Tageszusammenfassung - 11.03.2020

End-of-Day report

Timeframe: Dienstag 10-03-2020 18:00 - Mittwoch 11-03-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner

News

LVI Attacks: New Intel CPUs Vulnerability Puts Data Centers At Risk

Tracked as CVE-2020-0551, dubbed "Load Value Injection in the Line Fill Buffers" or LVI-LFB for short, the new speculative-execution attack could let a less privileged attacker steal sensitive information-encryption keys or passwords-from the protected memory and subsequently, take significant control over a targeted system.

https://thehackernews.com/2020/03/intel-load-value-injection.html

Forthcoming OpenSSL release

The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1e. This release will be made available on Tuesday 17th March 2020 between 1300-1700 UTC. This will contain one LOW severity fix for CVE-2019-1551

https://mta.openssl.org/pipermail/openssl-announce/2020-March/000166.html

A new and advanced Rowhammer-based attack on DDR4 memory

A new and advanced Rowhammer-based attack on DDR4 memory was announced on March 10, 2020. (CVE-2020-10255) The attack has been shown to cause memory corruption in lab environments.

https://www.ibm.com/blogs/psirt/a-new-and-advanced-rowhammer-based-attack-on-ddr4-memory/

Klicken Sie keine Links und Anhänge in E-Mails an!

-Ihr PayPal-Konto wurde eingeschränkt! - Öffnen Sie die Anhangsdatei, um Ihre Einschränkung aufzuheben!- Diese Nachricht landet derzeit in zahlreichen E-Mail-Postfächern. Die Datei im Anhang enthält Schadsoftware, die Links führen auf Phishing-Seiten mit denen Zugangsdaten ausspioniert werden sollen. Schützen kann man sich nur, indem man nichts anklickt, sondern sich auf anderen Wegen informiert, ob die E-Mail echt sein kann.

https://www.watchlist-internet.at/news/klicken-sie-keine-links-und-anhaenge-in-e-mails-an/

Microsoft orchestrates coordinated takedown of Necurs botnet

Microsoft and partners in 35 countries move to bring down Necurs, todays largest malware botnet.

https://www.zdnet.com/article/microsoft-orchestrates-coordinated-takedown-of-necurs-botnet/

Vulnerabilities

Kritische Sicherheitslücke in Microsoft SMBv3 - Workarounds verfügbar

Microsoft hat außerhalb des monatlichen Patch-Zyklus ein Security Advisory mit Workarounds für eine kritische Sicherheitslücke in Microsoft Server Message Block 3.1.1 (SMBv3) veröffentlicht. ... Die Lücke kann über das Netzwerk ausgenützt werden und ermöglicht die Ausführung von beliebigen Befehlen mit SYSTEM Rechten.

https://cert.at/de/warnungen/2020/3/kritische-sicherheitslucke-in-microsoft-smbv3-workarounds-verfugbar

IPAS: Security Advisories for March 2020

Hi everyone, It-s the second Tuesday in March 2020 and today we released 9 security advisories. For full details on these advisories, please visit the Intel Security Center.

https://blogs.intel.com/technology/2020/03/ipas-security-advisories-for-march-2020/

SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-006

This module enables you to authenticate Drupal users using an external SAML Identity Provider. If the site is configured to allow visitors to register for user accounts but administrator approval is required, the module doesnt sufficiently enforce the administrative approval requirement, in the case where the requesting user has already authenticated through SAML.

https://www.drupal.org/sa-contrib-2020-006

Microsoft Patch Tuesday - March 2020: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This months Patch Tuesday covers 117 vulnerabilities, 25 of which are considered critical. There is also one moderate vulnerability and 91 that are considered important.

https://blog.talosintelligence.com/2020/03/microsoft-patch-tuesday-march-2020.html

Security updates for Wednesday

Security updates have been issued by CentOS (qemu-kvm and sudo), Debian (chromium), Mageia (gpac, libseccomp, and tomcat), openSUSE (gd and postgresql10), Oracle (qemu-kvm), Red Hat (chromium-browser), Scientific Linux (qemu-kvm), Slackware (firefox), and SUSE (ipmitool, java-1_7_0-openjdk, librsvg, and tomcat).

https://lwn.net/Articles/814574/

Synology-SA-20:03 Kr00k

A vulnerability allows remote attackers to obtain sensitive information via a susceptible version of Synology Router Manager (SRM) that is equipped with Broadcom BCM43460.

https://www.synology.com/en-global/support/security/Synology_SA_20_03

MISP 2.4.123 released (aka the dashboard and security fix release)

A new version of MISP (2.4.123) has been released. This version includes various security related fixed, and a new Dashboard system.

https://www.misp-project.org/2020/03/10/MISP.2.4.123.released.html

Credential Disclosure in WatchGuard Fireware AD Helper Component

RedTeam Pentesting discovered a credential-disclosure vulnerability in the AD Helper component of the WatchGuard Fireware Threat Detection and Response (TDR) service, which allows unauthenticated attackers to gain Active Directory credentials for a Windows domain in plaintext.

https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-001/

Security Bulletin: IBM InfoSphere Governance Catalog is affected by a cross-site scripting vulnerability

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-governance-catalog-is-affected-by-a-cross-site-scripting-vulnerability/

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (August 2019 CPU)

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-db2-august-2019-cpu/

Security Bulletin: Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-java-sdk-affects-ibm-voice-gateway/

Linux kernel vulnerability CVE-2019-19072

https://support.f5.com/csp/article/K42438635