End-of-Day report
Timeframe: Dienstag 05-05-2020 18:00 - Mittwoch 06-05-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Vorsicht: Betrügerische FinanzOnline E-Mails im Umlauf
-Ihre Steuerrückerstattung von 1.850 EUR wurde zurückerstattet- heißt es in einer E-Mail, angeblich vom Finanzamt. Doch Vorsicht: Dieses E-Mail stammt nicht vom Finanzamt, sondern von Kriminellen. Klicken Sie keinesfalls auf den Link, Sie landen auf einer gefälschten FinanzOnline-Seite. Kriminelle stehlen mit dieser nachgebauten FinanzOnline-Website sensible Daten!
https://www.watchlist-internet.at/news/vorsicht-betruegerische-finanzonline-e-mails-im-umlauf/
Least Privilege: The Most Effective Approach to Endpoint Security
I always try to remind people that the principle of least privilege is not just about security, but about productivity as well. I have multiple customers who have decreased the number of tickets to their service desk by a whopping 75% by getting rid of end-user admin rights.
https://www.beyondtrust.com/blog/entry/least-privilege-the-most-effective-approach-to-endpoint-security
Vulnerabilities
Security updates for Wednesday
Security updates have been issued by Arch Linux (libmicrodns and salt), Debian (graphicsmagick, salt, sqlite3, and wordpress), Fedora (java-11-openjdk), openSUSE (chromium and sqliteodbc), Red Hat (firefox, squid, and squid:4), Slackware (firefox and thunderbird), SUSE (ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, [...]
https://lwn.net/Articles/819600/
Security Bulletin: A Security Vulnerability affects IBM Cloud Private - Go (CVE-2019-16276)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-go-cve-2019-16276-2/
Security Bulletin: IBM Maximo Anywhere does not have device jailbreak detection. (CVE-2019-4266)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-anywhere-does-not-have-device-jailbreak-detection-cve-2019-4266/
Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect for Enterprise Resource Planning on Windows (CVE-2019-4732)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-ibm-spectrum-protect-for-enterprise-resource-planning-on-windows-cve-2019-4732-4/
Security Bulletin: Information disclosure vulnerability affecting IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4446
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-affecting-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4446/
Security Bulletin: Potential spoofing attack in Webshere Application Server (CVE-2020-4421)
https://www.ibm.com/blogs/psirt/security-bulletin-potential-spoofing-attack-in-webshere-application-server-cve-2020-4421/
Security Bulletin: IBM InfoSphere QualityStage is affected by a Cross-site scripting vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-qualitystage-is-affected-by-a-cross-site-scripting-vulnerability/
HPESBHF03966 rev.1 - HPE Servers with certain Intel Core and Xeon Processors System Memory Management (SMM), Local Disclosure of Privileged Information
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03966en_us
HPESBHF03934 rev.1 - HPE CloudLIne servers using AMI BMC Remote Unauthorized Disclosure of Information, Unauthorized Modification and Denial of Service
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03934en_us
HPESBHF03961 rev.1 - Certain HPE Servers with 6th Generation Intel Core Processors and greater supporting SGX and TXT, Local Disclosure of Privileged Information
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03961en_us