Tageszusammenfassung - 08.01.2020

End-of-Day report

Timeframe: Dienstag 07-01-2020 18:00 - Mittwoch 08-01-2020 18:00 Handler: Robert Waldner Co-Handler: Dimitri Robl

News

Project Zero: Googles Bug-Jäger wollen weniger schludrige Patches

Im laufenden Jahr wollen Googles Security-Bug-Forscher des Project Zero die Disclosure-Richtlinien ändern. Das soll betroffenen Unternehmen nicht nur Updates erleichtern, sondern vor allem die Qualität der Patches verbessern.

https://www.golem.de/news/project-zero-googles-bug-jaeger-wollen-weniger-schludrige-patches-2001-145943-rss.html


The Basics of Packed Malware: Manually Unpacking UPX Executables

In this blog post, I want to discuss what packing is, the basics of why malware developers pack their samples and how they go about doing so. Since this is an introductory post, and I myself am still learning all this stuff, we-re going to be manually unpacking a UPX-packed binary, which is one of the simplest packers out there.

https://kindredsec.com/2020/01/07/the-basics-of-packed-malware-manually-unpacking-upx-executables/


Tricky Phish Angles for Persistence, Not Passwords

The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. Anyone who takes the bait will inadvertently forward a digital token to the attackers that gives them indefinite access to the victim-s email, files and contacts - even after the victim has changed their password.

https://krebsonsecurity.com/2020/01/tricky-phish-angles-for-persistence-not-passwords/


SMS von TrackInfo zu gestopptem DHL-Paket führt in Abo-Falle

Zahlreiche LeserInnen wenden sich momentan an die Watchlist Internet, weil sie eine SMS von TrackInfo zu einem unzustellbaren Paket erhalten haben. Ein Link in der Nachricht führt auf eine gefälschte DHL-Website. Wegen zu hohen Gewichts müssten nun 2 Euro bezahlt werden. Achtung: Die Nachricht stammt von Kriminellen und soll EmpfängerInnen in eine Abo-Falle locken!

https://www.watchlist-internet.at/news/sms-von-trackinfo-zu-gestopptem-dhl-paket-fuehrt-in-abo-falle/

Vulnerabilities

Interpeak IPnet TCP/IP Stack (Update D)

This updated medical advisory is a follow-up to the advisory update titled ICSMA-19-274-01 Interpeak IPnet TCP/IP Stack (Update C) published November 5, 2019, on the ICS webpage on us-cert.gov. This updated medical advisory contains mitigations for stack-based buffer overflow, heap-based buffer overflow, integer underflow, improper restriction of operations within the bounds of a memory buffer, race condition, argument injection, and null pointer dereference vulnerabilities in the Interpeak [...]

https://www.us-cert.gov/ics/advisories/icsma-19-274-01


PMASA-2020-1

SQL injection in user accounts pageAffected VersionsphpMyAdmin 4.x versions prior to 4.9.4 are affected, at least as old as 4.0.0. phpMyAdmin 5.x version 5.0.0 is affected.CVE IDCVE-2020-5504

https://www.phpmyadmin.net/security/PMASA-2020-1/


Security updates for Wednesday

Security updates have been issued by Arch Linux (firefox), Debian (python-django and wordpress), Fedora (dovecot), Mageia (opensc, radare2, and varnish), Red Hat (rh-java-common-apache-commons-beanutils), SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, java-1_8_0-ibm, java-1_8_0-openjdk, libzypp, openssl-1_0_0, sysstat, and tomcat), and Ubuntu (clamav, linux-azure, and linux-lts-xenial, linux-aws).

https://lwn.net/Articles/808975/


Fortinet FortiSIEM 5.2.5 / 5.2.6 Hardcoded Key

https://cxsecurity.com/issue/WLB-2020010061


Cisco AnyConnect Secure Mobility Client for Android Service Hijack Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-anyconnect-hijack


Cisco Webex Video Mesh Node Command Injection Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-webex-video


Cisco Webex Centers Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-webex-centers-dos


Cisco Vision Dynamic Signage Director Authentication Bypass Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-vdsd-auth-bypass


Cisco UCS Director Information Disclosure Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ucs-dir-infodis


Cisco Mobility Management Entity Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-mme-dos


Cisco Identity Services Engine Authorization Bypass Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ise-auth-bypass


Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-iphone-xss


Cisco IOS and Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ios-csrf


Cisco Finesse Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-finesse-xss


Cisco Emergency Responder Stored Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-er-xss


Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-dcaf-xss


Cisco Unified Customer Voice Portal Insecure Direct Object Reference Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-cvp-direct-obj-ref


Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-cnca-xss


Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products

http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-01-rsa-en


Security Advisory - Information Leak Vulnerability in Some Huawei Product

http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-01-phone-en


Security Advisory - Improper Authentication Vulnerability in Several Smartphones

http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-01-smartphone-en


Security Advisory - Improper Authentication Vulnerability in Several Smartphones

http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200108-02-smartphone-en


January 6, 2020 TNS-2020-01 [R1] SimpleSAMLPHP Stand-alone Patch Available for Tenable.sc versions 5.9.x to 5.12.x

http://www.tenable.com/security/tns-2020-01-0