[CERT-daily] Tageszusammenfassung - 15.09.2020

Tue Sep 15 18:36:18 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 14-09-2020 18:00 − Dienstag 15-09-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Windows 10 'Finger' command can be abused to download or steal files ∗∗∗
---------------------------------------------
The list of native executables in Windows that can download or run malicious code keeps growing as another one has been reported recently.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/windows-10-finger-command-can-be-abused-to-download-or-steal-files/


∗∗∗ Sicherheitslücke: Mit acht Nullen zum Active-Directory-Admin ∗∗∗
---------------------------------------------
Die Sicherheitslücke Zerologon nutzt einen Fehler in Netlogon aus und involviert die Zahl Null auf kreative Weise - um Passwörter zu ändern.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-mit-acht-nullen-zum-active-directory-admin-2009-150869-rss.html


∗∗∗ Erfolgreiche Angriffskampagne trifft Online-Shops auf Basis von Magento 1 ∗∗∗
---------------------------------------------
Der Support für Version 1.x der Onlineshop-Software Magento endete im Juni 2020. Eine aktuelle "Magecart"-Angriffskampagne zielt nun auf veraltete Shops.
---------------------------------------------
https://heise.de/-4894269


∗∗∗ Shitrix-Nachwehen: Citrix-Systeme mit unbemerkten Backdoors ∗∗∗
---------------------------------------------
Auf Citrix ADC und Netscaler Gateways sind offenbar über die Shitrix-Lücke Anfang des Jahres Backdoors installiert worden, durch die Ransomware gelangen kann.
---------------------------------------------
https://heise.de/-4901590


∗∗∗ Erpressungs-E-Mails: Kriminelle hätten Beweise, dass Sie fremdgehen ∗∗∗
---------------------------------------------
Werden Sie per E-Mail erpresst? Behauptet der Erpresser, einen Virus auf Ihrem Smartphone installiert zu haben, der Ihre Aktivitäten überwacht? Hat er angeblich Beweismaterial, dass Sie beim Fremdgehen zeigt? Fordert man für Stillschweigen die Überweisung von Bitcoins? Dann: Machen Sie sich keine Sorgen! Es handelt sich um ein betrügerisches E-Mail, das aktuell massenhaft versendet wird!
---------------------------------------------
https://www.watchlist-internet.at/news/erpressungs-e-mails-kriminelle-haetten-beweise-dass-sie-fremdgehen/


∗∗∗ Network Attack Trends: Attackers Leveraging High Severity and Critical Exploits ∗∗∗
---------------------------------------------
We captured global network traffic from firewalls around the world and then analyzed the data to examine the latest network attack trends.
---------------------------------------------
https://unit42.paloaltonetworks.com/network-attack-trends/


∗∗∗ MITRE releases emulation plan for FIN6 hacking group, more to follow ∗∗∗
---------------------------------------------
New MITRE project to provide free emulation plans that mimic major threat actors in order to train and help defenders.
---------------------------------------------
https://www.zdnet.com/article/mitre-releases-emulation-plan-for-fin6-hacking-group-more-to-follow/


∗∗∗ Hackers are getting more hands-on with their attacks. Thats not a good sign ∗∗∗
---------------------------------------------
Both nation-state backed hackers and cyber criminals asking trying to take advantage of the rise in remote working, and getting more sophisticated in their approach.
---------------------------------------------
https://www.zdnet.com/article/hackers-are-getting-more-hands-on-with-their-attacks-thats-not-a-good-sign/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ MFA Bypass Bugs Opened Microsoft 365 to Attack ∗∗∗
---------------------------------------------
Vulnerabilities 'that have existed for years' in WS-Trust could be exploited to attack other services such as Azure and Visual Studio.
---------------------------------------------
https://threatpost.com/flaws-in-microsoft-365s-mfa-access-cloud-apps/159240/


∗∗∗ VMware VMSA-2020-0020 (Sep 14) ∗∗∗
---------------------------------------------
VMware Workstation, Fusion and Horizon Client updates address multiple security vulnerabilities (CVE-2020-3980, CVE-2020-3986, CVE-2020-3987, CVE-2020-3988, CVE-2020-3989, CVE-2020-3990)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2020-0020.html


∗∗∗ Notfallpatch für Adobe Media Encoder verfügbar ∗∗∗
---------------------------------------------
Angreifer könnten Media Encoder von Adobe attackieren und Informationen leaken.
---------------------------------------------
https://heise.de/-4901833


∗∗∗ Vulnerability Spotlight: Memory corruption in Google PDFium ∗∗∗
---------------------------------------------
Google Chromes PDFium feature could be exploited by an adversary to corrupt memory and potentially execute remote code. Chrome is a popular, free web browser available on all operating systems. PDFium allows users to open PDFs inside Chrome. We recently discovered a bug that would allow an adversary to send a malicious web page to a user, and then cause out-of-bounds memory access.
---------------------------------------------
https://blog.talosintelligence.com/2020/09/vuln-spotlight-google-pdfium-sept-2020.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (dovecot), Debian (gnome-shell and teeworlds), Mageia (libetpan and zeromq), openSUSE (libxml2), Red Hat (chromium-browser and librepo), SUSE (compat-openssl098, firefox, kernel, openssl, and shim), and Ubuntu (gupnp).
---------------------------------------------
https://lwn.net/Articles/831592/


∗∗∗ Synology-SA-20:20 Photo Station ∗∗∗
---------------------------------------------
Multiple vulnerabilities allow remote attackers to execute arbitrary code via a susceptible version of Photo Station.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_20_20


∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to Java Deserialization (CVE-2020-4521) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-java-deserialization-cve-2020-4521/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Missing Security Control vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-missing-security-control-vulnerability-2/


∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to SQL Injection (CVE-2019-4671) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-sql-injection-cve-2019-4671/


∗∗∗ Security Bulletin: Docker vulnerability affects IBM Spectrum Protect Plus (CVE-2020-13401) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-docker-vulnerability-affects-ibm-spectrum-protect-plus-cve-2020-13401/


∗∗∗ Security Bulletin: Linux Kernel vulnerability affects IBM Spectrum Protect Plus (187206) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-linux-kernel-vulnerability-affects-ibm-spectrum-protect-plus-187206/


∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site request forgery (CVE-2020-4526) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-cross-site-request-forgery-cve-2020-4526/


∗∗∗ Security Bulletin: Directory Traversal and Execution of Arbitrary Code vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4711, CVE-2020-4703) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-directory-traversal-and-execution-of-arbitrary-code-vulnerabilities-in-ibm-spectrum-protect-plus-cve-2020-4711-cve-2020-4703/


∗∗∗ Security Bulletin: Cacheable HTTPS Response vulnerability in IBM Tivoli Business Service Manager (CVE-2020-4344) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cacheable-https-response-vulnerability-in-ibm-tivoli-business-service-manager-cve-2020-4344/


∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Business Service Manager (CVE-2020-14577) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-tivoli-business-service-manager-cve-2020-14577/


∗∗∗ Security Bulletin: Improper DLL loading vulnerability affecting Aspera Connect 3.9.9 and earlier ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-improper-dll-loading-vulnerability-affecting-aspera-connect-3-9-9-and-earlier-3/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily