Tageszusammenfassung - 25.11.2020

End-of-Day report

Timeframe: Dienstag 24-11-2020 18:00 - Mittwoch 25-11-2020 18:00 Handler: Stephan Richter Co-Handler: n/a

News

Light-Based Attacks Expand in the Digital Home

The team that hacked Amazon Echo and other smart speakers using a laser pointer continue to investigate why MEMS microphones respond to sound.

https://threatpost.com/light-based-attacks-digital-home/161583/

[SANS ISC] Live Patching Windows API Calls Using PowerShell

I published the following diary on isc.sans.edu: -Live Patching Windows API Calls Using PowerShell-: It-s amazing how attackers can be imaginative when it comes to protecting themselves and preventing security controls to do their job. Here is an example of a malicious PowerShell script that patches live a DLL function [...]

https://blog.rootshell.be/2020/11/25/sans-isc-live-patching-windows-api-calls-using-powershell/

IBM: Aktuelle Security-Updates sichern diverse Produkte gegen Angriffe ab

Schwachstellen von "Low" bis "High" wurden aus Netezza Host Management, aus Resilient, Spectrum Protect (Plus), TNPM Wireline und weiteren Produkten beseitigt.

https://heise.de/-4970430

Stantinko Proxy Trojan Masquerades as Apache Servers

A threat group tracked as Stantinko was observed using a new version of a Linux proxy Trojan that poses as Apache servers to remain undetected.

https://www.securityweek.com/stantinko-proxy-trojan-masquerades-apache-servers

This critical software flaw is now being used to break into networks - so update fast

A vulnerability in MobileIron mobile device management software is being used by state-backed hackers and organised crime, warns security agency.

https://www.zdnet.com/article/this-software-flaw-is-being-used-to-break-into-networks-now-so-update-fast/

Vulnerabilities

Sicherheitslücken in McAfee Endpoint Security machen Windows angreifbar

Es gibt wichtige Updates für McAfee Endpoint Security. Unter bestimmten Voraussetzungen könnten Angreifer Schadcode ausführen.

https://heise.de/-4970655

2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software

cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection on an account. The issue, tracked as "SEC-575" and discovered by researchers from Digital Defense, has been remedied by the company in versions 11.92.0.2, [...]

https://thehackernews.com/2020/11/2-factor-authentication-bypass-flaw.html

Cisco DNA Spaces Connector Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary [...]

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dna-cmd-injection-rrAYzOwc

Cisco Edge Fog Fabric Resource Exposure Vulnerability

A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-eff-incperm-9E6h4yBz

VMSA-2020-0023.3 VMware ESXi, Workstation, Fusion and NSX-T updates address multiple security vulnerabilities (CVE-2020-3981, CVE-2020-3982, CVE-2020-3992, CVE-2020-3993, CVE-2020-3994, CVE-2020-3995)

Updated security advisory to add VMware Cloud Foundation 3.x and 4.x versions in the response matrix of section 3(a).

https://www.vmware.com/security/advisories/VMSA-2020-0023.html

VMSA-2020-0026.1 VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005)

Updated security advisory to add VMware Cloud Foundation 3.x and 4.x versions in the response matrix of sections 3(a) and 3(b).

https://www.vmware.com/security/advisories/VMSA-2020-0026.html

ICS Advisory (ICSA-20-329-02) Fuji Electric V-Server Lite

Successful exploitation of this vulnerability could allow for remote code execution on the device.

https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02

ICS Advisory (ICSA-20-329-01) Rockwell Automation FactoryTalk Linx

Successful exploitation of these vulnerabilities could allow a denial-of-service condition, remote code execution, or leak information that could be used to bypass address space layout randomization (ASLR).

https://us-cert.cisa.gov/ics/advisories/icsa-20-329-01