End-of-Day report
Timeframe: Freitag 14-02-2020 18:00 - Montag 17-02-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Escaping the Chrome Sandbox with RIDL
tl;dr: Vulnerabilities that leak cross process memory can be exploited to escape the Chrome sandbox. An attacker is still required to compromise the renderer prior to mounting this attack. To protect against attacks on affected CPUs make sure your microcode is up to date and disable hyper-threading (HT).
https://googleprojectzero.blogspot.com/2020/02/escaping-chrome-sandbox-with-ridl.html
How to hack a company by circumventing its WAF through the abuse of a different security appliance and win bug bounties
Hey, wait! What do bug bounties and network security appliances have in common? Usually nothing! On the contrary, the security appliances allow virtual patching practices and actively participate to reduce the number of bug bounties paid to researchers-but this is a reverse story: a bug bounty was paid to us thanks to a misconfigured security appliance.
https://www.redtimmy.com/web-application-hacking/how-to-hack-a-company-by-circumventing-its-waf-through-the-abuse-of-a-different-security-appliance-and-win-bug-bounties/
Flaw in WordPress Themes Plugin Allowed Hackers to Become Site Admin
A serious vulnerability found in a WordPress themes plugin with over 200,000 active installations can be exploited to wipe a website-s database and gain administrator access to the site. read more
https://www.securityweek.com/flaw-wordpress-themes-plugin-allowed-hackers-become-site-admin
Theres finally a way to remove xHelper, the unremovable Android malware
Malwarebytes researchers find a way to remove the malware, but they still dont know how it really operates.
https://www.zdnet.com/article/theres-finally-a-way-to-remove-xhelper-the-unremovable-android-malware/
Vulnerabilities
Security updates for Monday
Security updates have been issued by Debian (evince, postgresql-9.4, and thunderbird), Fedora (ksh and libxml2), openSUSE (hostapd and nextcloud), Red Hat (chromium-browser, firefox, flash-plugin, and ksh), and SUSE (firefox and thunderbird).
https://lwn.net/Articles/812664/
PHOENIX CONTACT Emalytics Controller ILC 2050 BI(L) allows unauthorised read and write access to the configuration file.
https://cert.vde.com/de-de/advisories/vde-2020-001
Security Bulletin: Information disclosure in WebSphere Application Server Liberty bundled with IBM Operations Analytics - Log Analysis (CVE-2019-4305)
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-application-server-liberty-bundled-with-ibm-operations-analytics-log-analysis-cve-2019-4305/
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Spectrum Protect Plus (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-plus-cve-2018-0735-cve-2018-0734-cve-2018-5407/
Security Bulletin: Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Oct 2019 - Includes Oracle Oct 2019 CPU minus CVE-2019-2949
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2019-includes-oracle-oct-2019-cpu-minus-cve-2019-2949/
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Kubernetes (CVE-2019-17110, CVE-2019-10223, CVE-2019-11253)
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-kubernetes-cve-2019-17110-cve-2019-10223-cve-2019-11253/
Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server Liberty in IBM Cloud Private VM Quickstarter
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-websphere-application-server-liberty-in-ibm-cloud-private-vm-quickstarter/
Security Bulletin: Vulnerabilities in Websphere Liberty and OpenLiberty
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-websphere-liberty-and-openliberty/
Security Bulletin: IBM Tivoli Common Reporting (TCR) interim fixes address Security Vulnerability and Exposure CVE-2018-1902
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-common-reporting-tcr-interim-fixes-address-security-vulnerability-and-exposure-cve-2018-1902/
Security Bulletin: A Security Vulnerability affects IBM Cloud Private - Go (CVE-2019-17596)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-go-cve-2019-17596/
Security Bulletin: Vulnerabilities in Apache Commons Compress
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-commons-compress/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-ibm-infosphere-information-server/