Tageszusammenfassung - 17.12.2020

End-of-Day report

Timeframe: Mittwoch 16-12-2020 18:00 - Donnerstag 17-12-2020 18:00 Handler: Robert Waldner Co-Handler: Dimitri Robl

News

Maximizing Your Defense with Windows DNS Logging

In part 3 of 5 of this blog series, learn how to improve your log collection deployment. Follow a sample Windows log scenario and receive a deployment checklist to help optimize your DNS logging.

https://www.domaintools.com/resources/blog/maximizing-your-defense-with-windows-dns-logging

IoT: Wenn Sicherheitsrisiken unter dem Weihnachtsbaum landen

Experten haben beliebte, vernetzte Gadgets auf Sicherheitslücken und Datenhunger untersucht und Erschreckendes festgestellt.

https://futurezone.at/netzpolitik/iot-wenn-sicherheitsrisiken-unterm-weihnachtsbaum-landen/401131698

DNS Logs in Public Clouds, (Wed, Dec 16th)

The current Solarwinds/Sunburst/Fireeye incident and its associated command&control (C2) traffic to avsvmcloud[.]com domains have spurred potentially affected Solarwinds customers to searching their logs and data for any presence of this C2 domain.

https://isc.sans.edu/diary/rss/26892

The NoneNone Brute Force Attacks: Even Hackers Need QA

For the last few weeks we-ve seen and blocked an increase in brute-force, credential stuffing, and dictionary attacks targeting the WordPress xmlrpc.php endpoint, on some days exceeding 150 million attacks against 1.9 million sites in a 24-hour period.

https://www.wordfence.com/blog/2020/12/the-nonenone-brute-force-attacks-even-hackers-need-qa/

Vulnerabilities

WordPress plugin with 5 million installs has a critical vulnerability

The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch. The vulnerable plugin, Contact Form 7, has over 5 million active installations making this upgrade a necessity for WordPress site owners out there.

https://www.bleepingcomputer.com/news/security/wordpress-plugin-with-5-million-installs-has-a-critical-vulnerability/

CVE-2020-25695 Privilege Escalation in Postgresql

This is my first and probably only post for the year, and covers a fun privilege escalation vulnerability I found in Postgresql. This affects all supported versions of Postgresql going back to 9.5, it is likely it affects most earlier versions as well. (Notiz: fehlerbereinigte Versionen wurden am 12. Nov. 2020 veröffentlicht.)

https://staaldraad.github.io/post/2020-12-15-cve-2020-25695-postgresql-privesc/

Security updates for Thursday

Security updates have been issued by Debian (firefox-esr, sympa, thunderbird, tomcat8, and xerces-c), Fedora (fprintd, kernel, libfprint, and synergy), Mageia (bitcoin, dpic, firefox, jasper, jupyter-notebook, sam2p, thunderbird, and x11-server), Oracle (firefox, gd, kernel, net-snmp, openssl, python-rtslib, samba, and targetcli), Red Hat (fapolicyd, openshift, Red Hat Virtualization, and web-admin-build), SUSE (xen), and Ubuntu (unzip).

https://lwn.net/Articles/840583/

Security Advisory - Resource Management Errors Vulnerability in Huawei Smartphone Product

http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201216-02-smartphone-en

Security Bulletin: A GNU glibc vulnerability affects IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)

https://www.ibm.com/blogs/psirt/security-bulletin-a-gnu-glibc-vulnerability-affects-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-cve-2020-4386-6/

Security Bulletin: Spring Framework vulnerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)

https://www.ibm.com/blogs/psirt/security-bulletin-spring-framework-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/

Security Bulletin: Apache Tomcat vulnerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)

https://www.ibm.com/blogs/psirt/security-bulletin-apache-tomcat-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2-2/

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester-2/

Security Bulletin: Java Vulnerablity affects IBM Watson Speech Services for Cloud Pak for Data 1.2

https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerablity-affects-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/

Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Manager previously known as IBM Security Privilege Manager

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-security-verify-privilege-manager-previously-known-as-ibm-security-privilege-manager-2/

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Performance Tester

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affects-rational-performance-tester/

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-service-tester-3/

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-z-tpf-5/

F5 BIG-IP: Mehrere Schwachstellen

http://www.cert-bund.de/advisoryshort/CB-K20-1245