End-of-Day report
Timeframe: Freitag 16-10-2020 18:00 - Montag 19-10-2020 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
News
Hackers now abuse BaseCamp for free malware hosting
Phishing campaigns have started to use Basecamp as part of malicious phishing campaigns that distribute malware or steal your login credentials.
https://www.bleepingcomputer.com/news/security/hackers-now-abuse-basecamp-for-free-malware-hosting/
Enumerate AWS API Permissions Without Logging to CloudTrail
The following is a technical writeup for a bug I found in the AWS API that allows you to enumerate certain permissions for a role without logging to CloudTrail. It affects 645 different API actions across 40 different AWS services. This would be beneficial for a Penetration Tester or a Red Teamer to enumerate what permissions the role or user they-ve compromised has access to without alerting the blue team as no logs are generated in CloudTrail.
https://frichetten.com/blog/aws-api-enum-vuln/
Secret fragments: Remote code execution on Symfony based websites
This configuration value, secret, is also used, for instance, to build CSRF tokens and remember-me tokens. Given its importance, this value must obviously be very random. Unfortunately, we discovered that oftentimes, the secret either has a default value, or there exist ways to obtain the value, bruteforce it offline, or to purely and simply bypass the security check that it is involved with. It most notably affects Bolt, eZPlatform, and eZPublish.
https://www.ambionics.io/blog/symfony-secret-fragment
Vulnerabilities
Magento, Visual Studio Code users: You need to patch!
* Microsoft has fixed CVE-2020-17023, a remote code execution vulnerability in Visual Studio Code, its free and extremely popular source-code editor that-s available for Windows, macOS and Linux.
* Microsoft has also fixed a RCE (CVE-2020-17022) in the way that Microsoft Windows Codecs Library handles objects in memory, which could be triggered by a program processing a specially crafted image file. It only affects Windows 10 users, and only if they installed the optional HEVC or -HEVC from Device Manufacturer- media codecs from Microsoft Store.
* After fixing just one Adobe Flash Player flaw on October 2020 Patch Tuesday, Adobe has followed up with security updates for several Magento Commerce and Magento Open Source versions.
https://www.helpnetsecurity.com/2020/10/19/magento-visual-studio-code-users-you-need-to-patch/
Atlassian Jira Software: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen (CVE-2020-14185)
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in der Atlassian Jira Software ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
http://www.cert-bund.de/advisoryshort/CB-K20-1002
Discord desktop app vulnerability chain triggered remote code execution attacks
Discord has patched a critical issue in the desktop version of the messaging app which left users vulnerable to remote code execution (RCE) attacks.
https://www.zdnet.com/article/discord-desktop-app-vulnerable-to-remote-code-execution-bug/
FRITZ!Box DNS Rebinding Protection Bypass
RedTeam Pentesting discovered a vulnerability in FRITZ!Box router devices which allows to resolve DNS answers that point to IP addresses in the private local network, despite the DNS rebinding protection mechanism.
https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-003/
ReQuest Serious Play F3 Media Server 7.0.3 Unauthenticated Remote Code Execution
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5602.php
ReQuest Serious Play F3 Media Server 7.0.3 Remote Denial of Service
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5601.php
ReQuest Serious Play F3 Media Server 7.0.3 Debug Log Disclosure
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5600.php
ReQuest Serious Play Media Player 3.0 Directory Traversal File Disclosure Vulnerability
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5599.php
Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-supplier-lifecycle-mgmt-4/
Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products Q3 2020
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-sdk-java-technology-edition-affects-ibm-performance-management-products-q3-2020/
Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Program Management
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-program-management-4/
Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-sourcing-4/
Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Contract Management
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-contract-management-4/
Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform-4/
Security Bulletin: IBM Security Guardium is affected by a DB2 jar vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-db2-jar-vulnerability/