End-of-Day report
Timeframe: Montag 17-02-2020 18:00 - Dienstag 18-02-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
SSL Testing Methods
Not all SSL configurations on websites are equal, and a growing number push for HTTPS everywhere. There is an increasing demand to check and quantify that little padlock in your browser. Some simple online tools provide a fast SSL report. They are SSL configuration checkers, which do not just check a certificate, which is really only part of that configuration. Instead, they perform a more thorough look.
https://blog.sucuri.net/2020/02/ssl-testing-methods.html
Gut behütet: OWASP API Security Top 10
Zunehmend stehen APIs im Visier von Hackern. Ein Blick auf die neue OWASP-Liste zu den Schwachstellen zeigt, an welchen Stellen Entwickler gefordert sind.
https://heise.de/-4660904
Kritische Lücke in WordPress-Plugin Profile Builder macht jeden zum Site-Admin
In der aktuellen Version des WordPress-Plugin Profile Builder haben die Entwickler eine Sicherheitslücke mit Höchstwertung geschlossen.
https://heise.de/-4663152
Building a bypass with MSBuild
Living-off-the-land binaries (LoLBins) continue to pose a risk to security defenders. We analyze the usage of the Microsoft Build Engine by attackers and red team personnel. These threats demonstrate techniques T1127 (Trusted Developer Utilities) and T1500 (Compile After Delivery) of MITRE ATT&CK framework.
https://blog.talosintelligence.com/2020/02/building-bypass-with-msbuild.html
Vorsicht vor betrügerischen PayLife E-Mails
PayLife KundInnen aufgepasst: Aktuell sind Phishing-E-Mails unterwegs. Kriminelle geben sich als PayLife aus und behaupten, dass Ihre Karte gesperrt wurde. Um die Karte wieder freizuschalten, müssen Sie einen Identifikationsprozess durchlaufen und Ihre Daten bestätigen. Klicken Sie keinesfalls auf den Link, es handelt sich um Betrug!
https://www.watchlist-internet.at/news/vorsicht-vor-betruegerischen-paylife-e-mails/
Bypass Windows 10 User Group Policy (and more) with this One Weird Trick
I-m going to share an (ab)use of a Windows feature which can result in bypassing User Group Policy (as well as a few other interesting things). Bypassing User Group Policy is not the end of the world, but it-s also not something that should be allowed and depending on User Group Policy setup, could result in unfortunate security scenarios.
https://medium.com/tenable-techblog/bypass-windows-10-user-group-policy-and-more-with-this-one-weird-trick-552d4bc5cc1b
Vulnerabilities
Vulnerability in wpCentral Plugin Leads to Privilege Escalation
Description: Improper Access Control to Privilege Escalation
Affected Plugin: wpCentral
Affected Versions: [...]
https://www.wordfence.com/blog/2020/02/vulnerability-in-wpcentral-plugin-leads-to-privilege-escalation/
Security updates for Tuesday
Security updates have been issued by Arch Linux (systemd and thunderbird), Debian (clamav, libgd2, php7.3, spamassassin, and webkit2gtk), Fedora (kernel, kernel-headers, and sway), Mageia (firefox, kernel-linus, mutt, python-pillow, sphinx, thunderbird, and webkit2), openSUSE (firefox, nextcloud, and thunderbird), Oracle (firefox and ksh), Red Hat (curl, java-1.7.0-openjdk, kernel, and ruby), Scientific Linux (firefox and ksh), SUSE (sudo and xen), and Ubuntu (clamav, php5, php7.0, php7.2, [...]
https://lwn.net/Articles/812763/
Serious Vulnerabilities Expose SonicWall SMA Appliances to Remote Attacks
Several serious vulnerabilities have been found by a researcher in Secure Mobile Access (SMA) and Secure Remote Access (SRA) appliances made by SonicWall. The vendor has released software updates that patch the flaws.
https://www.securityweek.com/serious-vulnerabilities-expose-sonicwall-sma-appliances-remote-attacks
F-Secure Patches Old AV Bypass Vulnerability
A vulnerability addressed by F-Secure in some of its business products could have been exploited to bypass their scanning engine using malformed archives.
https://www.securityweek.com/f-secure-patches-old-av-bypass-vulnerability
Bugtraq: [TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN)
http://www.securityfocus.com/archive/1/542235
Intel processors vulnerability CVE-2019-14607
https://support.f5.com/csp/article/K29100014?utm_source=f5support&utm_medium=RSS
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager-2/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-content-collector-for-sap-applications/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-aix-2/
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by stack displayed in WebSphere Application Server (CVE-2019-4441)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operations-analytics-log-analysis-is-affected-by-stack-displayed-in-websphere-application-server-cve-2019-4441/
Security Bulletin: Oct 2019 : Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud
https://www.ibm.com/blogs/psirt/security-bulletin-oct-2019-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cics-tx-on-cloud/
Security Bulletin: Vulnerability in IBM Java Runtime affects Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2019-2989)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-watson-explorer-and-watson-explorer-content-analytics-studio-cve-2019-2989/
Security Bulletin: Bypass security restrictions in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2019-4304)
https://www.ibm.com/blogs/psirt/security-bulletin-bypass-security-restrictions-in-websphere-application-server-liberty-affect-ibm-operations-analytics-log-analysis-cve-2019-4304/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-aix/
Security Bulletin: Oct 2019 : Multiple vulnerabilities in IBM Java Runtime affect TXSeries for Multiplatforms
https://www.ibm.com/blogs/psirt/security-bulletin-oct-2019-multiple-vulnerabilities-in-ibm-java-runtime-affect-txseries-for-multiplatforms/