Tageszusammenfassung - 08.01.2020

End-of-Day report

Timeframe: Dienstag 07-01-2020 18:00 - Mittwoch 08-01-2020 18:00 Handler: Robert Waldner Co-Handler: Dimitri Robl

News

Project Zero: Googles Bug-Jäger wollen weniger schludrige Patches

Im laufenden Jahr wollen Googles Security-Bug-Forscher des Project Zero die Disclosure-Richtlinien ändern. Das soll betroffenen Unternehmen nicht nur Updates erleichtern, sondern vor allem die Qualität der Patches verbessern.

https://www.golem.de/news/project-zero-googles-bug-jaeger-wollen-weniger-schludrige-patches-2001-145943-rss.html

The Basics of Packed Malware: Manually Unpacking UPX Executables

In this blog post, I want to discuss what packing is, the basics of why malware developers pack their samples and how they go about doing so. Since this is an introductory post, and I myself am still learning all this stuff, we-re going to be manually unpacking a UPX-packed binary, which is one of the simplest packers out there.

https://kindredsec.com/2020/01/07/the-basics-of-packed-malware-manually-unpacking-upx-executables/

Tricky Phish Angles for Persistence, Not Passwords

The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. Anyone who takes the bait will inadvertently forward a digital token to the attackers that gives them indefinite access to the victim-s email, files and contacts - even after the victim has changed their password.

https://krebsonsecurity.com/2020/01/tricky-phish-angles-for-persistence-not-passwords/

SMS von TrackInfo zu gestopptem DHL-Paket führt in Abo-Falle

Zahlreiche LeserInnen wenden sich momentan an die Watchlist Internet, weil sie eine SMS von TrackInfo zu einem unzustellbaren Paket erhalten haben. Ein Link in der Nachricht führt auf eine gefälschte DHL-Website. Wegen zu hohen Gewichts müssten nun 2 Euro bezahlt werden. Achtung: Die Nachricht stammt von Kriminellen und soll EmpfängerInnen in eine Abo-Falle locken!

https://www.watchlist-internet.at/news/sms-von-trackinfo-zu-gestopptem-dhl-paket-fuehrt-in-abo-falle/

Vulnerabilities

Interpeak IPnet TCP/IP Stack (Update D)

This updated medical advisory is a follow-up to the advisory update titled ICSMA-19-274-01 Interpeak IPnet TCP/IP Stack (Update C) published November 5, 2019, on the ICS webpage on us-cert.gov. This updated medical advisory contains mitigations for stack-based buffer overflow, heap-based buffer overflow, integer underflow, improper restriction of operations within the bounds of a memory buffer, race condition, argument injection, and null pointer dereference vulnerabilities in the Interpeak [...]

https://www.us-cert.gov/ics/advisories/icsma-19-274-01

PMASA-2020-1

SQL injection in user accounts pageAffected VersionsphpMyAdmin 4.x versions prior to 4.9.4 are affected, at least as old as 4.0.0. phpMyAdmin 5.x version 5.0.0 is affected.CVE IDCVE-2020-5504

https://www.phpmyadmin.net/security/PMASA-2020-1/

Security updates for Wednesday

Security updates have been issued by Arch Linux (firefox), Debian (python-django and wordpress), Fedora (dovecot), Mageia (opensc, radare2, and varnish), Red Hat (rh-java-common-apache-commons-beanutils), SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, java-1_8_0-ibm, java-1_8_0-openjdk, libzypp, openssl-1_0_0, sysstat, and tomcat), and Ubuntu (clamav, linux-azure, and linux-lts-xenial, linux-aws).

https://lwn.net/Articles/808975/

Fortinet FortiSIEM 5.2.5 / 5.2.6 Hardcoded Key

https://cxsecurity.com/issue/WLB-2020010061

Cisco AnyConnect Secure Mobility Client for Android Service Hijack Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-anyconnect-hijack

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-iphone-xss

Cisco IOS and Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ios-csrf

Cisco Finesse Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-finesse-xss

Cisco Emergency Responder Stored Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-er-xss

Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-dcaf-xss

Cisco Unified Customer Voice Portal Insecure Direct Object Reference Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-cvp-direct-obj-ref

Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-cnca-xss

Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products

http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-01-rsa-en

Security Advisory - Information Leak Vulnerability in Some Huawei Product

http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-01-phone-en

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-01-smartphone-en

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-02-smartphone-en

January 6, 2020 TNS-2020-01 [R1] SimpleSAMLPHP Stand-alone Patch Available for Tenable.sc versions 5.9.x to 5.12.x

http://www.tenable.com/security/tns-2020-01-0

Tageszusammenfassung - 08.01.2020

End-of-Day report

News

Project Zero: Googles Bug-Jäger wollen weniger schludrige Patches

The Basics of Packed Malware: Manually Unpacking UPX Executables

Tricky Phish Angles for Persistence, Not Passwords

SMS von TrackInfo zu gestopptem DHL-Paket führt in Abo-Falle

Vulnerabilities

Interpeak IPnet TCP/IP Stack (Update D)

PMASA-2020-1

Security updates for Wednesday

Fortinet FortiSIEM 5.2.5 / 5.2.6 Hardcoded Key

Cisco AnyConnect Secure Mobility Client for Android Service Hijack Vulnerability

Cisco Webex Video Mesh Node Command Injection Vulnerability

Cisco Webex Centers Denial of Service Vulnerability

Cisco Vision Dynamic Signage Director Authentication Bypass Vulnerability

Cisco UCS Director Information Disclosure Vulnerability

Cisco Mobility Management Entity Denial of Service Vulnerability

Cisco Identity Services Engine Authorization Bypass Vulnerability

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability

Cisco IOS and Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability

Cisco Finesse Cross-Site Scripting Vulnerability

Cisco Emergency Responder Stored Cross-Site Scripting Vulnerability

Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability

Cisco Unified Customer Voice Portal Insecure Direct Object Reference Vulnerability

Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability

Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products

Security Advisory - Information Leak Vulnerability in Some Huawei Product

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

January 6, 2020 TNS-2020-01 [R1] SimpleSAMLPHP Stand-alone Patch Available for Tenable.sc versions 5.9.x to 5.12.x