End-of-Day report
Timeframe: Freitag 10-04-2020 18:00 - Dienstag 14-04-2020 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Think Fast: Time Between Disclosure, Patch Release and VulnerabilityExploitation - Intelligence for Vulnerability Management, Part Two
One of the critical strategic and tactical roles that cyber threat intelligence (CTI) plays is in the tracking, analysis, and prioritization of software vulnerabilities that could potentially put an organization-s data, employees and customers at risk. In this four-part blog series, FireEye Mandiant Threat Intelligence highlights the value of CTI in enabling vulnerability management, and unveils new research into the latest threats, trends and recommendations.
http://www.fireeye.com/blog/threat-research/2020/04/time-between-disclosure-patch-release-and-vulnerability-exploitation.html
WhatsApp-Nachricht: Billa verlost keinen 250 - Gutschein
Sie haben von einem WhatsApp-Kontakt einen Link zu einem Billa-Gutschein erhalten und fragen sich was dahintersteckt? Die Watchlist Internet hat sich diesen sogenannten Kettenbrief näher angesehen! Unser Fazit: Sie erhalten weder einen Gutschein, noch stammt diese Verlosung von Billa.
https://www.watchlist-internet.at/news/whatsapp-nachricht-billa-verlost-keinen-250-eur-gutschein/
APT41 Using New Speculoos Backdoor to Target Organizations Globally
Unit 42 identifies new payload, named Speculoos, exploiting CVE-2019-19781 to target organizations around the world, including state government in the United States.
https://unit42.paloaltonetworks.com/apt41-using-new-speculoos-backdoor-to-target-organizations-globally/
Malicious Attackers Target Government and Medical Organizations With COVID-19 Themed Phishing Campaigns
New research shows COVID-19 themed phishing campaigns are targeting healthcare organizations and medical research facilities around the world.
https://unit42.paloaltonetworks.com/covid-19-themed-cyber-attacks-target-government-and-medical-organizations/
Vulnerabilities
Security Bulletins Posted
Adobe has published security bulletins for Adobe ColdFusion (APSB20-18), Adobe After Effects (APSB20-21) and Adobe Digital Editions (APSB20-23). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.
https://blogs.adobe.com/psirt/?p=1859
Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update
Oracle will detail 405 new security vulnerabilities Tuesday, part of its quarterly Critical Patch Update Advisory.
https://threatpost.com/oracle-tackles-405-bugs-for-april-quarterly-patch-update/154737/
Security updates for Monday
Security updates have been issued by Fedora (haproxy), Gentoo (chromium and libssh), openSUSE (ansible, chromium, gmp, gnutls, libnettle, libssh, mgetty, nagios, permissions, and python-PyYAML), and Oracle (firefox, kernel, qemu-kvm, and telnet).
https://lwn.net/Articles/817399/
Security updates for Tuesday
Security updates have been issued by Arch Linux (thunderbird), Debian (thunderbird), Fedora (drupal7-ckeditor, nrpe, and php-robrichards-xmlseclibs1), Red Hat (firefox and kernel), SUSE (quartz), and Ubuntu (thunderbird).
https://lwn.net/Articles/817471/
SSA-102233: SegmentSmack in VxWorks-based Industrial Devices
https://cert-portal.siemens.com/productcert/txt/ssa-102233.txt
SSA-162506: DHCP Client Vulnerability in SIMOTICS CONNECT 400, Desigo PXC/PXM, APOGEE MEC/MBC/PXC, APOGEE PXC Series, and TALON TC Series
https://cert-portal.siemens.com/productcert/txt/ssa-162506.txt
SSA-359303: Debug Port in TIM 3V-IE and 4R-IE Family Devices
https://cert-portal.siemens.com/productcert/txt/ssa-359303.txt
SSA-377115: SegmentSmack in Linux IP-Stack based Industrial Devices
https://cert-portal.siemens.com/productcert/txt/ssa-377115.txt
SSA-593272: SegmentSmack in Interniche IP-Stack based Industrial Devices
https://cert-portal.siemens.com/productcert/txt/ssa-593272.txt
SSA-886514: Persistent XSS Vulnerabilities in the Web Interface of Climatix POL908 and POL909 Modules
https://cert-portal.siemens.com/productcert/txt/ssa-886514.txt
Security Bulletin: A vulnerability in IBM Java affect IBM Decision Optimization Center (CVE-2020-2654)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-affect-ibm-decision-optimization-center-cve-2020-2654/
Security Bulletin: A vulnerability in IBM Java affects IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server (CVE-2020-2654)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-affects-ibm-ilog-cplex-optimization-studio-and-ibm-cplex-enterprise-server-cve-2020-2654/
Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Services (CVE-2019-4732)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-corporate-services-cve-2019-4732/
Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Platform Symphony and IBM Spectrum Symphony
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-affect-ibm-platform-symphony-and-ibm-spectrum-symphony-3/
Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Services v2.1.1 (CVE-2019-4732)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-corporate-services-v2-1-1-cve-2019-4732/
Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability/
Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere (CVE-2019-10209, 10211, 10210, 10208)
https://www.ibm.com/blogs/psirt/security-bulletin-postgresql-vulnerabilities-in-ibm-robotic-process-automation-with-automation-anywhere-cve-2019-10209-10211-10210-10208/
Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere (CVE-2019-10164)
https://www.ibm.com/blogs/psirt/security-bulletin-postgresql-vulnerabilities-in-ibm-robotic-process-automation-with-automation-anywhere-cve-2019-10164/
Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere
https://www.ibm.com/blogs/psirt/security-bulletin-postgresql-vulnerabilities-in-ibm-robotic-process-automation-with-automation-anywhere/
XSA-318 - Bad continuation handling in GNTTABOP_copy
https://xenbits.xen.org/xsa/advisory-318.html
XSA-316 - Bad error path in GNTTABOP_map_grant
https://xenbits.xen.org/xsa/advisory-316.html
XSA-314 - Missing memory barriers in read-write unlock paths
https://xenbits.xen.org/xsa/advisory-314.html
XSA-313 - multiple xenoprof issues
https://xenbits.xen.org/xsa/advisory-313.html
Nagios Enterprises Nagios XI: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-0303
SAP Patchday April 2020
http://www.cert-bund.de/advisoryshort/CB-K20-0300