End-of-Day report
Timeframe: Montag 14-12-2020 18:00 - Dienstag 15-12-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
SolarWinds hackers have a clever way to bypass multi-factor authentication
Hackers who hit SolarWinds compromised a think tank three separate times.
https://arstechnica.com/?p=1729836
Paypal-Betrugsmaschen - Wie Sie sich schützen können
Paypal ist einer der größten und beliebtesten Zahlungsdienste und daher im Fadenkreuz vieler Cyberkrimineller. Wie kann man sich vor deren Tricks schützen?
https://www.welivesecurity.com/deutsch/2020/12/15/betrugsmaschen-der-paypal-betrueger-wie-koennen-sie-sich-schuetzen/
Vorsicht: Gefälschte Benachrichtigungen von Paketdiensten im Umlauf
Warten Sie gerade auf ein Paket? Dann nehmen Sie sich vor gefälschten Benachrichtigungen per E-Mail oder SMS im Namen der Post, DHL oder anderen Paketdiensten in Acht! Kriminelle fälschen E-Mails bekannter Zustelldienste und behaupten darin, es müssten 1-2 Euro Zustellungs- oder Zollgebühren bezahlt werden. Wird diese Gebühr per Kreditkarte bezahlt, buchen Kriminelle Monat für Monat 50-90 Euro ab.
https://www.watchlist-internet.at/news/vorsicht-gefaelschte-benachrichtigungen-von-paketdiensten-im-umlauf/
Hospitals are leaving millions of sensitive medical images exposed online
Cybersecurity researchers discover millions of medical files and associated personal data left discoverable on the open web due to being stored insecurely.
https://www.zdnet.com/article/hospitals-are-leaving-millions-of-sensitive-medical-images-exposed-online/
Vulnerabilities
Xen Security Advisories
Xen has released 15 Security Advisories.
https://xenbits.xen.org/xsa/
URL Spoofing Vulnerability in Bitdefender SafePay (VA-8958)
An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects Bitdefender Antivirus Plus versions prior to 25.0.7.29.
https://www.bitdefender.com/support/security-advisories/url-spoofing-vulnerability-bitdefender-safepay-va-8958/
Apple security updates
Apple has released the following security updates: iOS 14.3 and iPadOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Server 5.11, tvOS 14.3, watchOS 7.2, Safari 14.0.2, iOS 12.5, watchOS 6.3
https://support.apple.com/en-us/HT201222
libarchive vulnerability CVE-2017-5601
An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive. [...] The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations.
https://support.f5.com/csp/article/K50543013
SECURITY BULLETIN: December 2020 Security Bulletin for Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2
Trend Micro has made a Critical Patch (CP) available for Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2. This CP addresses multiple vulnerabilities related to CRSF protection bypass, cross-site scripting (XSS), authorization/authentication bypass, command execution and unauthenticated command injections.
https://success.trendmicro.com/solution/000283077
Security updates for Tuesday
Security updates have been issued by Debian (libxstream-java and xen), Fedora (curl), openSUSE (curl, kernel, mariadb, and openssl-1_1), Oracle (kernel, libexif, thunderbird, and xorg-x11-server), Red Hat (curl, gd, kernel, kernel-rt, linux-firmware, net-snmp, openssl, pacemaker, python-rtslib, samba, targetcli, and xorg-x11-server), Scientific Linux (libexif, thunderbird, and xorg-x11-server), and SUSE (clamav, gdm, and kernel).
https://lwn.net/Articles/840217/
Synology-SA-20:28 File Station
A vulnerability allows remote attackers to read arbitrary files via a susceptible version of File Station.
https://www.synology.com/en-global/support/security/Synology_SA_20_28
Citrix Hypervisor Security Update
Several security issues have been identified that, collectively, may allow privileged code running in a guest VM to compromise the host or cause a denial of service.
https://support.citrix.com/article/CTX286756
WAGO Series 750-88x and 750-352 (Update A)
This updated advisory is a follow-up to the original advisory titled ICSA-20-308-01 WAGO Series 750-88x and 750-352 that was published November 3, 2020, on the ICS webpage on us-cert.gov. This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the WAGO Fieldbus Ethernet coupler.
https://us-cert.cisa.gov/ics/advisories/icsa-20-308-01
Eclipse Jetty vulnerability CVE-2019-10241
https://support.f5.com/csp/article/K01869532
HCL Domino: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes
https://www.cert-bund.de/advisoryshort/CB-K20-1237
Red Hat Enterprise Linux: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
https://www.cert-bund.de/advisoryshort/CB-K20-1238
Security Bulletin: A security vulnerability in angular.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service.
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-angular-js-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management-and-managed-service-2/
Security Bulletin: Gradle version in IBP javaenv and dind images depends on vulnerable Apache Ant
https://www.ibm.com/blogs/psirt/security-bulletin-gradle-version-in-ibp-javaenv-and-dind-images-depends-on-vulnerable-apache-ant/
Security Bulletin: A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management Managed Service.
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-go-affects-ibm-cloud-pak-for-multicloud-management-managed-service-4/
Security Bulletin: Vulnerability in nss and nspr CVE-2019-17006.
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nss-and-nspr-cve-2019-17006/
Security Bulletin: A vulnerability have been identified in jwt-go shipped with IBM Netcool Operations Insight Event Integrations Operator (CVE-2020-26160)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-have-been-identified-in-jwt-go-shipped-with-ibm-netcool-operations-insight-event-integrations-operator-cve-2020-26160/
Security Bulletin: A security vulnerability in Node.js serialize-javascript affects IBM Cloud Pak for Multicloud Management Managed Service.
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-serialize-javascript-affects-ibm-cloud-pak-for-multicloud-management-managed-service-2/
Security Bulletin: IBP javaenv and dind images
https://www.ibm.com/blogs/psirt/security-bulletin-ibp-javaenv-and-dind-images/
Security Bulletin: A security vulnerability in Node.js acorn and bootstrap-select affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service.
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-acorn-and-bootstrap-select-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management-and-managed-service-2/
Security Bulletin: A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management Managed Service.
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-go-affects-ibm-cloud-pak-for-multicloud-management-managed-service-3/
Security Bulletin: Vulnerability in libssh2 CVE-2019-17498.
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-libssh2-cve-2019-17498/
ZDI-20-1444: (0Day) Eaton EASYsoft E70 File Parsing Type Confusion Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-20-1444/
ZDI-20-1443: (0Day) Eaton EASYsoft E70 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-20-1443/
ZDI-20-1442: (0Day) Eaton EASYsoft E70 File Parsing Type Confusion Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-20-1442/
ZDI-20-1441: (0Day) Eaton EASYsoft E70 File Parsing Type Confusion Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-20-1441/
ZDI-20-1429: D-Link DAP-1860 uhttpd Authentication Bypass Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-20-1429/
ZDI-20-1428: D-Link DAP-1860 HNAP Authorization Command Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-20-1428/
ZDI-20-1427: D-Link Multiple Routers dhttpd Authentication Bypass Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-20-1427/
ZDI-20-1426: D-Link Multiple Routers dhttpd Command Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-20-1426/
ZDI-20-1438: (0Day) D-Link DCS-960L HTTP Authorization Header Stack-based Buffer Overflow Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-20-1438/
ZDI-20-1437: (0Day) D-Link DCS-960L HNAP LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-20-1437/
ZDI-20-1436: (0Day) D-Link DCS-960L HNAP Login Cookie Format String Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-20-1436/
ZDI-20-1435: (0Day) D-Link DCS-960L HNAP Cookie Format String Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-20-1435/