[CERT-daily] Tageszusammenfassung - 11.09.2020

Fri Sep 11 18:18:32 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 10-09-2020 18:00 − Freitag 11-09-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Zoom adds two-factor authentication (2FA) support to all accounts ∗∗∗
---------------------------------------------
Zoom has announced that starting today it has added two-factor authentication (2FA) support to all user accounts to make it simpler to secure them against security breaches and identity theft.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/zoom-adds-two-factor-authentication-2fa-support-to-all-accounts/


∗∗∗ Whats in Your Clipboard? Pillaging and Protecting the Clipboard, (Fri, Sep 11th) ∗∗∗
---------------------------------------------
Recently I happened to notice that the Cisco AnyConnect VPN client clears the clipboard if you paste a password into it. (Note - if you know and can type any of your passwords in 2020, you should at least partially examine your life choices). Several password managers also do this "right thing" - retaining passwords in the clipboard is a great way for folks to accidentally paste that information into the worst [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/26556


∗∗∗ WordPress Malware Disables Security Plugins to Avoid Detection ∗∗∗
---------------------------------------------
An alarm or monitoring system is a great tool that can be used to improve the security of a home or website, but what if an attacker can easily disable it? ---------------------------------------------
https://blog.sucuri.net/2020/09/wordpress-malware-disables-security-to-avoid-detection.html


∗∗∗ Bluetooth anfällig für Angriffe auf Schlüssel – irgendwie ∗∗∗
---------------------------------------------
Das CERT/CC und die Bluetooth-Standardisierer warnen vor Blurtooth – knausern aber mit Informationen zur entdeckten Schwachstelle.
---------------------------------------------
https://heise.de/-4891764


∗∗∗ Sichere Passwörter schützen vor Verlust und Missbrauch ∗∗∗
---------------------------------------------
Sichere Passwörter schützen nicht nur private Informationen vor Fremden. Sie schützen vor allem vor finanziellem Schaden und Identitätsmissbrauch. Daher ist auf die Passwort-Sicherheit besonderen Wert zu legen.
---------------------------------------------
https://www.watchlist-internet.at/news/sichere-passwoerter-schuetzen-vor-verlust-und-missbrauch/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (python-pip), Fedora (kernel, libX11, and xen), openSUSE (go1.14), Oracle (libcroco, php:7.3, and postgresql:10), Red Hat (chromium-browser and httpd:2.4), and SUSE (gimp, golang-github-prometheus-prometheus, kernel, libxml2, pdsh, slurm_20_02, slurm, slurm_18_08, and tomcat).
---------------------------------------------
https://lwn.net/Articles/831283/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-host-on-demand-2/


∗∗∗ Security Bulletin: A vulnerability may affect IBM® SDK, Java™ Technology Edition used in Liberty for Java for IBM Cloud (CVE-2020-2590) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-may-affect-ibm-sdk-java-technology-edition-used-in-liberty-for-java-for-ibm-cloud-cve-2020-2590/


∗∗∗ Security Bulletin: IBM® Db2® on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2020-4411) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-on-aix-and-linux-affected-by-a-vulnerability-in-ibm-spectrum-scale-cve-2020-4411/


∗∗∗ Security Bulletin: IBM® SDK, Java™ Technology Edition Quarterly CPU – Jul 2020 – Includes Oracle Jul 2020 CPU plus one additional vulnerability affects Liberty for Java for IBM Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2020-includes-oracle-jul-2020-cpu-plus-one-additional-vulnerability-affects-liberty-for-java-for-ibm-cloud/


∗∗∗ Security Bulletin: IBM® Db2® on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2020-4412) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-on-aix-and-linux-affected-by-a-vulnerability-in-ibm-spectrum-scale-cve-2020-4412/


∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime related to the Kerberos component affect IBM® Db2®. (CVE-2019-2949) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-related-to-the-kerberos-component-affect-ibm-db2-cve-2019-2949/


∗∗∗ Security Bulletin: A vulnerability may affect IBM® SDK, Java™ Technology Edition used in Liberty for Java for IBM Cloud (CVE-2020-2601) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-may-affect-ibm-sdk-java-technology-edition-used-in-liberty-for-java-for-ibm-cloud-cve-2020-2601/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily