End-of-Day report
Timeframe: Montag 03-02-2020 18:00 - Dienstag 04-02-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
New EmoCheck Tool Checks if Youre Infected With Emotet
A new utility has been released by Japan CERT (computer emergency response team) that allows Windows users to easily check if they are infected with the Emotet Trojan.
https://www.bleepingcomputer.com/news/security/new-emocheck-tool-checks-if-youre-infected-with-emotet/
Microsoft Office 365 Will Block Malicious Content Unless Overridden
Microsoft is currently working on new features designed to block malicious content in Office 365 regardless of the custom configurations set up by administrators or users unless manually overridden.
https://www.bleepingcomputer.com/news/security/microsoft-office-365-will-block-malicious-content-unless-overridden/
Sicherheitslücke in Twitters API: Telefonnummern abgreifbar
Durch die missbräuchliche Verwendung einer API von Twitter konnten Unbekannte Telefonnummern und Nutzernamen kombinieren und einsehen.
https://heise.de/-4652519
Zum schnellen Geld kommen? - So geht es nicht!
Vorsicht: Angebliche InvestorInnen, PhilanthropInnen oder UnternehmerInnen, die Ihnen hohe Geldbeträge versprechen, sind Kriminelle. E-Mails über angebliche Gewinne in Millionenhöhe werden massenhaft an beliebige E-Mail-Adressen versendet. Um das Geld zu erhalten, müssen Sie lediglich einen bestimmten Betrag - angeblich zur Abwicklung der Überweisung - und Ausweiskopien übermitteln. Tun Sie das, verlieren Sie nicht nur Ihr Geld, sondern auch Ihre [...]
https://www.watchlist-internet.at/news/zum-schnellen-geld-kommen-so-geht-es-nicht/
Vulnerabilities
Cisco Web Security Appliance and Cisco Content Security Management Appliance HTTP Header Injection Vulnerability
A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web servers response.The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL and receive a malicious HTTP response.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-wsa-sma-header-inject
Slow HTTP DoS Attacks Mitigation
An Uncontrolled Resource Consumption vulnerability in multiple products may allow an attacker to cause web service portal denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly. Slow HTTP attacks are denial-of-service (DoS) attacks in which the attacker sends HTTP requests in pieces slowly, one at a time to a Web server.
https://fortiguard.com/psirt/FG-IR-19-013
Vulnerability Spotlight: Denial-of-service, information leak bugs in Mini-SNMPD
Multiple vulnerabilities exist in Mini-SNMPD, a lightweight implementation of a Simple Network Management Protocol server. An attacker can exploit these bugs by providing a specially crafted SNMPD request to the user. These vulnerabilities could lead to a variety of conditions, potentially resulting in the disclosure of sensitive information and a denial-of-service condition.
https://blog.talosintelligence.com/2020/02/vuln-spotlight-mini-snmpd-feb-2020.html
Security updates for Tuesday
Security updates have been issued by Arch Linux (salt), CentOS (git), Debian (qtbase-opensource-src), Fedora (java-11-openjdk), Mageia (kernel and openjpeg2), openSUSE (mailman, python-reportlab, ucl, and upx), Oracle (git), Red Hat (container-tools:rhel8, go-toolset:rhel8, grub2, kernel, kernel-rt, php:7.2, and sudo), SUSE (crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client and python36), and Ubuntu (python-django).
https://lwn.net/Articles/811495/
Medtronic Releases Patches for Cardiac Device Flaws Disclosed in 2018, 2019
Medical device company Medtronic informed customers last week that it has released patches for some cardiac device vulnerabilities disclosed in 2018 and 2019.
https://www.securityweek.com/medtronic-releases-patches-cardiac-device-flaws-disclosed-2018-2019
Portfolio Filter Gallery < 1.1.3 - CSRF & Reflected XSS
https://wpvulndb.com/vulnerabilities/10057
Security Bulletin: A security vulnerability has been fixed in IBM Security Identity Manager (CVE-2019-4451)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-fixed-in-ibm-security-identity-manager-cve-2019-4451/
Security Bulletin: WebSphere Application Server is vulnerable to a command execution vulnerability (CVE-2020-4163)
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-command-execution-vulnerability-cve-2020-4163/
Security Bulletin: Multiple security vulnerabilities have been addressed in IBM Security Directory Server
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-addressed-in-ibm-security-directory-server/
Security Bulletin: Multiple security vulnerabilities have been identified in IBM® WebSphere Application Server Liberty shipped with IBM Security Directory Suite (CVE-2019-4305)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-liberty-shipped-with-ibm-security-directory-suite-cve-2019-4305/
Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities (CVE-2019-4674, CVE-2018-15473, CVE-2019-4675)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-manager-virtual-appliance-is-affected-by-multiple-vulnerabilities-cve-2019-4674-cve-2018-15473-cve-2019-4675/
Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server (CVE-2019-12406)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-cxf-affects-websphere-application-server-cve-2019-12406/
Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (January 2020v2)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-object-storage-systems-january-2020v2/
Android Security Bulletin Feburar 2020
http://www.cert-bund.de/advisoryshort/CB-K20-0094
Squid: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-0093