End-of-Day report
Timeframe: Montag 12-10-2020 18:00 - Dienstag 13-10-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Windows Update can be abused to execute malicious programs
The Windows Update client has just been added to the list of living-off-the-land binaries (LoLBins) attackers can use to execute malicious code on Windows systems.
https://www.bleepingcomputer.com/news/security/windows-update-can-be-abused-to-execute-malicious-programs/
Angreifer auf US-Regierungsnetzwerke kombinieren "Zerologon" mit weiteren Lücken
Sicherheitslücken in FortiOS und MobileIron Core & Connector werden mit Zerologon zu einer Exploit-Chain verwoben, warnen CISA und FBI.
https://heise.de/-4927692
55 Sicherheitslücken bei Apple-Diensten entdeckt
Fünf Hacker haben in einem Zeitraum von nur 3 Monaten fast 300.000 US-Dollar an Bug-Bounty-Belohnungen erhalten
https://www.welivesecurity.com/deutsch/2020/10/13/55-sicherheitsluecken-bei-apple-diensten-entdeckt/
Anatomy of Ryuk Attack: 29 Hours From Initial Email to Full Compromise
An attack involving the Ryuk ransomware required 29 hours from an email being sent to the target to full environment compromise and the encryption of systems, according to the DFIR Report, a project that provides threat intelligence from real attacks observed by its honeypots.
https://www.securityweek.com/anatomy-ryuk-attack-29-hours-initial-email-full-compromise
Study Finds 400,000 Vulnerabilities Across 2,200 Virtual Appliances
Virtual appliances, even if they are provided by major software or cybersecurity vendors, can pose a serious risk to organizations, according to a report published on Tuesday by cloud visibility firm Orca Security.
https://www.securityweek.com/study-finds-400000-vulnerabilities-across-2200-virtual-appliances
Diese Scamming-Maschen sollten Sie kennen
Scamming, ein Sammelbegriff für zahlreiche Betrugsmaschen. Aber was ist Scamming? Mit Sicherheit kamen auch Sie bereits mit dieser Betrugsmasche in Berührung oder haben zumindest bereits davon gehört! Hier erfahren Sie mehr über die gängigsten Vorschussbetrugsmaschen und wie Sie sich davor schützen!
https://www.watchlist-internet.at/news/diese-scamming-maschen-sollten-sie-kennen/
Red Team deckt IAM-Schwächen auf
Ein Red Team von Palo Alto Networks hat aufgezeigt, wie Angreifer gezielt Lücken und Fehlkonfigurationen im Identity und Access Management (IAM) in der Cloud ausnutzen, um an kritische Informationen zu gelangen.
https://www.zdnet.de/88388335/red-team-deckt-iam-schwaechen-auf/
Vulnerabilities
Security Updates Available for Adobe Flash Player (APSB20-58)
Adobe has released security updates for Adobe Flash Player (APSB20-58) for Windows, macOS, Linux and Chrome OS. These updates address a vulnerability rated Critical in Adobe Flash Player. Successful exploitation could lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user.
https://blogs.adobe.com/psirt/?p=1925
SSA-384879 (Last Update: 2020-10-13): Authentication Bypass Vulnerability in SIPORT MP
SIPORT MP version 3.2.1 fixes an authentication bypass vulnerability which could enable an attacker to impersonate other users of the system and perform administrative actions. Siemens recommends to apply the update.
https://cert-portal.siemens.com/productcert/txt/ssa-384879.txt
SSA-226339 (Last Update: 2020-10-13): Multiple Web Application Vulnerabilities in Desigo Insight
The latest hotfix for Desigo Insight fixes three vulnerabilities that have been identified in the web server, including SQL injection (CVE-2020-15792), clickjacking (CVE-2020-15793), and full path disclosure (CVE-2020-15794). Siemens recommends updating to the latest version of Desigo Insight and to apply the hotfix.
https://cert-portal.siemens.com/productcert/txt/ssa-226339.txt
Acronis Patches Privilege Escalation Flaws in Backup, Security Solutions
Acronis has released patches for its True Image, Cyber Backup, and Cyber Protect products to address vulnerabilities that could lead to elevation of privileges. The flaws could allow unprivileged Windows users to run code with SYSTEM privileges, a vulnerability note from the CERT Coordination Center (CERT/CC) reveals.
https://www.securityweek.com/acronis-patches-privilege-escalation-flaws-backup-security-solutions
SAP Patchday Oktober 2020
Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in SAP Produkten und Anwendungskomponenten ausnutzen, um die Vertraulichkeit, Verfügbarkeit und die Integrität der Anwendungen zu gefährden.
https://www.cert-bund.de/advisoryshort/CB-K20-0972
Citrix Gateway Plug-in for Windows Security Update
Vulnerabilities have been identified in Citrix Gateway Plug-in for Windows that, if exploited, could result in a local user escalating their privilege level to SYSTEM.
https://support.citrix.com/article/CTX282684
IPAS: Security Advisories for October 2020
Hi everyone, For October 2020, we are releasing just one security advisory addressing two vulnerabilities in the BlueZ open-source Bluetooth stack. Affected Linux users are encouraged to update to Linux kernel version 5.9 or later. More information can be found in INTEL-SA-00435 and at www.bluez.org.
https://blogs.intel.com/technology/2020/10/ipas-security-advisories-for-october-2020/
Remote Desktop Services Remote Code Execution Vulnerability in Rexroth Industrial PCs
BOSCH-SA-856281: Microsoft has published information [1] for several versions of Microsoft Windows XP Microsoft Windows XP embedded Microsoft Windows 7 and Microsoft Windows 7 Embedded Standard regarding a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system if the system exposes the service to the network. Rexroth Industrial PCs on these operating systems are affected by this vulnerability.
https://psirt.bosch.com/security-advisories/bosch-sa-856281.html
Webmin: Schwachstellen ermöglichen Cross-Site Scripting
https://www.cert-bund.de/advisoryshort/CB-K20-0973
BSRT-2020-003 Vulnerability in UEM Core Impacts BlackBerry UEM
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000068112
Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4557
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4557-3/
Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4698
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4698-3/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Rational Functional Tester
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affecting-rational-functional-tester-3/
Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-11/
Security Bulletin: Cross Site Scripting vulnerabilities in jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-7656, CVE-2020-11022, CVE-2020-11023
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023-2/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Rational Functional Tester
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affecting-rational-functional-tester-2/
Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-spss-statistics-6/
Security Bulletin: Vulnerability in Docker affects Cloud Pak Sytem (CVE-2020-13401)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-docker-affects-cloud-pak-sytem-cve-2020-13401/
Security Bulletin: Publicly disclosed vulnerability from Qemu affects IBM Netezza Host Management
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-qemu-affects-ibm-netezza-host-management-2/