End-of-Day report
Timeframe: Freitag 18-12-2020 18:00 - Montag 21-12-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Aktuelle Welle mit Ping-Anrufen
Die Rundfunk und Telekom Regulierungs-GmbH (RTR) erhält derzeit vermehrt Meldungen zu Ping-Anrufen aus dem Ausland. Die Anrufe kommen insbesondere aus Tunesien (+216), Abchasien (+79407), der Schweiz (+41748) und Uganda (+256). Hier darf nicht zurückgerufen oder abgehoben werden, denn dies kann hohe Kosten verursachen.
https://www.watchlist-internet.at/news/aktuelle-welle-mit-ping-anrufen/
Gitpaste-12 worm botnet returns with 30+ vulnerability exploits
Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with over 30 vulnerability exploits, according to researchers at Juniper Labs.
https://www.bleepingcomputer.com/news/security/gitpaste-12-worm-botnet-returns-with-30-plus-vulnerability-exploits/
Hacker Dumps Crypto Wallet Customer Data; Active Attacks Follow
Customer data from a June attack against cryptocurrency wallet firm Ledger is now public and actively being used in attacks.
https://threatpost.com/ledger-dump-active-attacks-follow/162477/
Vulnerabilities
ZDI-20-1452: (0Day) Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
http://www.zerodayinitiative.com/advisories/ZDI-20-1452/
Security updates for Monday
Security updates have been issued by Debian (curl, influxdb, lxml, node-ini, php-pear, and postsrsd), Fedora (chromium, curl, firefox, matrix-synapse, mingw-jasper, phpldapadmin, and thunderbird), Mageia (openjpeg2), openSUSE (gcc7, openssh, PackageKit, python-urllib3, slurm_18_08, and webkit2gtk3), Oracle (fapolicydbug, firefox, nginx:1.16, nodejs:12, and thunderbird), Red Hat (libpq, openssl, and thunderbird), and SUSE (curl, firefox, openssh, ovmf, slurm_17_11, slurm_18_08, slurm_20_02, and [...]
https://lwn.net/Articles/840972/
Authentication Bypass Vulnerability Patched in Bouncy Castle Library
A high-severity authentication bypass vulnerability was recently addressed in the Bouncy Castle cryptography library. Founded in 2000, the project represents a collection of APIs used in cryptography for both Java and C#, with a strong emphasis on standards compliance and adaptability.
https://www.securityweek.com/authentication-bypass-vulnerability-patched-bouncy-castle-library
Treck TCP/IP Stack
This advisory contains mitigations for Heap-based Buffer Overflow, Out-of-bounds Read, and Out-of-bounds Write vulnerabilities in Trecks TCP/IP stack, which may also be known as Kasago TCP/IP, ELMIC, Net+ OS, Quadnet, GHNET v2, Kwiknet, or AMX.
https://us-cert.cisa.gov/ics/advisories/icsa-20-353-01
December 21, 2020 TNS-2020-11 [R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities
https://www.tenable.com/security/tns-2020-11
HCL Domino und Notes: Mehrere Schwachstellen
https://www.cert-bund.de/advisoryshort/CB-K20-1254
Red Hat OpenShift: Schwachstelle ermöglicht Denial of Service und Codeausführung
https://www.cert-bund.de/advisoryshort/CB-K20-1252
Security Bulletin: Information disclosure and Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4794
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-and-denial-of-service-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4794/
Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential logout session timeout (CVE-2020-4555)
https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-ach-services-is-affected-by-a-potential-logout-session-timeout-cve-2020-4555/
Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential logout session timeout (CVE-2020-4555)
https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-check-services-is-affected-by-a-potential-logout-session-timeout-cve-2020-4555/
Security Bulletin: IBM MQ could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. (CVE-2020-4592)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-an-authenticated-user-under-nondefault-configuration-to-cause-a-data-corruption-attack-due-to-an-error-when-using-segmented-messages-cve-2020-4592/
Security Bulletin: Vulnerability in BIND affects AIX (CVE-2020-8622)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-affects-aix-cve-2020-8622/
Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-java-runtime-affect-ibm-rational-clearquest/
Security Bulletin: IBM MQ Appliance is affected by denial of service vulnerabilities (CVE-2020-5481, CVE-2020-4580, CVE-2020-4579)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-denial-of-service-vulnerabilities-cve-2020-5481-cve-2020-4580-cve-2020-4579/
Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-middleware-software-affect-ibm-cloud-pak-for-automation-4/
Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential logout session timeout (CVE-2020-4555)
https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-corporate-payment-services-is-affected-by-a-potential-logout-session-timeout-cve-2020-4555/
Security Bulletin: Financial Transaction Manager for Corporate Payment Services v2.1.1 is affected by a potential logout session timeout (CVE-2020-4555)
https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-corporate-payment-services-v2-1-1-is-affected-by-a-potential-logout-session-timeout-cve-2020-4555/