End-of-Day report
Timeframe: Montag 18-05-2020 18:00 - Dienstag 19-05-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
NXNSAttack: Effizienter Angriff auf Nameserver
Eine neue Form von Denial-of-Service-Angriff nutzt die DNS-Architektur, um mit wenig Aufwand viel Serverlast und Traffic zu erzeugen.
https://www.golem.de/news/nxnsattack-effizienter-angriff-auf-nameserver-2005-148594-rss.html
Phishers are trying to bypass Office 365 MFA via rogue apps
Phishers are trying to bypass the multi-factor authentication (MFA) protection on users- Office 365 accounts by tricking them into granting permissions to a rogue application. The app allows attackers to access and modify the contents of the victim-s account, but also to retain that access indefinitely, Cofense researchers warn.
https://www.helpnetsecurity.com/2020/05/19/office-365-bypass-mfa/
Hohe Kosten statt Krediten auf kreditvolks-online.com
Die betrügerische Website kreditvolks-online.com wirbt momentan mit günstigen Krediten um Kundschaft. Die Kriminellen hinter der Website missbrauchen dabei beispielsweise das Logo der Volksbank, der Bawag P.S.K., der Commerzbank oder der Deutsche Kreditbank AG, um Vertrauen zu stiften. Bevor angebliche Kredite ausgezahlt werden, müssen zahlreiche Gebühren bezahlt werden. Eine tatsächliche Auszahlung findet schlussendlich nie statt und alle Zahlungen sind verloren!
https://www.watchlist-internet.at/news/hohe-kosten-statt-krediten-auf-kreditvolks-onlinecom/
FBI warns about attacks on Magento online stores via old plugin vulnerability
FBI says hackers have been planting card skimmers on online stores by exploiting a 2017 bug in the MAGMI plugin.
https://www.zdnet.com/article/fbi-warns-about-attacks-on-magento-online-stores-via-old-plugin-vulnerability/
Hundreds of thousands of QNAP devices vulnerable to remote takeover attacks
A firmware patch has been released last year, in November.
https://www.zdnet.com/article/hundreds-of-thousands-of-qnap-devices-vulnerable-to-remote-takeover-attacks/
Vulnerabilities
VU#534195: Bluetooth devices supporting LE and specific BR/EDR implementations are vulnerable to method confusion attacks
[...] It is possible for an unauthenticated, adjacent attacker to man-in-the-middle (MITM) attack the pairing process and force each victim device into a different Association Model, possibly granting the attacker the ability to initiate any Bluetooth operation on either attacked device.
https://kb.cert.org/vuls/id/534195
VU#647177: Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks
[...] It is possible for an unauthenticated, adjacent attacker to impersonate a previously paired/bonded device and successfully authenticate without knowing the link key. This could allow an attacker to gain full access to the paired device by performing a Bluetooth Impersonation Attack (BIAS).
https://kb.cert.org/vuls/id/647177
Sicherheitsupdate: Nitro PDF Pro könnte Daten leaken
Die Entwickler der PDF-Anwendung Nitro PDF Pro haben mehrere Sicherheitslücken geschlossen.
https://heise.de/-4724062
Security updates for Tuesday
Security updates have been issued by Debian (dpdk and exim4), Fedora (openconnect, perl-Mojolicious, and php), Red Hat (kernel and kpatch-patch), Slackware (sane), and Ubuntu (bind9, dpdk, exim4, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-oem, linux-oracle, linux-snapdragon, and linux, linux-aws, linux-lts-xenial, linux-raspi2, linux-snapdragon).
https://lwn.net/Articles/820859/
F-Secure Linux Security: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/05/warnmeldung_tw-t20-0085.html
LibreOffice: Schwachstelle ermöglicht Offenlegung von Informationen
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/05/warnmeldung_tw-t20-0084.html
Security Bulletin: IBM InfoSphere Information Server is affected by a cross-site request forgery vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-a-cross-site-request-forgery-vulnerability/
Security Bulletin: Multiple vulnerabilities in Apache Solr (lucene) affect IBM InfoSphere Information Server
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-solr-lucene-affect-ibm-infosphere-information-server/
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in WebSphere Application Server Liberty
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/
Security Bulletin: InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes
https://www.ibm.com/blogs/psirt/security-bulletin-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-kubernetes/
Security Bulletin: IBM InfoSphere Information Server is affected by a cross-site scripting vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-a-cross-site-scripting-vulnerability/
Security Bulletin: IBM Security Guardium is affected by an SQLite vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-sqlite-vulnerability-3/
Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged user to cause denial of service in kernal ( CVE-2020-4411)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-where-an-unprivileged-user-to-cause-denial-of-service-in-kernal-cve-2020-4411/
Security Bulletin: IBM Security Guardium is affected by an SQLite vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-sqlite-vulnerability-2/
Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect B2B API of IBM Sterling B2B Integrator
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-b2b-api-of-ibm-sterling-b2b-integrator-2/
Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged user to cause denial of service( CVE-2020-4412)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-where-an-unprivileged-user-to-cause-denial-of-service-cve-2020-4412/
Rowhammer hardware vulnerability CVE-2020-10255
https://support.f5.com/csp/article/K60570139
Adobe Creative Cloud: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-0476
Internet Systems Consortium BIND: Mehrere Schwachstellen ermöglichen Denial of Service
http://www.cert-bund.de/advisoryshort/CB-K20-0474
Dovecot: Mehrere Schwachstellen ermöglichen Denial of Service
http://www.cert-bund.de/advisoryshort/CB-K20-0479
Ruby on Rails: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-0477
MISP: Schwachstelle ermöglicht Cross-Site Scripting
http://www.cert-bund.de/advisoryshort/CB-K20-0480