End-of-Day report
Timeframe: Mittwoch 11-03-2020 18:00 - Donnerstag 12-03-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
News
Prenotification Security Advisory for Adobe Acrobat and Reader
Adobe is planning to release security updates for Adobe Acrobat and Reader for Windows and macOS on Tuesday, March 17, 2020.
https://helpx.adobe.com/security/products/acrobat/apsb20-13.html
Live Coronavirus Map Used to Spread Malware
Cybercriminals constantly latch on to news items that captivate the publics attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software.
https://krebsonsecurity.com/2020/03/live-coronavirus-map-used-to-spread-malware/
Vulnerabilities
Achtung: Sicherheitspatch gegen kritische SMBv3-Lücke jetzt verfügbar
Gegen die kritische Windows-Sicherheitslücke CVE-2020-0796 gibt es jetzt einen Patch von Microsoft. Admins sollten ihre Systeme möglichst sofort akualisieren..
https://heise.de/-4681993
Flaws Riddle Zyxel-s Network Management Software
Over 16 security flaws, including multiple backdoors and hardcoded SSH server keys, plague the software.
https://threatpost.com/flaws-zyxels-network-management-software/153554/
Vulnerabilities Patched in Popup Builder Plugin Affecting over 100,000 Sites
On March 4th, our Threat Intelligence team discovered several vulnerabilities in Popup Builder, a WordPress plugin installed on over 100,000 sites. One vulnerability allowed an unauthenticated attacker to inject malicious JavaScript into any published popup, which would then be executed whenever the popup loaded.
..
We highly recommend updating to the latest version, 3.64.1, immediately.
https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-popup-builder-plugin-affecting-over-100000-sites/
Security updates for Thursday
Security updates have been issued by CentOS (kernel), Debian (dojo, firefox-esr, sleuthkit, and wpa), Fedora (cacti, cacti-spine, and python-psutil), Oracle (kernel), Red Hat (kernel), Scientific Linux (kernel), SUSE (ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, ...), Ubuntu (firefox).
https://lwn.net/Articles/814652/
ABB eSOMS
https://www.us-cert.gov/ics/advisories/icsa-20-072-01
ABB Asset Suite
https://www.us-cert.gov/ics/advisories/icsa-20-072-02
Rockwell Automation Allen-Bradley Stratix 5950
https://www.us-cert.gov/ics/advisories/icsa-20-072-03
XSS vulnerability in the FortiManager via the buffer parameter
https://fortiguard.com/psirt/FG-IR-19-271
Information disclosure through diagnose debug commands in FortiWeb
https://fortiguard.com/psirt/FG-IR-19-269
XSS Vulnerability in Disclaimer Description of a Replacement Message in FortiWeb
https://fortiguard.com/psirt/FG-IR-20-001
Unquoted Service Path exploit in FortiClient
https://fortiguard.com/psirt/FG-IR-19-281
Authorizations Bypass in the FortiPresence portal parameters
https://fortiguard.com/psirt/FG-IR-19-258
XSS vulnerability in the URL Description of URL filter
https://fortiguard.com/psirt/FG-IR-19-270
XSS vulnerability in the Anomaly Detection Parameter Name
https://fortiguard.com/psirt/FG-IR-19-265
FortiSIEM is vulnerable to a CSRF attack
https://fortiguard.com/psirt/ FG-IR-19-240
Security Advisory - Out of Bounds Read Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200311-01-buffer-en
Security Advisory - Improper Authentication Vulnerability in Huawei Smartphone
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200311-01-smartphone-en
Security Advisory - Improper Authentication Vulnerability in Huawei Smartphone
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200311-01-informationleak-en
Security Advisory - Improper Integrity Checking Vulnerability on some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200311-01-integrity-en
Security Bulletin: Vulnerability from Apache HttpClient affects IBM Cloud Pak System (CVE-2012-5783)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-from-apache-httpclient-affects-ibm-cloud-pak-system-cve-2012-5783/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11.
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-bus-and-ibm-app-connect-enterpise-v11/
Security Bulletin: Multiple vulnerabilities in HTTP/2 implementation used by Watson Knowledge Catalog for IBM Cloud Pak for Data
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-http-2-implementation-used-by-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/
Security Bulletin: An information disclosure security vulnerability has been identified with the embedded Content Navigator component shipped with IBM Business Automation Workflow (CVE-2019-4679)
https://www.ibm.com/blogs/psirt/security-bulletin-an-information-disclosure-security-vulnerability-has-been-identified-with-the-embedded-content-navigator-component-shipped-with-ibm-business-automation-workflow-cve-2019-4679/
Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-spss-statistics-2/