End-of-Day report
Timeframe: Montag 15-06-2020 18:00 - Dienstag 16-06-2020 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
New Java STRRAT ships with .crimson ransomware module
This Java based malware installs RDPWrap, steals credentials, logs keystrokes and remote controls Windows systems. It may soon be capable to infect without Java installed.
https://www.gdatasoftware.com/blog/strrat-crimson
SOHO Device Exploitation
This blog describes one such session of auditing the Netgear R7000 router, analyzing the resulting vulnerability, and the exploit development process that followed. The write-up and code for the vulnerability described in this blog post can be found in our NotQuite0DayFriday repository.
https://blog.grimm-co.com/2020/06/soho-device-exploitation.html
The Curious Case of Copy & Paste - on risks of pasting arbitrary content in browsers
This writeup is a summary of my research on issues in handling copying and pasting in: browsers, popular WYSIWYG editors, and websites.
https://research.securitum.com/the-curious-case-of-copy-paste/
19 Zero-Day Vulnerabilities Amplified by the Supply Chain
The JSOF research lab has discovered a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. The 19 vulnerabilities, given the name Ripple20, affect hundreds of millions of devices (or more), and include multiple remote code execution vulnerabilities. The risks inherent in this situation are high. Just a few examples: data could be stolen off of a printer, an infusion pump behavior changed, or industrial control devices could be made to [...]
https://www.jsof-tech.com/ripple20/
Fake-Trachtenshops werben auf Facebook & Instagram
Auf Facebook und Instagram sind wir umgeben von Werbung, jedoch ist nicht jede Werbeschaltung seriös. Aktuell werben die Fake-Shops marjo-trachten.com, statuskelidmode.de und linennew.com intensiv mit Facebook-Anzeigen. Wer dort bestellt hat, wird trotz Bezahlung keine oder nur minderwertige Ware bekommen!
https://www.watchlist-internet.at/news/fake-trachtenshops-werben-auf-facebook-instagram/
Warning issued over hackable security cameras
The owners of the vulnerable indoor cameras are advised to unplug the devices immediately
https://www.welivesecurity.com/2020/06/15/warning-issued-hackable-security-cameras/
Vulnerabilities
Security Bulletins Posted
Adobe has published security bulletins for Adobe Campaign Classic (APSB20-34), Adobe After Effects (APSB20-35), Adobe Illustrator (APSB20-37), Adobe Premiere Pro (APSB20-38), Adobe Premiere Rush (APSB20-39) and Adobe Audition (APSB20-40). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.
https://blogs.adobe.com/psirt/?p=1884
Beckhoff Security Advisory 2020-002: EtherLeak in TwinCAT RT network driver
In case an network interface sends Ethernet frames with payloads smaller than the minimum frame length, memory content is disclosed within the padding.
https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2020-002.pdf
Root-Lücke bedroht IBM Spectrum Protect Server
Unter anderem gefährliche Sicherheitslücken in IBMs Datenbankmanagementsystem Db2 gefährden Spectrum Protect Server.
https://heise.de/-4785158
Security updates for Tuesday
Security updates have been issued by Fedora (galera, grafana, libjcat, libvirt, mariadb-connector-c, and perl), Gentoo (asterisk, bubblewrap, cyrus-imapd, faad2, json-c, openconnect, openjdk-bin, pcre2, PEAR-Archive_Tar, thunderbird, and tomcat), Mageia (mbedtls and scapy), openSUSE (libntlm, libupnp, prboom-plus, varnish, and xen), Oracle (libexif), Red Hat (kpatch-patch), Scientific Linux (libexif), SUSE (mariadb, nodejs6, and poppler), and Ubuntu (apport).
https://lwn.net/Articles/823199/
Synology-SA-20:13 CallStranger
A vulnerability allows remote attackers to obtain sensitive information or conduct denial-of-service attack via a susceptible version of Synology Router Manager (SRM) or Media Server.
https://www.synology.com/en-global/support/security/Synology_SA_20_13
Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-0588
Security Bulletin: Vulnerabilities addressed in IBM Cloud Pak System (CVE-2019-4521, CVE-2019-4095)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-addressed-in-ibm-cloud-pak-system-cve-2019-4521-cve-2019-4095-2/
Security Bulletin: IBM MQ is vulnerable to a denial of service attack due to an error within the Data Conversion logic. (CVE-2020-4310)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-attack-due-to-an-error-within-the-data-conversion-logic-cve-2020-4310/
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU for WebSphere MQ Internet Pass-Thru - April 2020 - Includes Oracle April 2020 CPU (CVE-2020-2781)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-for-websphere-mq-internet-pass-thru-april-2020-includes-oracle-april-2020-cpu-cve-2020-2781/
Security Bulletin: IBM MQ Appliance is affected by OpenSSL vulnerabilities (CVE-2019-1547 and CVE-2019-1563)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-openssl-vulnerabilities-cve-2019-1547-and-cve-2019-1563/
Security Bulletin: IBM MQ and MQ Appliance could allow an authenticated user cause a denial of service due to a memory leak. (CVE-2020-4267)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-mq-appliance-could-allow-an-authenticated-user-cause-a-denial-of-service-due-to-a-memory-leak-cve-2020-4267/
Security Bulletin: Security Vulnerabilities in IBM® Java SDK April 2020 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-april-2020-cpu-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology/
Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js- in IBM Cloud
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-sdk-for-node-js-in-ibm-cloud-2/
Security Bulletin: IBM MQ Appliance is affected by Network Security Services (NSS) vulnerabilities (CVE-2019-11729 and CVE-2019-11745)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-network-security-services-nss-vulnerabilities-cve-2019-11729-and-cve-2019-11745/
Security Bulletin: Cross-site scripting vulnerability in IBM Cloud Pak System (CVE-2019-4098)
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-in-ibm-cloud-pak-system-cve-2019-4098-2/
Security Bulletin: IBM MQ AMQP channels fail to block connections restricted by SSLPEER setting (CVE-2020-4320)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-amqp-channels-fail-to-block-connections-restricted-by-sslpeer-setting-cve-2020-4320/