[CERT-daily] Tageszusammenfassung - 28.09.2020

Daily end-of-shift report team at cert.at
Mon Sep 28 18:11:43 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 25-09-2020 18:00 − Montag 28-09-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Some Tyler Technologies Customers Targeted with The Installation of a Bomgar Client, (Mon, Sep 28th) ∗∗∗
---------------------------------------------
One of our readers, a Tyler Technologies's customer, reported to us that he found this morning the Bomgar client[1] (BeyondTrust) installed on one of his servers. There is an ongoing discussion on Reddit with the same kind of reports[2].
---------------------------------------------
https://isc.sans.edu/diary/rss/26610


∗∗∗ Magento Credit Card Stealing Malware: gstaticapi ∗∗∗
---------------------------------------------
Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information. To obtain sensitive details, the malware loads external javascript whenever the URL contains “checkout” ⁠— this location typically belongs to the step in Magento’s checkout process where users enter their sensitive credit card information and shipping details.
---------------------------------------------
https://blog.sucuri.net/2020/09/magento-credit-card-stealing-malware-gstaticapi.html


∗∗∗ Kostenloses Entschlüsselungstool für Erpressungstrojaner ThunderX ist da ∗∗∗
---------------------------------------------
Sicherheitsforscher haben einen Fehler in der Verschlüsselung durch die Ransomware ThunderX entdeckt und bieten nun Hilfe an.
---------------------------------------------
https://heise.de/-4913470



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Jetzt patchen! AgeLocker Ransomware hat es auf Qnap NAS abgesehen ∗∗∗
---------------------------------------------
Besitzer von Netzwerkspeichern (NAS) der Firma Qnap, sollten ihr Gerät aus Sicherheitsgründen auf den aktuellen Stand bringen.
---------------------------------------------
https://heise.de/-4913513


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (curl, libdbi-perl, linux-4.19, lua5.3, mediawiki, nfdump, openssl1.0, qt4-x11, qtbase-opensource-src, ruby-gon, and yaws), Fedora (f2fs-tools, grub2, libxml2, perl-DBI, singularity, xawtv, and xen), Mageia (cifs-utils, kio-extras, libproxy, mbedtls, nodejs, novnc, and pdns), openSUSE (bcm43xx-firmware, chromium, conmon, fuse-overlayfs, libcontainers-common, podman, firefox, libqt4, libqt5-qtbase, openldap2, ovmf, pdns, rubygem-actionpack-5_1, and [...]
---------------------------------------------
https://lwn.net/Articles/832831/


∗∗∗ MediaWiki: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein lokaler Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen, einen Cross-Site Scripting Angriff durchzuführen, Daten zu manipulieren oder weitere Angriffe mit nicht spezifizierten Auswirkungen durchzuführen.
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-0923


∗∗∗ MediaWiki: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen oder Sicherheitsvorkehrungen zu umgehen.
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-0934


∗∗∗ Trend Micro Apex One: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein lokaler Angreifer kann mehrere Schwachstellen in Trend Micro Apex One ausnutzen, um seine Privilegien zu erhöhen, Code zur Ausführung zu bringen und Informationen offenzulegen.
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-0925


∗∗∗ F5 BIG-IP: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in F5 BIG-IP ausnutzen, um einen Denial of Service Angriff durchzuführen.
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-0927


∗∗∗ Security Advisory - Buffer Overflow Vulnerability BootHole in GRUB2 Secure Boot ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200923-01-grub2-en


∗∗∗ Security Bulletin: Insecure Use of InnerHTML or OuterHTML in IBM Enterprise Records ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-insecure-use-of-innerhtml-or-outerhtml-in-ibm-enterprise-records/


∗∗∗ Security Bulletin: Dynamically constructed href attribute in IBM Enterprise Records ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-dynamically-constructed-href-attribute-in-ibm-enterprise-records/


∗∗∗ Security Bulletin: Apache Commons Codec Vulnerability Affects IBM Control Center ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-codec-vulnerability-affects-ibm-control-center/


∗∗∗ Security Bulletin: Multiple Java Vulnerabilities Impact IBM Control Center ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-java-vulnerabilities-impact-ibm-control-center/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to a Node.js lodash vulnerability (CVEID: 183560) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-node-js-lodash-vulnerability-cveid-183560/


∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Private – OpenSSL (CVE-2019-1563, CVE-2019-1549, CVE-2019-1547) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-openssl-cve-2019-1563-cve-2019-1549-cve-2019-1547-2/


∗∗∗ Security Bulletin: IBM Event Streams is affected by a Node.js http-proxy and lodash module vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-a-node-js-http-proxy-and-lodash-module-vulnerabilities/


∗∗∗ Security Bulletin: IBM Event Streams is affected by a vulnerability in the Go runtime (CVE-2020-16845) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-a-vulnerability-in-the-go-runtime-cve-2020-16845/


∗∗∗ Security Bulletin: IBM Event Streams is affected by a Redis vulnerability (CVE-2020-14147) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-a-redis-vulnerability-cve-2020-14147/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to an Elasticsearch vulnerability (CVE-2019-7614) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-elasticsearch-vulnerability-cve-2019-7614/


∗∗∗ Security Bulletin: Publicly disclosed vulnerability from OpenSSH affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-openssh-affects-ibm-netezza-host-management/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to a Netty vulnerability (CVE-2020-11612) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-netty-vulnerability-cve-2020-11612/


∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Private – Logstash (CVE-2019-7620) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-logstash-cve-2019-7620/


∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.12.0 ESR + CVE-2020-15664) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.2.0 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-68-12-0-esr-cve-2020-15664-hava-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if11-icam2019-3-0-2020-2-0/


∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.12.0 ESR + CVE-2020-15659) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.2.0 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-68-12-0-esr-cve-2020-15659-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if11-icam2019-3-0-2020-2-0/


∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.12.0 ESR) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 – 2020.2.0 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-68-12-0-esr-hava-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if11-icam2019-3-0-2020-2-0/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Kibana vulnerabilities (CVE-2020-7015, CVE-2020-7013, CVE-2020-7012) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-kibana-vulnerabilities-cve-2020-7015-cve-2020-7013-cve-2020-7012/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to a Kubernetes vulnerability (CVEID: 182747) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-kubernetes-vulnerability-cveid-182747/


∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Private – Node.js (CVE-2019-15605, CVE-2019-15606) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-node-js-cve-2019-15605-cve-2019-15606-2/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list