Tageszusammenfassung - 08.10.2020

End-of-Day report

Timeframe: Mittwoch 07-10-2020 18:00 - Donnerstag 08-10-2020 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner

News

SiteCheck Malware Report: September Summary

In September alone, a total of 17,138,086 website scans were performed using SiteCheck. Of those scans, 178,299 infected sites were detected.

https://blog.sucuri.net/2020/10/sitecheck-malware-report-september-summary.html


Researchers Find Vulnerabilities in Microsoft Azure Cloud Service

Now according to the latest research, two security flaws in Microsoft's Azure App Services could have enabled a bad actor to carry out server-side request forgery (SSRF) attacks or execute arbitrary code and take over the administration server. ... Discovered by Paul Litvak of Intezer Labs, the flaws were reported to Microsoft in June, after which the company subsequently addressed them.

https://thehackernews.com/2020/10/microsoft-azure-vulnerability.html


Vulnerabilities

QNAP NAS: Neue Version der Helpdesk-App beseitigt zwei kritische Lücken

Die Helpdesk-App für Netzwerkspeicher von QNAP wies zwei Sicherheitslücken auf, über die Angreifer die Kontrolle über die Geräte hätten erlangen können.

https://heise.de/-4923916


Multiple Cross-Site Scripting Vulnerabilities in Confluence Marketplace Plugins

Multiple Confluence Plugins from different vendors are affected by stored cross-site scripting vulnerabilities which allow attackers to inject malicious JavaScript code into Confluence pages. PlantUML, Refined Toolkit for Confluence, Linking for Confluence, Countdown Timer, Server Status Business recommendation: Update to the latest versions of the plugins.

https://sec-consult.com/./en/blog/advisories/multiple-cross-site-scripting-vulnerabilities-in-confluence-marketplace-plugins/


Vulnerability Exposes Over 4 Million Sites Using WPBakery

On July 27th, our Threat Intelligence team discovered a vulnerability in WPBakery, a WordPress plugin installed on over 4.3 million sites. This flaw made it possible for authenticated attackers with contributor-level or above permissions to inject malicious JavaScript in posts. [...] a final sufficient patch was released on September 24, 2020. We highly recommend updating to the latest version, 6.4.1 as of today, immediately.

https://www.wordfence.com/blog/2020/10/vulnerability-exposes-over-4-million-sites-using-wpbakery/


IBM Security Bulletins

IBM hat eine Reihe von Security Bulletins veröffentlicht: * https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-node-js-cve-2020-8172-cve-2020-8174-cve-2020-11080/ * https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-oracle-mysql-vulnerabilities-4/ * https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-17/

https://www.ibm.com/blogs/psirt/


Sicherheitsupdates: Angreifer könnten Videoüberwachung von Cisco deaktivieren

Der Netzwerkausrüster Cisco hat wichtige Patches für unter anderem Überwachungskameras und die Online-Meeting-Software Webex veröffentlicht. Liste nach Bedrohungsgrad absteigend sortiert: * Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service * Webex Teams Client for Windows DLL Hijacking * Identity Services Engine Authorization Bypass * Industrial Network Director Denial of Service * Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak * Vision Dynamic Signage Director Missing Authentication * SD-WAN vManage Cross-Site Scripting * StarOS Privilege Escalation * Expressway Series and TelePresence Video Communication Server Denial of Service * Email Security Appliance URL Filtering Bypass * Nexus Data Broker Software Path Traversal * Firepower Management Center Cross-Site Scripting * Identity Services Engine Cross-Site Scripting * StarOS Privilege Escalation

https://heise.de/-4924026