End-of-Day report
Timeframe: Dienstag 31-03-2020 18:00 - Mittwoch 01-04-2020 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
Zoom Lets Attackers Steal Windows Credentials via UNC Links
The Zoom Windows client is vulnerable to UNC path injection in the clients chat feature that could allow attackers to steal the Windows credentials of users who click on the link.
https://www.bleepingcomputer.com/news/security/zoom-lets-attackers-steal-windows-credentials-via-unc-links/
WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers
[...] Named "Vollgar" after the Vollar cryptocurrency it mines and its offensive "vulgar" modus operandi, researchers at Guardicore Labs said the attack employs password brute-force to breach Microsoft SQL servers with weak credentials exposed to the Internet.
https://thehackernews.com/2020/04/backdoor-.html
WordPress-SEO-Plugin Rank Math: Admin-Lücke gefährdet Websites
Eine kritische Sicherheitslücke mit Höchstwertung im WordPress-Plugin Rank Math kann Angreifer zu Admins machen. Ein Update ist verfügbar.
https://heise.de/-4694641
Kleinanzeigenbetrug: So funktioniert der Dreiecksbetrug
Ebay, Willhaben, Shpock und Co. sind beliebt, um günstige und gebrauchte Ware zu kaufen oder nicht mehr gebrauchte Gegenstände zu verkaufen. Doch auch Kriminelle fühlen sich auf diesen Kleinanzeigenportalen wohl, da sie die Anonymität im Internet gezielt nutzen können. Eine besonders perfide Betrugsfalle in diesem Bereich ist der -Dreiecksbetrug-. Hier werden sowohl KäuferInnen als auch VerkäuferInnen abgezockt.
https://www.watchlist-internet.at/news/kleinanzeigenbetrug-so-funktioniert-der-dreiecksbetrug/
Vulnerabilities
BD Pyxis MedStation and Pyxis Anesthesia (PAS) ES System
This advisory contains mitigations for a protection mechanism failure vulnerability in BD Pyxis medical devices.
https://www.us-cert.gov/ics/advisories/icsma-20-091-01
Hirschmann Automation and Control HiOS and HiSecOS Products
This advisory contains mitigations for a classic buffer overflow vulnerability in Hirschmann Automation and Control HiOS and HiSecOS software.
https://www.us-cert.gov/ics/advisories/icsa-20-091-01
Mitsubishi Electric MELSEC
This advisory contains mitigations for an uncontrolled resource consumption vulnerability in Mitsubishi Electric MELSEC programmable controllers.
https://www.us-cert.gov/ics/advisories/icsa-20-091-02
Security updates for Wednesday
Security updates have been issued by Debian (apng2gif, gst-plugins-bad0.10, and libpam-krb5), Fedora (coturn, libarchive, and phpMyAdmin), Mageia (chromium-browser-stable, nghttp2, php, phpmyadmin, sympa, and vim), openSUSE (GraphicsMagick, ldns, phpMyAdmin, python-mysql-connector-python, python-nltk, and tor), Red Hat (advancecomp, avahi, bash, bind, bluez, buildah, chromium-browser, cups, curl, docker, dovecot, doxygen, dpdk, evolution, expat, file, gettext, GNOME, httpd, idm:DL1, [...]
https://lwn.net/Articles/816511/
Cisco NX-OS Software Anycast Gateway Invalid ARP Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-arp
Cisco NX-OS Software NX-API Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-api-dos
Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200401-01-overflow-en
Security Bulletin: Buffer overflow vulnerability affecting certain Aspera applications
https://www.ibm.com/blogs/psirt/security-bulletin-buffer-overflow-vulnerability-affecting-certain-aspera-applications/
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data returning decrypted credentials
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-returning-decrypted-credentials/
Security Bulletin: IBM API Connect is impacted by an unspecified vulnerability in Java(CVE-2020-2604)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-an-unspecified-vulnerability-in-javacve-2020-2604/
Security Bulletin: Possible denial of service vulnerability in Watson Knowledge Catalog for IBM Cloud Pak for Data
https://www.ibm.com/blogs/psirt/security-bulletin-possible-denial-of-service-vulnerability-in-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in jackson-databind
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-jackson-databind/
Security Bulletin: Vulnerability in jQuery affects IBM Tririga Application Platform (CVE-2019-11358)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jquery-affects-ibm-tririga-application-platform-cve-2019-11358/
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by multiple vulnerabilities in Java
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-multiple-vulnerabilities-in-java-2/
Security Bulletin: Vulnerabilities in Java runtime environment that IBM provides affect WebSphere eXtreme Scale
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-runtime-environment-that-ibm-provides-affect-websphere-extreme-scale/
Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2020-4303, CVE-2020-4304)
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-is-vulnerable-to-cross-site-scripting-cve-2020-4303-cve-2020-4304/
Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server (CVE-2019-4057, CVE-2019-4101, CVE-2019-4154, CVE-2019-4386, CVE-2019-4322)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-vulnerabilities-affect-the-ibm-spectrum-protect-server-cve-2019-4057-cve-2019-4101-cve-2019-4154-cve-2019-4386-cve-2019-4322-2/
Security Bulletin: Security vulnerability in IBM Java SDK affect Rational Build Forge (CVE-2020-2654)
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-ibm-java-sdk-affect-rational-build-forge-cve-2020-2654/
HPESBHF03994 rev.1 - HPE Superdome Flex with iLO4, Remote or Local Code Execution
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03994en_us
HPESBST03940 rev.1 - HPE MSA 1040, HPE MSA 2040, HPE MSA 2042, HPE MSA 1050, HPE MSA 2050, and HPE MSA 2052 Multiple Remote Access Restriction Bypass
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03940en_us
HPESBHF03993 rev.1 - HPE Superdome X servers with iLO4, Remote Multiple Vulnerabilities
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03993en_us
HPESBHF03995 rev.1 - HPE Superdome X servers with iLO4, Multiple Remote Vulnerabilities
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03995en_us
HPESBHF03986 rev.1 - HPE Superdome X servers with iLO4, Remote Code Execution and Authentication Bypass
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03986en_us