗∗∗ Security Advisory - JavaScript Injection Vulnerability in Huawei Smartphone ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201014-01-smartphone-en
∗∗∗ Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-4/
∗∗∗ Security Bulletin: Apache Derby as used by IBM QRadar SIEM is vulnerable to Improper Input Validation (CVE-2018-1313) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-derby-as-used-by-ibm-qradar-siem-is-vulnerable-to-improper-input-validation-cve-2018-1313/
∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities/
∗∗∗ Security Bulletin: Security Vulnerabilities have been fixed in IBM Security Access Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-access-manager/
∗∗∗ Security Bulletin: Unzip as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2019-13232) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-unzip-as-used-by-ibm-qradar-siem-is-vulnerable-to-denial-of-service-cve-2019-13232/
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by an information disclosure vulnerability (CVE-2020-4528) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-information-disclosure-vulnerability-cve-2020-4528/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list