[CERT-daily] Tageszusammenfassung - 29.10.2020

Thu Oct 29 19:22:59 CET 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 28-10-2020 18:00 − Donnerstag 29-10-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB20-67) ∗∗∗
---------------------------------------------
A prenotification security advisory (APSB20-67) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, November 03, 2020. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well as the Adobe PSIRT Blog. This posting is provided “AS IS” with no warranties and [...]
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1936


∗∗∗ CPU: ME-Hacker knacken Intel-Microcode-Updates ∗∗∗
---------------------------------------------
Sicherheitsforscher können die Microcode-Updates für Intel-CPUs entschlüsseln und untersuchen. Eine Übernahme ist damit noch nicht möglich.
---------------------------------------------
https://www.golem.de/news/cpu-me-hacker-knacken-intel-microcode-updates-2010-151797-rss.html


∗∗∗ 5 Places Where You’d Never Expect to Get Hacked ∗∗∗
---------------------------------------------
For every gleaming new IoT device that hits the market, a hacker somewhere is figuring out how to compromise it. Today, even routine activities can land you in the sights of a bad actor.
---------------------------------------------
https://blog.sucuri.net/2020/10/5-places-where-youd-never-expect-to-get-hacked.html


∗∗∗ Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser ∗∗∗
---------------------------------------------
Throughout 2020, ransomware activity has become increasingly prolific, relying on an ecosystem of distinct but co-enabling operations to gain access to targets of interest before conducting extortion. Mandiant Threat Intelligence has tracked several loader and backdoor campaigns that lead to the post-compromise deployment of ransomware, sometimes within 24 hours of initial compromise. Effective and fast detection of these campaigns is key to mitigating this threat.
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html


∗∗∗ Jetzt patchen! Angreifer scannen nach verwundbaren Oracle-WebLogic-Servern ∗∗∗
---------------------------------------------
Admins sollten ihre WebLogic-Server aus Sicherheitsgründen auf den aktuellen Stand bringen.
---------------------------------------------
https://heise.de/-4942360


∗∗∗ Erpressungstrojaner: Maze hört wohl auf, REvil macht 100 Millionen US-Dollar ∗∗∗
---------------------------------------------
Ransomware ist nach wie vor der Star der Malware-Szene. Die Drahtzieher bauen ihr "Geschäftsmodell" stetig aus und ernten damit Umsätze in Millionenhöhe.
---------------------------------------------
https://heise.de/-4942549


∗∗∗ ESET Threat Report für das 3. Quartal 2020 ∗∗∗
---------------------------------------------
Die Bedrohungslage im zweiten Quartal 2020 aus Sicht der ESET-Telemetrie und der ESET-Sicherheitsforscher.
---------------------------------------------
https://www.welivesecurity.com/deutsch/2020/10/28/eset-threat-report-fuer-das-3-quartal-2020/


∗∗∗ Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee ∗∗∗
---------------------------------------------
Domain parking might appear harmless at first glance, but parked domains can redirect visitors to unwanted landing pages or turn entirely malicious.
---------------------------------------------
https://unit42.paloaltonetworks.com/domain-parking/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Code vulnerabilities put health records at risk ∗∗∗
---------------------------------------------
OpenEMR is the most popular open source software for electronic health record and medical practice management. It is used world-wide to manage sensitive patient data, including information about medications, laboratory values, and diseases. [...] During our security research of popular web applications, we discovered several code vulnerabilities in OpenEMR 5.0.2.1. A combination of these vulnerabilities allowed remote attackers to execute arbitrary system commands on any OpenEMR server that [...]
---------------------------------------------
https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability


∗∗∗ Samba: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Samba ausnutzen, um Informationen offenzulegen oder einen Denial of Service zu verursachen.
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1051


∗∗∗ F5 BIG-IP: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in F5 BIG-IP ausnutzen, um einen Denial of Service Angriff durchzuführen, Informationen offenzulegen oder einen Cross Site Scripting Angriff durchzuführen.
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1052


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (linux-4.19), Fedora (tcpreplay, xen, and yubihsm-shell), SUSE (pacemaker), and Ubuntu (gosa and pam-python).
---------------------------------------------
https://lwn.net/Articles/835552/


∗∗∗ Security Bulletin: IBM Security Directory Suite is affected by security vulnerability(CVE-2018-4441) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-directory-suite-is-affected-by-security-vulnerabilitycve-2018-4441/


∗∗∗ Security Bulletin: Multiple security vulnerabilities have been identified in IBM® Java SDK that affect IBM Security Directory Suite – October 2019 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-java-sdk-that-affect-ibm-security-directory-suite-october-2019-cpu/


∗∗∗ Security Bulletin: IBM i2 Analyst's Notebook Memory Corruption Vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analysts-notebook-memory-corruption-vulnerabilities/


∗∗∗ Security Bulletin: IBM Resilient OnPrem could allow an attacker on a restricted internal network to provide the server with a spoofed source IP address. (CVE-2020-4864) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-onprem-could-allow-an-attacker-on-a-restricted-internal-network-to-provide-the-server-with-a-spoofed-source-ip-address-cve-2020-4864/


∗∗∗ Security Bulletin: Embedded WebSphere Application Server is vulnerable to an information disclosure vulnerability affects Content Collector for Email ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-application-server-is-vulnerable-to-an-information-disclosure-vulnerability-affects-content-collector-for-email-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-13/


∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data – Golang (CVE-2020-16845) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-golang-cve-2020-16845/


∗∗∗ Security Bulletin: Embedded WebSphere Application Server is vulnerable to an information disclosure vulnerability affects Content Collector for Email ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-application-server-is-vulnerable-to-an-information-disclosure-vulnerability-affects-content-collector-for-email/


∗∗∗ Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-struts-publicly-disclosed-vulnerability-affects-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-col-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-12/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily