End-of-Day report
Timeframe: Dienstag 03-03-2020 18:00 - Mittwoch 04-03-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Achtung: Lets Encrypt macht Mittwochnacht 3 Millionen Zertifikate ungültig
Webadmins aufgepasst: Wer jetzt seine Lets-Encrypt-Zertifikate nicht erneuert, könnte Donnerstag früh verunsicherte Nutzer auf der Matte stehen haben.
https://heise.de/-4676017
Ransomware Attackers Use Your Cloud Backups Against You
Backups are one the most, if not the most, important defense against ransomware, but if not configured properly, attackers will use it against you.
https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/
ACSC Releases Securing Content Management Systems Guide
The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide outlining strategies for identifying and minimizing risks to web servers from installed content management systems (CMS).
https://www.us-cert.gov/ncas/current-activity/2020/03/04/acsc-releases-securing-content-management-systems-guide
A Zero-Day Homograph Domain Name Attack
What started as almost casual research in November 2019 and disclosed to various vendors as a vulnerability in November and December 2019 and January 2020 was abruptly reclassified and treated as a zero-day vulnerability on February 13, 2020.
https://www.securityweek.com/zero-day-homograph-domain-name-attack
Academics find 30 file upload vulnerabilities in 23 web apps, CMSes, and forums
Impacted projects include WordPress, Concrete5, Composr, SilverStripe, ZenCart, and others.
https://www.zdnet.com/article/academics-find-30-file-upload-vulnerabilities-in-23-web-apps-cmses-and-forums/
Voice assistants can be hacked with ultrasonic waves
With access to text messages and the ability to make fraudulent phone calls, attackers could wreak more damage than youd think
https://www.welivesecurity.com/2020/03/04/voice-assistants-hacked-ultrasonic-waves/
Vulnerabilities
Emerson ValveLink
This advisory contains mitigations for an improper access control vulnerability in Emersons ValveLink digital valve controllers.
https://www.us-cert.gov/ics/advisories/icsa-20-063-01
PHOENIX CONTACT Emalytics Controller ILC
This advisory contains mitigations for an incorrect permission assignment for critical resource vulnerability in Phoenix Contacts Emalytics Controller modular inline devices.
https://www.us-cert.gov/ics/advisories/icsa-20-063-02
Omron PLC CJ Series
This advisory contains mitigations for an uncontrolled resource consumption vulnerability in Omrons PLC CJ Series programmable logic controllers.
https://www.us-cert.gov/ics/advisories/icsa-20-063-03
Moxa AWK-3131A Series Industrial AP/Bridge/Client
This advisory contains mitigations for several vulnerabilities in Moxas AWK-3131A wireless networking appliance.
https://www.us-cert.gov/ics/advisories/icsa-20-063-04
Security updates for Wednesday
Security updates have been issued by Debian (libzypp), Fedora (opensmtpd and thunderbird), openSUSE (nodejs8), Red Hat (http-parser, kpatch-patch, and xerces-c), SUSE (cloud-init, compat-openssl098, kernel, postgresql96, python, and yast2-rmt), and Ubuntu (python-django and rake).
https://lwn.net/Articles/813797/
Cisco Security Advisories
https://tools.cisco.com/security/center/publicationListing.x
Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-http2-implementation-vulnerabilities/
Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by a vulnerability in libssh2 (CVE-2016-0787)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management-module-ii-imm2-is-affected-by-a-vulnerability-in-libssh2-cve-2016-0787/
Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (February 2020v3)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-object-storage-systems-february-2020v3/
Security Bulletin: Vulnerability in Apache Commons Beanutils library affect IBM Cúram Social Program Management (CVE-2019-10086)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-commons-beanutils-library-affect-ibm-cram-social-program-management-cve-2019-10086/
Security Bulletin: A security vulnerability has been addressed in IBM Security Privileged Identity Manager
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-addressed-in-ibm-security-privileged-identity-manager/
Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSSL (CVE-2012-4929)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management-module-ii-imm2-is-affected-by-vulnerability-in-openssl-cve-2012-4929/
Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by a vulnerability with the IPv6 networking support (CVE-2015-2922)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management-module-ii-imm2-is-affected-by-a-vulnerability-with-the-ipv6-networking-support-cve-2015-2922/
Security Bulletin: IBM Security Privileged Identity Manager is affected by a security vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-a-security-vulnerability/
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2019 - Includes Oracle Oct 2019 CPU minus CVE-2019-2949
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2019-includes-oracle-oct-2019-cpu-minus-cve-2019-2949/
HPESBHF03987 rev.1 - HPE OneView Global Dashboard (OVGD), Remote Information Disclosure
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03987en_us
Red Hat OpenShift Container Platform: Mehrere Schwachstellen ermöglichen Privilegieneskalation
http://www.cert-bund.de/advisoryshort/CB-K20-0189