[CERT-daily] Tageszusammenfassung - 14.09.2020

Mon Sep 14 18:15:45 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 11-09-2020 18:00 − Montag 14-09-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Zerologon übernimmt Domain-Controller ∗∗∗
---------------------------------------------
Unbemerkt von vielen hat Microsoft im August letzten Monats einen der schwerwiegendsten Fehler behoben, der dem Unternehmen jemals gemeldet wurde. Dieses Problem könnte dazu missbraucht werden, Windows-Server, die als Domänencontroller in Unternehmensnetzwerken laufen, einfach zu übernehmen.
---------------------------------------------
https://www.zdnet.de/88382688/zerologon-uebernimmt-domain-controller/


∗∗∗ Magento stores hit by largest automated hacking attack since 2015 ∗∗∗
---------------------------------------------
In the largest automated hacking campaign against Magento sites, attackers compromised almost 2,000 online stores this weekend to steal credit cards.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/magento-stores-hit-by-largest-automated-hacking-attack-since-2015/


∗∗∗ Creating patched binaries for pentesting purposes, (Sun, Sep 13th) ∗∗∗
---------------------------------------------
When doing pentestings, the establishment of backdoors is vital to be able to carry out lateral movements in the network or to reach the stage of action on objectives. This is usually accomplished by inviting someone to click on a commonly used executable on the computer using social engineering techniques.
---------------------------------------------
https://isc.sans.edu/diary/rss/26560


∗∗∗ ModSecurity, Regular Expressions and Disputed CVE-2020-15598 ∗∗∗
---------------------------------------------
This blog post will discuss that tradeoff in the context of regular expressions in ModSecurity. It will cover an issue raised by a member of the community as a security issue (assigned CVE-2020-15598), which we disputed, and some tips for how to avoid the more problematic aspects of regular expressions in ModSecurity.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-regular-expressions-and-disputed-cve-2020-15598/


∗∗∗ New BlindSide attack uses speculative execution to bypass ASLR ∗∗∗
---------------------------------------------
New BlindSide technique abuses the CPUs internal performance-boosting feature to bypass OS security protection.
---------------------------------------------
https://www.zdnet.com/article/new-blindside-attack-uses-speculative-execution-to-bypass-aslr/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Hyland OnBase Arbitrary File Upload ∗∗∗
---------------------------------------------
Hyland OnBase allows malicious attackers to directly upload arbitrary files to the OnBase server using file upload methods. The client-side sometimes restricts file types, but the server-side does not allowing attackers with direct server access to upload files of any type including malicious files designed to compromise clients that view the data. OnBase also appears to lack the proper mechanisms to verify that files are of the type claimed and instead relies on file extensions, allowing attackers to upload malicious files whose extensions do not match the actual file type. This allows a second vector for malicious file upload and attacking clients.
---------------------------------------------
https://cxsecurity.com/issue/WLB-2020090071


∗∗∗ WordPress Plugin Flaw Allows Attackers to Forge Emails ∗∗∗
---------------------------------------------
The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.
---------------------------------------------
https://threatpost.com/wordpress-plugin-flaw/159172/


∗∗∗ Sicherheitsupdates: Root-Lücke bedroht Firewalls von Palo Alto ∗∗∗
---------------------------------------------
Eine kritische Lücke im Betriebssystem PAN-OS gefährdet Firewalls aus dem Hause Palo Alto.
---------------------------------------------
https://heise.de/-4892796


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (thunderbird), Debian (libproxy, qemu, and wordpress), Fedora (ansible, chromium, community-mysql, dotnet-build-reference-packages, dotnet3.1, drupal7, grub2, java-1.8.0-openjdk-aarch32, kernel, kernel-headers, kernel-tools, mingw-gnutls, php-symfony4, python-django, and selinux-policy), Gentoo (DBI, file-roller, gnome-shell, gst-rtsp-server, nextcloud-client, php, proftpd, qtgui, and zeromq), openSUSE (gimp, libjpeg-turbo, openldap2, [...]
---------------------------------------------
https://lwn.net/Articles/831524/


∗∗∗ Vulnerabilities Expose Thousands of MobileIron Servers to Remote Attacks ∗∗∗
---------------------------------------------
Researchers have disclosed the details of several potentially serious vulnerabilities affecting MobileIron’s mobile device management (MDM) solutions, including a flaw that can be exploited by an unauthenticated attacker for remote code execution on affected servers.
---------------------------------------------
https://www.securityweek.com/vulnerabilities-expose-thousands-mobileiron-servers-remote-attacks


∗∗∗ Multiple vulnerabilities in Buffalo AirStation WHR-G54S ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN09166495/


∗∗∗ Security Bulletin: IBM Cloud Pak System is affected by a vulnerability in VMware component ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-system-is-affected-by-a-vulnerability-in-vmware-component/


∗∗∗ Security Bulletin: A vulnerability in Apache AvtiveMQ affects IBM Operations Analytics Predictive Insights (CVE-2020-1941) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-avtivemq-affects-ibm-operations-analytics-predictive-insights-cve-2020-1941/


∗∗∗ Security Bulletin: Vulnerability in libcurl affects the OS image for RedHat Enterprise Linux for IBM Cloud Pak System (CVE-2019-5436) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-libcurl-affects-the-os-image-for-redhat-enterprise-linux-for-ibm-cloud-pak-system-cve-2019-5436/


∗∗∗ Security Bulletin: Vulnerability in OpenSSL library affects OS Pattern Kit used in IBM Cloud Pak System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-library-affects-os-pattern-kit-used-in-ibm-cloud-pak-system/


∗∗∗ Security Bulletin: IBM Kenexa LMS On Premise -IBM SDK, Java Technology Edition Quarterly CPU -Jul 2020 – Includes Oracle Jul 2020 CPU plus one additional vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2020-includes-oracle-jul-2020-cpu-plus-one-additional-vulnerability/


∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – [All] jQuery (Publicly disclosed vulnerability) CVEID: 180875 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-all-jquery-publicly-disclosed-vulnerability-cveid-180875/


∗∗∗ Security Bulletin: Vulnerability in side channel in Intel CPUs affect IBM Cloud Pak System (CVE-2019-11135) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-side-channel-in-intel-cpus-affect-ibm-cloud-pak-system-cve-2019-11135/


∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – [All] jQuery (Publicly disclosed vulnerability) CVE-2020-11023, CVE-2020-11022 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-all-jquery-publicly-disclosed-vulnerability-cve-2020-11023-cve-2020-11022/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK addressed in IBM Cloud Pak System (April 2020 updates) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-addressed-in-ibm-cloud-pak-system-april-2020-updates/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily