Tageszusammenfassung - 10.03.2020
End-of-Day report
Timeframe: Montag 09-03-2020 18:00 - Dienstag 10-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner
News
Microsoft Exchange Server Flaw Exploited in APT Attacks
The vulnerability in question (CVE-2020-0688) exists in the control panel of Exchange, Microsoft-s mail server and calendaring server, and was fixed as part of Microsoft-s February Patch Tuesday updates. However, researchers in a Friday advisory said that unpatched servers are being exploited in the wild by unnamed advanced persistent threat (APT) actors.
https://threatpost.com/microsoft-exchange-server-flaw-exploited-in-apt-attacks/153527/
Variant of Paradise Ransomware Targets Office IQY Files
A new variant of the Paradise ransomware attacks rarely-targeted Microsoft Office Excel IQY files, providing a new and relatively inobtrusive way to infiltrate and hijack an organization-s network, researchers have found.
https://threatpost.com/variant-of-paradise-ransomware-targets-office-iqy-files/153559/
How poor IoT security is allowing this 12-year-old malware to make a comeback
Conficker peaked in 2009, but unsupported connected devices are allowing it to spread in 2020 - and the healthcare sector is where its infected the most targets.
Vulnerabilities
Security updates for Tuesday
Security updates have been issued by Debian (libvpx and network-manager-ssh), Fedora (cacti, cacti-spine, and podman), openSUSE (chromium and python-bleach), Oracle (curl), Red Hat (ansible and qemu-kvm), SUSE (gd, ipmitool, and php7), and Ubuntu (runc and sqlite3).
https://lwn.net/Articles/814493/
MISP: Mehrere Schwachstellen ermöglichen Cross-Site Scripting
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in MISP ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
http://www.cert-bund.de/advisoryshort/CB-K20-0206
SAP Security Patch Day - March 2020
On 10th of March 2020, SAP Security Patch Day saw the release of 16 Security Notes. There are 2 updates to previously released Patch Day Security Notes.
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305
Joomla Security Updates (Severity: low)
- [20200306] - Core - SQL injection in Featured Articles menu parameters
https://developer.joomla.org/security-centre/807-20200306-core-sql-injection-in-featured-articles-menu-parameters.html - [20200304] - Core - Identifier collisions in com_users
https://developer.joomla.org/security-centre/805-20200304-core-identifier-collisions-in-com-users.html - [20200305] - Core - Incorrect Access Control in com_fields SQL field
https://developer.joomla.org/security-centre/806-20200305-core-incorrect-access-control-in-com-fields-sql-field.html - [20200303] - Core - Incorrect Access Control in com_templates
https://developer.joomla.org/security-centre/804-20200303-core-incorrect-access-control-in-com-templates.html - [20200302] - Core - XSS in Protostar and Beez3
https://developer.joomla.org/security-centre/803-20200302-core-xss-in-protostar-and-beez3.html - 20200301] - Core - CSRF in com_templates image actions
https://developer.joomla.org/security-centre/802-20200301-core-csrf-in-com-templates-image-actions.html
TYPO3-EXT-SA-2020-003: Multiple vulnerabilities in extension "Magalone Flipbook for TYPO3" (magaloneflipbook)
https://typo3.org/security/advisory/typo3-ext-sa-2020-003
TYPO3-EXT-SA-2020-002: Remote Code Execution in extension "PHPUnit" (phpunit)
https://typo3.org/security/advisory/typo3-ext-sa-2020-002
TYPO3-EXT-SA-2020-001: SQL Injection in extension "phpmyadmin" (phpmyadmin)
https://typo3.org/security/advisory/typo3-ext-sa-2020-001
SSA-938930: Cross-Site Scripting Vulnerability in Spectrum Power- 5
https://cert-portal.siemens.com/productcert/txt/ssa-938930.txt
SSA-508982: Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK
https://cert-portal.siemens.com/productcert/txt/ssa-508982.txt
SSA-844761: Multiple Vulnerabilities in CCS, FTP and Streaming Services of SiNVR Video Management Solution
https://cert-portal.siemens.com/productcert/txt/ssa-844761.txt
Security Bulletin: Vulnerability in DCNM Network Management Software used by IBM c-type SAN directors and switches.
Security Bulletin: Vulnerability in DCNM Network Management Software used by IBM c-type SAN directors and switches.
Security Bulletin: An information disclosure vulnerability has been identified with the embedded Content Platform Engine component shipped with IBM Business Automation Workflow (CVE-2019-4572)
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2019 - Includes Oracle Oct 2019 CPU minus CVE-2019-2949
Security Bulletin: IBM Workload scheduler 9.3 vulnerable to CVE-2019-4608