Tageszusammenfassung - 27.01.2020

End-of-Day report

Timeframe: Freitag 24-01-2020 18:00 - Montag 27-01-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter


DIVD-2020-00002 - Wildcard certificates Citrix ADC

Our analysis of the scan data collected on the night of January 9 to 10 shows that of the more than 700 vulnerable Citrix servers identified in the Netherlands, over 450 used wildcard certificates. [...] Recommendation: Revoke and replace certificates (preferably for non-wildcard versions) unless you can reliable determine that the Citrix system wasn't compromised.


Mitsubishi-Hack: Sicherheitslücke in Anti-Viren-Software als Einfallstor

Es gibt neue Details über die Hacker-Attacke auf Mitsubishi Electric. Mittlerweile ist die Sicherheitslücke bekannt und was die Angreifer kopiert haben.


Potenziell schädlich: Mozilla löscht 197 Add-ons für Firefox

Mozilla hat insgesamt 197 Add-ons für Firefox gelöscht, die potenziell schädlich waren. Die meisten stammten vom selben Anbieter.


New Ryuk Info Stealer Targets Government and Military Secrets

A new version of the Ryuk Stealer malware has been enhanced to allow it to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data.


Does Your Domain Have a Registry Lock?

If youre running a business online, few things can be as disruptive or destructive to your brand as someone stealing your companys domain name and doing whatever they wish with it. Even so, most major Web site owners arent taking full advantage of the security tools available to protect their domains from being hijacked. Heres the story of one recent victim who was doing almost everything possible to avoid such a situation and still had a key domain stolen by scammers.


PoC Exploits Created for Recently Patched BlueGate Windows Server Flaws

Proof-of-concept (PoC) exploits have been released for two recently patched Remote Desktop Gateway vulnerabilities that can be exploited for remote code execution.



Security updates for Monday

Security updates have been issued by Debian (jsoup and slirp), Fedora (community-mysql, elog, fontforge, libuv, libvpx, mingw-podofo, nodejs, opensc, podofo, thunderbird-enigmail, transfig, and xfig), openSUSE (arc, libssh, and libvpx), Red Hat (git, java-1.8.0-openjdk, java-11-openjdk, python-reportlab, and sqlite), Slackware (thunderbird), and SUSE (java-1_8_0-openjdk, python, and samba).


Fortinet removes SSH and database backdoors from its SIEM product

Patches have been released for CVE-2019-17659 and CVE-2019-16153.


Linux kernel vulnerability CVE-2019-19069


WPS Hide Login < 1.5.5 - Secret Login Page Disclosure


Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2019-4638)


Security Bulletin: IBM Watson IoT MessageGateway Server is affected by a buffer overflow vulnerability (CVE-2020-4207)


Security Bulletin: Vulnerability in IBM Websphere Application Server Liberty used by IBM Cloud Pak System (CVE-2019-12402)


Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2019-4639)


Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2019-4632)


Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Secret Server


Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2019-4637)


Security Bulletin: IBM MQ is vulnerable to a denial of service attack caused by converting an invalid message. (CVE-2019-4614)


Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2019-4635)


Security Bulletin: Overly Permissive CORS Policy vulnerability found on IBM Security Secret Server (CVE-2019-4633)
