End-of-Day report
Timeframe: Dienstag 17-03-2020 18:00 - Mittwoch 18-03-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
News
TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks
A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol (RDP) connection exposed to the Internet.
https://thehackernews.com/2020/03/trickbot-malware-rdp-bruteforce.html
Home-Office? - Aber sicher!
Eine empfohlene Maßnahme im Kontext der Corona-Prävention ist die intensivere Nutzung von Home-Office und mobilem Arbeiten. Dafür gilt es, pragmatische Lösungen zu finden, die einerseits die Arbeitsfähigkeit einer Organisation erhalten, gleichzeitig jedoch Vertraulichkeit, Verfügbarkeit und Integrität gewährleisten.
https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Empfehlungen_mobiles_Arbeiten_180320.html
Sicher arbeiten im Homeoffice!
Unzählige Unternehmen haben ihren Betrieb als Reaktion auf das Coronavirus und entsprechende Regierungsvorgaben mittlerweile auf Arbeit im Homeoffice umgestellt. Da dies einige Änderungen in alltäglichen Arbeitsprozessen bedeutet, gibt es Empfehlungen für Unternehmen und deren MitarbeiterInnen, die Schäden durch Kriminelle in der momentanen Ausnahmesituation vermeiden können.
https://www.watchlist-internet.at/news/sicher-arbeiten-im-homeoffice/
Vulnerabilities
Security Bulletins Posted
Adobe has published security bulletins for Adobe Genuine Integrity Service (APSB20-12), Adobe Acrobat and Reader (APSB20-13), Adobe Photoshop (APSB20-14), Adobe Experience Manager (APSB20-15), Adobe ColdFusion (APSB20-16) and Adobe Bridge (APSB20-17).
https://blogs.adobe.com/psirt/?p=1847
Severe Flaws Patched in Responsive Ready Sites Importer Plugin
On March 2nd, our Threat Intelligence team discovered several vulnerable endpoints in Responsive Ready Sites Importer, a WordPress plugin installed on over 40,000 sites. These flaws allowed any authenticated user, regardless of privilege level, the ability to execute various AJAX actions that could reset site data, inject malicious JavaScript in pages, modify theme customizer data, import .xml and .json files, and activate plugins, among many other actions. ... We highly recommend updating to the latest version available, 2.2.7, immediately.
https://www.wordfence.com/blog/2020/03/severe-flaws-patched-in-responsive-ready-sites-importer-plugin/
Security updates for Wednesday
Security updates have been issued by Debian (libvncserver and twisted), Fedora (libxslt), Red Hat (kernel, kernel-rt, python-flask, python-pip, python-virtualenv, slirp4netns, tomcat, and zsh), Scientific Linux (kernel, python-pip, python-virtualenv, tomcat, and zsh), SUSE (apache2-mod_auth_openidc and skopeo), and Ubuntu (apport and dino-im).
https://lwn.net/Articles/815309/
FreeRADIUS: Schwachstelle ermöglicht Offenlegung von Informationen
FreeRADIUS ist ein Open Source Server zur Authentisierung entfernter Benutzer auf Basis des RADIUS-Protokolls (Remote Access Dial-In User Service). Ein entfernter, anonymer Angreifer kann eine Schwachstelle in FreeRADIUS ausnutzen, um Informationen offenzulegen.
http://www.cert-bund.de/advisoryshort/CB-K20-0235
Delta Electronics Industrial Automation CNCSoft ScreenEditor
https://www.us-cert.gov/ics/advisories/icsa-20-077-01
Cisco SD-WAN Solution vManage SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200318-vmanage-cypher-inject
Cisco SD-WAN Solution Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwpresc-ySJGvE9
Cisco SD-WAN Solution Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwclici-cvrQpH9v
Cisco SD-WAN Solution Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanbo-QKcABnS2
Cisco SD-WAN Solution vManage Stored Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200318-vmanage-xss
Security Advisory - Improper Authorization Vulnerability in Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200318-05-smartphone-en
Security Advisory - Logic Error Vulnerability in Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200318-04-smartphone-en
Security Advisory - Improper Authentication Vulnerability in Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200318-02-smartphone-en
Security Advisory - Improper Authentication Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200318-01-authentication-en
Security Advisory - Double Free Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200318-01-free-en
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud January 2020 CPU
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-liberty-for-java-for-ibm-cloud-january-2020-cpu/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM eDiscovery Analyzer
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-ediscovery-analyzer-2/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-content-classification/
Security Bulletin: A Vulnerability in Apache Log4j affects IBM LKS ART & Agent
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-affects-ibm-lks-art-agent/
Security Bulletin: OpenSSL publicly disclosed vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-2/
Security Bulletin: IBM Security Guardium is affected by an Apache Commons vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-apache-commons-vulnerability/
Security Bulletin: Cross-Site Request Forgery (CSRF) vulnerabilities were identified on Tivoli Netcool/OMNIbus WebGUI Relationship admin page (CVE-2020-4199)
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-request-forgery-csrf-vulnerabilities-were-identified-on-tivoli-netcool-omnibus-webgui-relationship-admin-page-cve-2020-4199/
Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to a denial of service (CVE-2019-4720)
https://www.ibm.com/blogs/psirt/security-bulletin-liberty-for-java-for-ibm-cloud-is-vulnerable-to-a-denial-of-service-cve-2019-4720/
Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js- in IBM Cloud
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-sdk-for-node-js-in-ibm-cloud/
Security Bulletin: Vulnerability in Apache CXF affects Liberty for Java for IBM Cloud(CVE-2019-12406)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-cxf-affects-liberty-for-java-for-ibm-cloudcve-2019-12406/