End-of-Day report
Timeframe: Mittwoch 22-04-2020 18:00 - Donnerstag 23-04-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
iPhones durch Zero-Day-Lücken in Apple Mail angreifbar
iOS-Nutzer sollten die Mail-App vorübergehend nicht benutzen, warnen Sicherheitsforscher. Schwachstellen erlauben unbemerktes Code-Einschleusen.
https://heise.de/-4707901
New Data Center Requirements - Can You Help Host Shadowserver?
Shadowserver urgently needs to move our current data center by August 2020. We are blogging our data center requirements for hosting and colocation providers, or other companies who might be able to help provide a new home for our public benefit services for the global Internet. Please reach out and get in touch if you can help.
https://www.shadowserver.org/news/new-data-center-requirements-can-you-help-host-shadowserver/
Maze Ransomware - What You Need to Know
What-s this Maze thing I keep hearing about? Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organizations around the world and demanded that a cryptocurrency payment be made in exchange for the safe recovery of encrypted data. There-s been plenty of ransomware before. What makes Maze so special?
https://www.tripwire.com/state-of-security/featured/maze-ransomware-what-you-need-to-know/
Researchers Turn Antivirus Software Into Destructive Tools
A vulnerability impacting nearly all antivirus products out there could have been exploited to disable anti-malware protection or render the operating system unusable, RACK911 Labs security researchers reveal.
https://www.securityweek.com/researchers-turn-antivirus-software-destructive-tools
Vulnerabilities
Security updates for Thursday
Security updates have been issued by Arch Linux (openssl), openSUSE (freeradius-server, kernel, thunderbird, and vlc), Oracle (git, java-1.7.0-openjdk, java-1.8.0-openjdk, and java-11-openjdk), SUSE (ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, [...]
https://lwn.net/Articles/818481/
Security Advisory - Three Out of Bounds Vulnerabilities in Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200422-02-smartphone-en
Security Advisory - Local Privilege Escalation Vulnerability in Huawei OSD Product
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200422-01-osd-en
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-command-center-2/
Security Bulletin: IBM Security Guardium is affected by an OpenSSL vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-openssl-vulnerability-3/
Security Bulletin: IBM Security Guardium is affected by an SQLite vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-sqlite-vulnerability/
Security Bulletin: IBM NeXtScale Fan Power Controller (FPC) is affected by vulnerabilities in OpenSSL (CVE-2019-1547 and CVE-2019-1563)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-nextscale-fan-power-controller-fpc-is-affected-by-vulnerabilities-in-openssl-cve-2019-1547-and-cve-2019-1563/
Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale packaged in IBM Elastic Storage System 3000(CVE-2019-4720)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-server-liberty-affects-ibm-spectrum-scale-packaged-in-ibm-elastic-storage-system-3000cve-2019-4720/
Security Bulletin: Vulnerability in IBM WebSphere Liberty Profile affects IBM Spectrum Symphony and IBM Platform Symphony
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-websphere-liberty-profile-affects-ibm-spectrum-symphony-and-ibm-platform-symphony/
Security Bulletin: IBM Tivoli Monitoring insufficient default file/folder permissions on windows.
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-insufficient-default-file-folder-permissions-on-windows/
Security Bulletin: A vulnerability in IBM Java SDK affects IBM Elastic Storage System (CVE-2020-2654)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-elastic-storage-system-cve-2020-2654/
Security Bulletin: IBM QRadar SIEM is vulnerable to side channel attack with Intel CPUs (CVE-2019-11135)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-side-channel-attack-with-intel-cpus-cve-2019-11135/
NGINX Controller sensitive command-line arguments vulnerability CVE-2020-5866
https://support.f5.com/csp/article/K11922628
NGINX Controller vulnerability CVE-2020-5864
https://support.f5.com/csp/article/K27205552
NGINX Controller insecure database transport vulnerability CVE-2020-5865
https://support.f5.com/csp/article/K21009022
NGINX Controller vulnerability CVE-2020-5867
https://support.f5.com/csp/article/K00958787
HPESBHF03988 rev.1 - HPE Onboard Administrator, Remote Reflected Cross Site Scripting
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03988en_us
HPESBNS03996 rev.1 - HPE NonStop Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity, Multiple Remote Vulnerabilities
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03996en_us
Squid: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode
http://www.cert-bund.de/advisoryshort/CB-K20-0360
Red Hat JBoss A-MQ: Schwachstelle ermöglicht Denial of Service
http://www.cert-bund.de/advisoryshort/CB-K20-0361