End-of-Day report
Timeframe: Mittwoch 05-02-2020 18:00 - Donnerstag 06-02-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Philips Hue: Kritische Sicherheitslücke in smarten Lampen
Hacker können mit einer Antenne das Netzwerk der User und damit verbundene Computer übernehmen.
https://futurezone.at/produkte/philips-hue-kritische-sicherheitsluecke-in-smarten-lampen/400747308
Fake browser update pages are "still a thing", (Wed, Feb 5th)
SocGholish is a term I first saw in signatures from the EmergingThreats Pro ruleset to describe fake browser update pages used to distribute malware like a NetSupport RAT-based malware package or Chthonic banking malware. Although this activity has continued into 2020, I hadn't run across an example until this week.
https://isc.sans.edu/diary/rss/25774
This crafty malware makes you retype your passwords so it can steal them
Metamorfo banking trojan has expanded its campaign to target online users banking services.
https://www.zdnet.com/article/this-crafty-malware-makes-you-retype-your-passwords-so-it-can-steal-them/
Vulnerabilities
Upcoming Security Updates for Adobe Acrobat and Reader (APSB20-05)
A prenotification security advisory (APSB20-05) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, February 11, 2020. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well as the Adobe PSIRT Blog.
https://blogs.adobe.com/psirt/?p=1828
Views Bulk Operations (VBO) - Moderately critical - Access bypass - SA-CONTRIB-2020-003
Project: Views Bulk Operations (VBO)Date: 2020-February-05Security risk: Moderately critical 12-25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Access bypassDescription: Views Bulk Operations provides enhancements to running bulk actions on views.The module contains an access bypass vulnerability that might allow users to execute views actions that they should not have access to.
https://www.drupal.org/sa-contrib-2020-003
Hintertür in vielen Überwachungskameras mit HiSilicon-Chips
Die Firmware zahlreicher IP-Kameras mit Systems-on-Chip (SoCs) der Huawei-Sparte HiSilicon erlaubt Root-Zugriff via telnet.
https://heise.de/-4654525
Security updates for Thursday
Security updates have been issued by CentOS (kernel-rt, qemu-kvm, spamassassin, and Xorg), Debian (ruby-rack-cors), Fedora (glibc), openSUSE (ImageMagick), Oracle (ipa, kernel, and qemu-kvm), SUSE (systemd), and Ubuntu (exiv2, mbedtls, and systemd).
https://lwn.net/Articles/811678/
Auth0 < 3.11.3 - Unauthenticated Reflected XSS via wle Parameter
https://wpvulndb.com/vulnerabilities/10059
Ultimate Membership Pro < 8.6.1 - Multiple Critical Vulnerabilities
https://wpvulndb.com/vulnerabilities/10061
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM WIoTP MessageGateway (CVE-2020-2604, CVE-2020-2659)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-wiotp-messagegateway-cve-2020-2604-cve-2020-2659/
Security Bulletin: Windows installers of IBM Cloud CLI prior to 0.16.2 are signed using SHA1 certificate
https://www.ibm.com/blogs/psirt/security-bulletin-windows-installers-of-ibm-cloud-cli-prior-to-0-16-2-are-signed-using-sha1-certificate/
Security Bulletin: Vulnerability of Embedded CF CLI In IBM Cloud CLI
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-of-embedded-cf-cli-in-ibm-cloud-cli/
BIG-IP Edge Client for Windows vulnerability CVE-2020-5855
https://support.f5.com/csp/article/K55102004
BIG-IP TMM AWS vulnerability CVE-2020-5856
https://support.f5.com/csp/article/K00025388
BIG-IP TMM vulnerability CVE-2020-5854
https://support.f5.com/csp/article/K50046200
Atlassian Jira Software: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-0099
Red Hat Enterprise Linux: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten
http://www.cert-bund.de/advisoryshort/CB-K20-0104