Tageszusammenfassung - 16.01.2020

End-of-Day report

Timeframe: Mittwoch 15-01-2020 18:00 - Donnerstag 16-01-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter

News

Microsoft Office January Security Updates Fix Code Execution Bugs

Microsoft released the January 2019 Office security updates, bundling a total of seven security updates and three cumulative updates for five different products, six of them patching flaws allowing remote code execution.

https://www.bleepingcomputer.com/news/security/microsoft-office-january-security-updates-fix-code-execution-bugs/

PoC Exploits Published For Microsoft Crypto Bug

Two proof-of-concept exploits were publicly released for the major Microsoft crypto-spoofing vulnerability.

https://threatpost.com/poc-exploits-published-for-microsoft-crypto-bug/151931/

CVE-2020-0601 Followup, (Wed, Jan 15th)

Among the patches Microsoft released yesterday, the vulnerability in the CryptoAPI got by far the most attention. Here are some answers to questions we have received about this vulnerability. Many of these questions also came from our webcast audience (for a recording, see https://sans.org/cryptoapi-isc ) Thanks to Jake Williams for helping us with the webcast!

https://isc.sans.edu/diary/rss/25714

What do Brit biz consultants and X-rated cam stars have in common? Wide open... AWS S3 buckets on public internet

Exposed: Intimate... personal details belonging to thousands of folks A pair of misconfigured cloud-hosted file silos have left thousands of peoples sensitive info sitting on the open internet.

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/15/open_s3_buckets/

Analyzing Magecart Malware - From Zero to Hero

Javascript obfuscation is not a new trend, but it is widely used today to hide malware code in many websites. This post is for technical readers who want to understand Magecart-s common obfuscation pattern, and ways to decode it.

https://www.perimeterx.com/blog/analyzing_magecart_malware_from_zero_to_hero/

Sicherheitsupdates: Lücken in VMware-Software bedrohen Android, iOS und Windows

Es sind wichtige Sicherheitsupdates für VMware Tools und Workspace ONE SDK erschienen.

https://heise.de/-4639627

Key Cloud Security Challenges and Strategies to Overcome Them

The cloud has changed how we use and consume IT services. Where data resides along with how it is transferred, stored and processed has fundamentally changed and with-it new risk management challenges. Let-s talk about some of those challenges. First and foremost, the cat is out of the bag. We-re not going back to the [...]

https://www.tripwire.com/state-of-security/security-data-protection/cloud/key-cloud-security-challenges-strategies/

Unseriöse Angebote für die digitale Vignette

Wie jedes Jahr steht bei den meisten AutofahrerInnen mit dem Jahreswechsel der Kauf einer neuen Vignette an. Diese kann analog oder digital unter anderem bei der ASFINAG, dem ÖAMTC und dem ARBÖ erworben werden. Achtung: Auch unseriöse Angebote, bei denen das gesetzliche Widerrufsrecht unterschlagen wird und zusätzliche Kosten anfallen, sind im Internet zu finden.

https://www.watchlist-internet.at/news/unserioese-angebote-fuer-die-digitale-vignette/

Beware of this sneaky phishing technique now being used in more attacks

Security company researchers warn of a large increase in conversation-hijacking attacks. Heres what they are and how to spot them.

https://www.zdnet.com/article/beware-of-this-sneaky-phishing-technique-now-being-used-in-more-attacks/

Vulnerabilities

OSIsoft PI Vision

This advisory contains mitigations for improper access control, cross-site request forgery, cross-site scripting, and inclusion of sensitive information vulnerabilities in OSIsofts PI Vision visualization tool.

https://www.us-cert.gov/ics/advisories/icsa-20-014-06

Radix - Moderately critical - Cross site scripting - SA-CONTRIB-2020-001

Project: Radix Date: 2020-January-15 Security risk: Moderately critical 13-25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All Vulnerability: Cross site scripting Description: Radix is a base theme for Drupal, with Bootstrap 4, Sass, ES6 and BrowserSync built-in. The module doesnt sufficiently filter menu titles when used in a dropdown in the main menu. This vulnerability is mitigated by the fact that an attacker must have permission to edit a menu title used in the main menu.

https://www.drupal.org/sa-contrib-2020-001

Easily Exploitable Vulnerabilities Patched in WP Database Reset Plugin

On January 7th, our Threat Intelligence team discovered vulnerabilities in WP Database Reset, a WordPress plugin installed on over 80,000 websites. One of these flaws allowed any unauthenticated user to reset any table from the database to the initial WordPress set-up state, while the other flaw allowed any authenticated user, even those with minimal permissions, [...]

https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/

Security updates for Thursday

Security updates have been issued by Debian (debian-lan-config and phpmyadmin), openSUSE (openssl-1_1), Oracle (firefox and kernel), Red Hat (.NET Core, git, java-11-openjdk, and thunderbird), SUSE (Mesa, python3, shibboleth-sp, slurm, and tigervnc), and Ubuntu (libpcap and nginx).

https://lwn.net/Articles/809769/

HPESBGN03975 rev.1 - HPE enhanced Internet Usage Manager (eIUM), Remote Cross Site Scripting

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03975en_us