Tageszusammenfassung - 29.01.2020

End-of-Day report

Timeframe: Dienstag 28-01-2020 18:00 - Mittwoch 29-01-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter

News

Critical Flaws in Magento e-Commerce Platform Allow Code-Execution

Admins are encouraged to update their websites to stave off attacks from Magecart card-skimmers and others.

https://threatpost.com/critical-flaws-magento-ecommerce-code-execution/152343/

New Snake Ransomware Targets ICS Processes

A recently uncovered piece of file-encrypting ransomware, which some believe may be linked to Iran, has been targeting processes and files associated with industrial control systems (ICS).

https://www.securityweek.com/new-snake-ransomware-targets-ics-processes

Attacker-s Tactics and Techniques in Unsecured Docker Daemons Revealed

We found an additional 1,400 unsecured Docker hosts and outline in this research some of the common tactics and techniques we found being used by attackers in compromised Docker engines.

https://unit42.paloaltonetworks.com/attackers-tactics-and-techniques-in-unsecured-docker-daemons-revealed/

Vulnerabilities

Kritische Sicherheitslücke in OpenSMTPD erlaubt(e) Codeausführung aus der Ferne

BSD- und Linux-Server, auf denen OpenSMTPD läuft, brauchen umgehend ein Update auf Version 6.6.2p1. Es fixt eine kritische Remote-Code-Execution-Lücke.

https://heise.de/-4648501

D-LINK Router: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit den Rechten des Dienstes

Router der Firma D-LINK enthalten eine Firewall und in der Regel eine WLAN-Schnittstelle. Die Geräte sind hauptsächlich für private Anwender und Kleinunternehmen konzipiert.

https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/01/warnmeldung_tw-t20-0017.html

200K WordPress Sites Exposed to Takeoker Attacks by Plugin Bug

A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu.

https://www.bleepingcomputer.com/news/security/200k-wordpress-sites-exposed-to-takeoker-attacks-by-plugin-bug/

Apple Releases Multiple Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: tvOS 13.3.1 Safari 13.0.5 iOS 13.3.1 and iPadOS 13.3.1 macOS Catalina 10.15.3, [...]

https://www.us-cert.gov/ncas/current-activity/2020/01/28/apple-releases-multiple-security-updates

Security updates for Wednesday

Security updates have been issued by CentOS (apache-commons-beanutils, java-1.8.0-openjdk, libarchive, openjpeg2, openslp, python-reportlab, and sqlite), Debian (hiredis, otrs2, and unzip), openSUSE (apt-cacher-ng, git, samba, sarg, and storeBackup), Oracle (openjpeg2), Red Hat (libarchive, openjpeg2, sqlite, and virt:rhel), SUSE (aws-cli and python-reportlab), and Ubuntu (libgcrypt11, linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-oracle-5.0, linux-hwe, linux-hwe, linux-aws-hwe, [...]

https://lwn.net/Articles/810881/

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabiltiies in PHP.

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bladecenter-advanced-management-module-amm-is-affected-by-vulnerabiltiies-in-php/

Security Bulletin: WebSphere Application Server browser stack trace vulnerability affects IBM Control Center (CVE-2019-4441)

https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-browser-stack-trace-vulnerability-affects-ibm-control-center-cve-2019-4441/

Security Bulletin: WebSphere Application Server improper cookie setting vulnerability affects IBM Control Center (CVE-2019-4305)

https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-improper-cookie-setting-vulnerability-affects-ibm-control-center-cve-2019-4305/

Security Bulletin: Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-12402)

https://www.ibm.com/blogs/psirt/security-bulletin-websphere-denial-of-service-vulnerability-affects-ibm-control-center-cve-2019-12402/

Security Bulletin: Multiple security vulnerabilities were fixed in IBM Security Access Manager Appliance

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-were-fixed-in-ibm-security-access-manager-appliance/

Security Bulletin: Java Vulnerability Impacts IBM Control Center (CVE-2019-2989)

https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerability-impacts-ibm-control-center-cve-2019-2989/

Security Bulletin: Multiple Websphere to HTTP2 implementation vulnerabilities affect IBM Control Center

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-websphere-to-http2-implementation-vulnerabilities-affect-ibm-control-center/

Security Bulletin: IBM WebSphere Application Server - Liberty improper session validation vulnerability affects IBM Control Center (CVE-2019-4304)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-improper-session-validation-vulnerability-affects-ibm-control-center-cve-2019-4304/

Security Bulletin: Multiple security vulnerabilities were fixed in IBM Security Access Manager Appliance (CVE-2019-3861, CVE-019-3858)

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-were-fixed-in-ibm-security-access-manager-appliance-cve-2019-3861-cve-019-3858/

Security Bulletin: Vulnerability in Apache PDFBox Affects IBM Control Center (CVE-2019-0228)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-pdfbox-affects-ibm-control-center-cve-2019-0228/