End-of-Day report
Timeframe: Montag 06-04-2020 18:00 - Dienstag 07-04-2020 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
corp.com: Microsoft kauft gefährliche Domain
Alte, fehlerhaft konfigurierte Windowsversionen verbinden sich häufig zur Domain corp.com und geben Daten preis.
https://www.golem.de/news/corp-com-microsoft-kauft-gefaehrliche-domain-2004-147770-rss.html
Web server protection: Web application firewalls for web server protection
Firewalls are an integral part of the tools necessary in securing web servers. In this article, we will discuss all relevant aspects of web application firewalls. We-ll explore a few concepts that touch on these firewalls, both from a compliance and technical point of view, as well as examine a few examples of how [...]
https://resources.infosecinstitute.com/web-server-protection-web-application-firewalls-for-web-server-protection/
Unkillable xHelper and a Trojan matryoshka
It was the middle of last year that we detected the start of mass attacks by the xHelper Trojan on Android smartphones, but even now the malware remains as active as ever.
https://securelist.com/unkillable-xhelper-and-a-trojan-matryoshka/96487/
ENISA publishes a Tool for the Mapping of Dependencies to International Standards
The web tool presents the mapping of the indicators demonstrated in the report Good practices on interdependencies between OES and DSPs to international information security standards. This report analysed the dependencies and interdependencies between Operators of Essential Services (OES) and Digital Service Providers (DSPs) and identified a number of indicators to assess them. These indicators are mapped to international standards and frameworks, namely ISO IEC 27002, COBIT5, the NIS [...]
https://www.enisa.europa.eu/news/enisa-news/enisa-publishes-a-tool-for-the-mapping-of-dependencies-to-international-standards
Jetzt patchen! Über 350.000 Microsoft Exchange Server immer noch attackierbar
Auch wenn Angreifer schon seit Ende Februar Ausschau nach verwundbaren Exchange Servern halten, haben viele Admins offensichtlich noch nicht gepatcht.
https://heise.de/-4698421
Google Patches Critical RCE Vulnerabilities in Androids System Component
Google this week released the April 2020 set of security patches for the Android operating system to address over 50 vulnerabilities, including four critical issues in the System component.
https://www.securityweek.com/google-patches-critical-rce-vulnerabilities-androids-system-component
Vorsicht Phishing: Amazon führt keine 3-Stufen-Authentifizierung ein
Kriminelle geben sich als Amazon aus und behaupten, eine -neue 3-Stufen-Authentifizierung für alle Kunden verbindlich einzuführen-. Angeblich in Zusammenarbeit mit Ihrer Bank und Ihrem E-Mail-Provider. Klicken Sie keinesfalls auf den Link in der E-Mail. Sie gelangen auf eine gefälschte Amazon Login-Seite. Kriminelle stehlen Ihre Zugangsdaten!
https://www.watchlist-internet.at/news/vorsicht-phishing-amazon-fuehrt-keine-3-stufen-authentifizierung-ein/
More Medical Record Security Flaws
Tenable Research recently disclosed a number of security-related bugs in a popular open-source medical records application - OpenMRS. This blog details our findings.
https://medium.com/tenable-techblog/more-medical-record-security-flaws-81759f673a0
Vulnerabilities
Critical Vulnerabilities in the WP Lead Plus X WordPress Plugin
On March 3, 2020, our Threat intelligence team discovered a number of vulnerabilities in WP Lead Plus X, a WordPress plugin with over 70,000 installations designed to allow site owners to create landing and squeeze pages on their sites. These vulnerabilities allowed an authenticated attacker with minimal permissions, such as a subscriber, to create or [...]
https://www.wordfence.com/blog/2020/04/critical-vulnerabilities-in-the-wp-lead-plus-x-wordpress-plugin/
Security updates for Tuesday
Security updates have been issued by Fedora (kernel, kernel-headers, and kernel-tools), openSUSE (glibc and qemu), Red Hat (chromium-browser, container-tools:1.0, container-tools:rhel8, firefox, ipmitool, kernel, kernel-rt, krb5-appl, ksh, nodejs:10, nss-softokn, python, qemu-kvm, qemu-kvm-ma, telnet, and virt:rhel), Scientific Linux (ipmitool and telnet), SUSE (ceph and firefox), and Ubuntu (haproxy, linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-hwe, linux-kvm, linux-oracle, [...]
https://lwn.net/Articles/817003/
Joomla! plugin "AcyMailing" vulnerable to arbitrary file uploads
https://jvn.jp/en/jp/JVN56890693/
Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-tomcat-affects-ibm-platform-symphony-2/
Security Bulletin: Security vulnerabilities in Dojo and jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-dojo-and-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm/
Security Bulletin: Log Analysis is vulnerable to Injection Attacks
https://www.ibm.com/blogs/psirt/security-bulletin-log-analysis-is-vulnerable-to-injection-attacks/
Multiple XSS vulnerabilities in TAO Open Source Assessment Platform
https://sec-consult.com/./en/blog/advisories/multiple-xss-vulnerabilities-in-tao-open-source-assessment-platform/