End-of-Day report
Timeframe: Mittwoch 03-06-2020 18:00 - Donnerstag 04-06-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Sophisticated Info-Stealer Targets Air-Gapped Devices via USB
The newly discovered USBCulprit malware is part of the arsenal of an APT known as Cycldek, which targets government entities.
https://threatpost.com/info-stealer-air-gapped-devices-usb/156262/
AddTrust: Auswirkungen auf E-Mail-Dienste durch abgelaufenes Zertifkat
Obwohl das abgelaufene AddTrust-Zwischenzertifikat in erster Linie alte Clients betrifft, kann es durchaus Auswirkungen auf den regulären E-Mail-Betrieb haben.
https://heise.de/-4774588
Bekannte stecken coronabedingt im Ausland und brauchen Geld?
Kriminelle nützen gehackte E-Mail-Accounts, übernommene Facebook-Konten und Ähnliches, um ihren Opfern Geld aus der Tasche zu ziehen. So kann es passieren, dass Sie scheinbar von einer guten Freundin oder einem guten Freund eine Nachricht bekommen. Diese säßen im Ausland fest und könnten wegen Covid-19 nicht zurück nach Hause kommen. Um ihnen zu helfen, sollen Sie ihnen Geld per Bargeldtransferdienst schicken. Vorsicht: es handelt sich um einen Betrugsversuch!
https://www.watchlist-internet.at/news/bekannte-stecken-coronabedingt-im-ausland-und-brauchen-geld/
Vulnerabilities
Updates für IOS, NX-OS und Co. - Cisco flickt seine Netzwerkbetriebssysteme
Ein ganzes Bündel frisch veröffentlichter Updates behebt zahlreiche Sicherheitsprobleme, von denen viele als "High" bis "Critical" eingestuft wurden.
https://heise.de/-4774667
Security updates for Thursday
Security updates have been issued by Debian (firefox-esr), Fedora (firefox and prboom-plus), Oracle (bind), Red Hat (firefox), and SUSE (osc).
https://lwn.net/Articles/822220/
MISP 2.4.126 released (Spring release edition)
[...] This version includes a security fix and various quality of life improvements.Security fix - fixed XSSFixed a persistent XSS (CVE-2020-13153) that could be triggered by correlating an attribute via the freetext import tool with an attribute that contains a javascript payload in the comment field.
https://www.misp-project.org/2020/06/04/MISP.2.4.126.released.html
HPESBHF04005 rev.1 - HPE Edgeline EL300 Converged Edge System Running HPE Integrated System Manager (iSM), Remote Denial of Service
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04005en_us
GnuTLS: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
http://www.cert-bund.de/advisoryshort/CB-K20-0532
Services - Moderately critical - Access bypass - SA-CONTRIB-2020-022
https://www.drupal.org/sa-contrib-2020-022
Security Bulletin: IBM QRadar is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2020-4509)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-is-vulnerable-to-an-xml-external-entity-injection-xxe-attack-cve-2020-4509/
Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services v2.1.1 (CVE-2020-2654)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-corporate-payment-services-v2-1-1-cve-2020-2654/
Security Bulletin: IBM Security Guardium is affected by an OS Command Injection vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-os-command-injection-vulnerabilities-2/
Security Bulletin: IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-improper-restriction-of-excessive-authentication-attempts-vulnerability/
Security Bulletin: A vulnerability in Python affects IBM Cloud App Management (CVE-2020-8492)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-python-affects-ibm-cloud-app-management-cve-2020-8492/
Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-10/
Security Bulletin: A vulnerability in Apache CXF affects IBM Cloud App Management (CVE-2019-12406)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-cxf-affects-ibm-cloud-app-management-cve-2019-12406/
Security Bulletin: IBM Security Guardium is affected by a Use of a Broken or Risky Cryptographic Algorithm vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-use-of-a-broken-or-risky-cryptographic-algorithm-vulnerability/
Security Bulletin: Three vulnerabilities in Nimbus JOSE+JWT affect IBM Spectrum Conductor
https://www.ibm.com/blogs/psirt/security-bulletin-three-vulnerabilities-in-nimbus-josejwt-affect-ibm-spectrum-conductor/
Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php
Cayin Content Management Server 11.0 Root Remote Command Injection
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php
Cayin Signage Media Player 3.0 Root Remote Command Injection
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5569.php