End-of-Day report
Timeframe: Mittwoch 08-01-2020 18:00 - Donnerstag 09-01-2020 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
SNAKE Ransomware Is the Next Threat Targeting Business Networks
Since network administrators didnt already have enough on their plate, they now have to worry about a new ransomware called SNAKE that is targeting their networks and aiming to encrypt all of the devices connected to it [...]
https://www.bleepingcomputer.com/news/security/snake-ransomware-is-the-next-threat-targeting-business-networks/
A tale of a lesser known NFS privesc
There are countless online examples of privilege escalation abusing bad NFS configuration. However they all rely on the same prerequisite: that you are able to mount the share from somewhere else. ... But it just so happens that there is another, lesser known local exploit.
https://www.errno.fr/nfs_privesc
What is the Linux Auditing System (aka AuditD)?
The Linux Auditing System is a native feature to the Linux kernel that collects certain types of system activity to facilitate incident investigation. ... Our goal is to present a neutral overview of the Linux Auditing System so anyone considering implementing it in their own organization knows what to consider before embarking on their quest and what challenges may lurk ahead.
https://capsule8.com/blog/auditd-what-is-the-linux-auditing-system/
Vulnerabilities
Schnell updaten: Sicherheitslücke in Firefox wird aktiv ausgenutzt
Firefox hat mit Version 72.0.1 ein wichtiges Sicherheitsupdate herausgegeben. Geschlossen wird eine Sicherheitslücke, die bereits aktiv ausgenutzt wird. Gemeldet wurde sie von einer chinesischen Sicherheitsfirma. (Firefox, Browser)
https://www.golem.de/news/schnell-updaten-sicherheitsluecke-in-firefox-wird-aktiv-ausgenutzt-2001-145963-rss.html
What is Cable Haunt?
Cable Haunt is a critical vulnerability found in cable modems from various manufacturers across the world. ... First, access to the vulnerable endpoint is gained through a client on the local network, such as a browser. Secondly the vulnerable endpoint is hit with a buffer overflow attack, which gives the attacker control of the modem. .. list of confirmed vulnerable modems: Sagemcom F@st 3890/3986, Technicolor TC7230, Netgear C6250EMR/CG3700EMR, COMPAL 7284E/7486E
https://cablehaunt.com/
Security updates for Thursday
Security updates have been issued by Debian (firefox-esr), Fedora (firefox), Oracle (kernel), Slackware (firefox and kernel), SUSE (apache2-mod_perl, git, java-1_7_0-ibm, java-1_7_1-ibm, log4j, mariadb, and nodejs8), and Ubuntu (gnutls28, graphicsmagick, and nss).
https://lwn.net/Articles/809074/
CVE-2020-6175 - Citrix SD-WAN Security Update
An information disclosure vulnerability has been identified in the Citrix SD-WAN Appliance. This vulnerability could allow an unauthenticated attacker to perform a man-in-the-middle attack against management traffic. The vulnerability has been assigned the following CVE number. CVE-2020-6175 - Information Disclosure in Citrix SD-WAN Appliance 10.2.x before 10.2.6 and 11.0.x before 11.0.3
https://support.citrix.com/article/CTX263526
JSA10979 - 2020-01 Security Bulletin: Junos OS: A specific SNMP command can trigger a high CPU usage Denial of Service in the RPD daemon. (CVE-2020-1600)
http://kb.juniper.net/InfoCenter/index/content&id=JSA10979&actp=RSS
JSA10980 - 2020-01 Security Bulletin: Junos OS: Upon receipt of certain types of malformed PCEP packets the pccd process may crash. (CVE-2020-1601)
http://kb.juniper.net/InfoCenter/index/content&id=JSA10980&actp=RSS
JSA10982 - 2020-01 Security Bulletin: Junos OS: Improper handling of specific IPv6 packets sent by clients may cause client devices IPv6 traffic to be black holed, and eventually kernel crash (vmcore) the device. (CVE-2020-1603)
http://kb.juniper.net/InfoCenter/index/content&id=JSA10982&actp=RSS
JSA10981 - 2020-01 Security Bulletin: Junos OS and Junos OS Evolved: Multiple vulnerabilities in JDHCPD allow for OS command injection and code execution of JDHCPD.
http://kb.juniper.net/InfoCenter/index/content&id=JSA10981&actp=RSS
JSA10983 - 2020-01 Security Bulletin: Junos OS: EX4300/EX4600/QFX3500/QFX5100 Series: Stateless IP firewall filter may fail to evaluate certain packets (CVE-2020-1604)
http://kb.juniper.net/InfoCenter/index/content&id=JSA10983&actp=RSS
JSA10985 - 2020-01 Security Bulletin: Junos OS: Path traversal vulnerability in J-Web (CVE-2020-1606)
http://kb.juniper.net/InfoCenter/index/content&id=JSA10985&actp=RSS
JSA10986 - 2020-01 Security Bulletin: Junos OS: Cross-Site Scripting (XSS) in J-Web (CVE-2020-1607)
http://kb.juniper.net/InfoCenter/index/content&id=JSA10986&actp=RSS
JSA10987 - 2020-01 Security Bulletin: Junos OS: MX Series: In BBE configurations, receipt of a specific MPLS or IPv6 packet causes a Denial of Service (CVE-2020-1608)
http://kb.juniper.net/InfoCenter/index/content&id=JSA10987&actp=RSS
JSA10990 - 2020-01 Security Bulletin: SBR Carrier: Multiple Vulnerabilities in OpenSSL
http://kb.juniper.net/InfoCenter/index/content&id=JSA10990&actp=RSS
JSA10991 - 2020-01 Security Bulletin: SBR Carrier: Multiple Vulnerabilities in Net-SNMP
http://kb.juniper.net/InfoCenter/index/content&id=JSA10991&actp=RSS