End-of-Day report
Timeframe: Donnerstag 30-01-2020 18:00 - Freitag 31-01-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Microsoft Detects New Evil Corp Malware Attacks After Short Break
Microsoft says that an ongoing Evil Corp phishing campaign is using attachments featuring HTML redirectors for delivering malicious Excel documents, this being the first time the threat actors have been seen adopting this technique.
https://www.bleepingcomputer.com/news/security/microsoft-detects-new-evil-corp-malware-attacks-after-short-break/
Researcher Finds Over 60 Vulnerabilities in Physical Security Systems
The DHS-s Cybersecurity and Infrastructure Security Agency (CISA) recently published an advisory to warn users of Honeywell-s MAXPRO video management system (VMS) and network video recorder (NVR) products that Austria-based researcher Joachim Kerschbaumer had identified two serious vulnerabilities that could allow hackers to take control of affected systems.
https://www.securityweek.com/researcher-finds-over-60-vulnerabilities-physical-security-systems
Vulnerabilities
Security updates for Friday
Security updates have been issued by Debian (libsolv, libxmlrpc3-java, openjpeg2, qemu, and suricata), Fedora (ansible, chromium, java-latest-openjdk, links, mingw-openjpeg2, nss, openjpeg2, python-pillow, thunderbird, webkit2gtk3, and xen), Mageia (gdal, java-1.8.0-openjdk, mariadb, openjpeg2, and sqlite3), Oracle (kernel), Red Hat (rh-java-common-xmlrpc), SUSE (e2fsprogs, ImageMagick, php72, tigervnc, and wicked), and Ubuntu (keystone).
https://lwn.net/Articles/811199/
GistPress < 3.0.2 - Authenticated Stored XSS
https://wpvulndb.com/vulnerabilities/10053
Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to a denial of service attack caused by specially constructed messages. (CVE-2019-4432)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-ibm-mq-appliance-are-vulnerable-to-a-denial-of-service-attack-caused-by-specially-constructed-messages-cve-2019-4432/
Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-denial-of-service-cve-2019-4720/
Security Bulletin: Content Collector for Email is affected by a information disclosure vulnerability in WebSphere Application Server
https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-email-is-affected-by-a-information-disclosure-vulnerability-in-websphere-application-server/
Security Bulletin: Security vulnerabilities in the jackson-databind routines fixed in IBM Security Access Manager
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-the-jackson-databind-routines-fixed-in-ibm-security-access-manager-2/
Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to Intel escalation of privilege vulnerability.
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-released-unified-extensible-firmware-interface-uefi-fixes-in-response-to-intel-escalation-of-privilege-vulnerability/