End-of-Day report
Timeframe: Montag 13-01-2020 18:00 - Dienstag 14-01-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Windows 7 Reaches End of Life Tomorrow, What You Need to Know
Its the end of an era: Windows 7 will reach end of support tomorrow, on January 14, a decade after its initial release, with Microsoft to no longer provide users with software updates and security updates or fixes.
https://www.bleepingcomputer.com/news/microsoft/windows-7-reaches-end-of-life-tomorrow-what-you-need-to-know/
Shitrix: Das Citrix-Desaster
Eine Sicherheitslücke in Geräten der Firma Citrix zeigt in erschreckender Weise, wie schlecht es um die IT-Sicherheit in Behörden steht. Es fehlt an den absoluten Grundlagen.
https://www.golem.de/news/shitrix-das-citrix-desaster-2001-146047-rss.html
Malware Obfuscation, Encoding and Encryption
Malware is complex and meant to confuse. Many computer users think malware is just another word for -virus- when a virus is actually a type of malware. And in addition to viruses, malware includes all sorts of malicious and unwanted code, including spyware, adware, Trojans and worms. Malware has been known to shut down [...]
https://resources.infosecinstitute.com/malware-obfuscation-encoding-and-encryption/
CISA Releases Test for Citrix ADC and Gateway Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has released a utility that enables users and administrators to test whether their Citrix Application Delivery Controller (ADC) and Citrix Gateway software is susceptible to the CVE-2019-19781 vulnerability. According to Citrix Security Bulletin CTX267027, beginning on January 20, 2020, Citrix will be releasing new versions of Citrix ADC and Citrix Gateway that will patch CVE-2019-19781.
https://www.us-cert.gov/ncas/current-activity/2020/01/13/cisa-releases-test-citrix-adc-and-gateway-vulnerability
Mehrwertdienste von Drittanbietern auf Ihrer Handyrechnung sind meist Abo-Fallen
Eine Handyrechnung, die höher ausfällt als gewohnt, bedeutet meist nichts Gutes. Oftmals finden Sie Abbuchungen von Drittanbietern, Mehrwert- oder Partnerdiensten auf Ihrer Rechnung. Sie haben wahrscheinlich unwissentlich bei einem unseriösen Anbieter einen Abo-Vertrag abgeschlossen. Ihr Geld ist höchstwahrscheinlich jedoch nicht verloren: Sie können die Rechnung beim Mobilfunkanbieter beanstanden!
https://www.watchlist-internet.at/news/mehrwertdienste-von-drittanbietern-auf-ihrer-handyrechnung-sind-meist-abo-fallen/
Microsoft spots malicious npm package stealing data from UNIX systems
Malicious JavaScript package was only active on the npm repository for two weeks.
https://www.zdnet.com/article/microsoft-spots-malicious-npm-package-stealing-data-from-unix-systems/
Vulnerabilities
Security Bulletins Posted
Adobe has published security bulletins for Adobe Experience Manager (APSB20-01) and Adobe Illustrator (APSB20-03). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided -AS IS- with no warranties and confers no rights.
https://blogs.adobe.com/psirt/?p=1820
XSA-312 - arm: a CPU may speculate past the ERET instruction
Some CPUs can speculate past an ERET instruction and potentially perform speculative accesses to memory before processing the exception return. Since the register state is often controlled by lower privilege level (i.e guest kernel/userspace) at the point of the ERET, this could potentially be used as part of a side-channel attack.
https://xenbits.xen.org/xsa/advisory-312.html
Security updates for Tuesday
Security updates have been issued by Debian (wordpress and xen), Mageia (graphicsmagick, kernel, makepasswd, and unbound), openSUSE (containerd, docker, docker-runc,, dia, ffmpeg-4, libgcrypt, php7-imagick, proftpd, rubygem-excon, shibboleth-sp, tomcat, trousers, and xen), Oracle (firefox), Red Hat (kernel), Scientific Linux (firefox), SUSE (e2fsprogs, kernel, and libsolv, libzypp, zypper), and Ubuntu (libgcrypt20, libvirt, nginx, sdl-image1.2, and spamassassin).
https://lwn.net/Articles/809506/
SAP Security Patch Day - January 2020
This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape. On 14th of January 2020, SAP Security Patch Day saw the release of 6 Security Notes. There are 1 updates to previously released Patch Day [...]
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771
Siemens Security Advisories
https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications
BIG-IP engineering hotfix TMM vulnerability CVE-2020-5852
https://support.f5.com/csp/article/K53590702
BIG-IP APM Portal Access vulnerability CVE-2020-5853
https://support.f5.com/csp/article/K73183618
BIG-IP engineering hotfix Trusted Platform Module vulnerability CVE-2020-5851
https://support.f5.com/csp/article/K91171450
Critical Authentication Bypass Vulnerability in InfiniteWP Client Plugin
https://www.wordfence.com/blog/2020/01/critical-authentication-bypass-vulnerability-in-infinitewp-client-plugin/
OTRS: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-0026