[CERT-daily] Tageszusammenfassung - 07.09.2020
Daily end-of-shift report
team at cert.at
Mon Sep 7 18:17:18 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 04-09-2020 18:00 − Montag 07-09-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Visa warns of new Baka credit card JavaScript skimmer ∗∗∗
---------------------------------------------
Visa issued a warning regarding a new JavaScript e-commerce skimmer known as Baka that will remove itself from memory after exfiltrating stolen data and analysis.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/visa-warns-of-new-baka-credit-card-javascript-skimmer/
∗∗∗ Threema E2EE chat app to go fully open source within months ∗∗∗
---------------------------------------------
Threema follows in the footsteps of Signal and Wickr and opens its apps codebase.
---------------------------------------------
https://www.zdnet.com/article/threema-e2ee-chat-app-to-go-fully-open-source-within-months/
∗∗∗ Manipulierte Excel-Dateien in Phishing-Mails ∗∗∗
---------------------------------------------
Eine neu entdeckte Malware-Bande benutzt einen cleveren Trick, um bösartige Excel-Dateien zu erstellen, die eine höhere Chance haben, Sicherheitssysteme zu umgehen.
---------------------------------------------
https://www.zdnet.de/88382491/manipulierte-excel-dateien-in-phishing-mails/
∗∗∗ Angriffe auf WordPress-Plugin ∗∗∗
---------------------------------------------
Millionen von WordPress-Sites wurden diese Woche angegriffen, weil Hacker eine Zero-Day-Schwachstelle in "File Manager", einem beliebten WordPress-Plugin, ausnutzen.
---------------------------------------------
https://www.zdnet.de/88382493/angriffe-auf-wordpress-plug-in/
=====================
= Vulnerabilities =
=====================
∗∗∗ Linux: Keine Eile beim Schließen einer Kernel-Sicherheitslücke ∗∗∗
---------------------------------------------
Mit einem Buffer Overflow im Linux-Kernel lässt sich ein System durch lokale Nutzer zum Absturz bringen, eine Rechteausweitung ist wohl möglich.
---------------------------------------------
https://www.golem.de/news/linux-keine-eile-beim-schliessen-einer-kernel-sicherheitsluecke-2009-150712-rss.html
∗∗∗ Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster ∗∗∗
---------------------------------------------
During a routine research audit for our Sucuri Firewall, we discovered a post deletion, arbitrary posting in social networks, and arbitrary plugin settings update affecting over 100,000 users of the WordPress plugin.
---------------------------------------------
https://blog.sucuri.net/2020/09/insufficient-privilege-validation-in-nextscripts-social-networks-auto-poster.html
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ark, netty, netty-3.9, qemu, squid3, and xorg-server), Fedora (chromium), Gentoo (dovecot and gnutls), Mageia (ansible, postgresql, and python-rsa), openSUSE (curl, freerdp, libX11, php7, squid, and xorg-x11-server), Oracle (kernel), Red Hat (thunderbird), Slackware (gnutls), and SUSE (firefox, kernel, and thunderbird).
---------------------------------------------
https://lwn.net/Articles/830856/
∗∗∗ Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4698 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4698/
∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affects IMS™ Enterprise Suite: Explorer for Development (CVE-2020-14577) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-affects-ims-enterprise-suite-explorer-for-development-cve-2020-14577/
∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affecting-tivoli-netcool-omnibus-multiple-cves-2/
∗∗∗ Security Bulletin: Cross Site Scripting vulnerabilities in jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-7656, CVE-2020-11022, CVE-2020-11023 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023/
∗∗∗ Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-enterprise-content-management-system-monitor-is-affected-by-a-vulnerability-in-ibm-sdk-java-technology-edition/
∗∗∗ Security Bulletin: Cross-site scripting vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4516 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4516/
∗∗∗ Security Bulletin: IBM Aspera Shares 1.9.14 Patch Level 1 and earlier are vulnerable to DOM XSS ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-shares-1-9-14-patch-level-1-and-earlier-are-vulnerable-to-dom-xss/
∗∗∗ Security Bulletin: Java Quarterly CPU affecting Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-java-quarterly-cpu-affecting-watson-knowledge-catalog-for-ibm-cloud-pak-for-data-2/
∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0868
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list