End-of-Day report
Timeframe: Dienstag 16-06-2020 18:00 - Mittwoch 17-06-2020 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Do cybercriminals play cyber games during quarantine?
Thanks to the coronavirus pandemic, the role of the Internet in our lives has undergone changes, including irreversible ones. We decided to take a closer look at the changes around us through the prism of information security, starting with the video game industry.
https://securelist.com/do-cybercriminals-play-cyber-games-during-quarantine/97241/
When NTP Kills Your Sandbox
If it-s common to say that -Everything is a Freaking DNS problem-, other protocols can also be the source of problems- NTP (-Network Time Protocol-) is also a good candidate! A best practice is to synchronize all your devices via NTP but also to set up the same timezone! We [...]
https://blog.rootshell.be/2020/06/17/when-ntp-kills-your-sandbox/
A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software
[...] The vulnerability represents a new attack vector that allows attackers to create fake USB devices, fully trusted by the Windows operating system (kernel), to attack a machine in unconventional and unexpected ways.
https://labs.sentinelone.com/click-from-the-backyard-cve-2020-9332/
Ripple20 erschüttert das Internet der Dinge
Eine Reihe von teils kritischen Sicherheitslücken in einer TCP/IP-Implementierung gefährdet Geräte in Haushalten, Krankenhäusern und Industrieanlagen.
https://heise.de/-4786249
Embedded security fails in ICS
Over the last 5 years, we-ve seen an increasing use of open-source software in ICS (Industrial Control Systems) devices, with a move away from traditional RTOS (Real Time Operating System) [...]
https://www.pentestpartners.com/security-blog/embedded-security-fails-in-ics/
Vorsicht bei der Wohnungssuche: Günstige Traumwohnung könnte Betrug sein!
Es ist kaum zu glauben: Zentrale Lage in der Wiener Innenstadt. Eingerichtet mit neuesten Möbeln und Geräten. 87m2 und dazu noch eine Terrasse oder einen Balkon. Das Beste daran: Die Miete beträgt nur 450 Euro monatlich, weit unter dem Durchschnitt also. Kennen Sie ähnlich verlockende Wohnungsinserate? Wenn ja, sollten Sie vorsichtig sein und sich den Anbieter oder die Anbieterin genauer ansehen, bevor Sie bei dem verlockenden Schnäppchen zusagen!
https://www.watchlist-internet.at/news/vorsicht-bei-der-wohnungssuche-guenstige-traumwohnung-koennte-betrug-sein/
Vulnerabilities
SaltStack FrameWork Vulnerabilities Affecting Cisco Products
On April 29, 2020, the Salt Open Core team notified their community regarding the following two CVE-IDs: CVE-2020-11651: Authentication Bypass Vulnerability CVE-2020-11652: Directory Traversal Vulnerability Cisco Modeling Labs Corporate Edition (CML), Cisco TelePresence IX5000 Series, and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
ICS Advisory (ICSA-20-168-01) - Treck TCP/IP Stack
CISA is aware of a public report, known as "Ripple20" that details vulnerabilities found in the Treck TCP/IP stack. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.
https://www.us-cert.gov/ics/advisories/icsa-20-168-01
Linux-Kernel: ACPI-Bug hebelt Schutzmechanismen von UEFI Secure Boot aus
Ein Bug im Linux-Mainline-Kernel könnte Angreifern das Laden unsignierter Kernel-Module trotz UEFI Secure Boot ermöglichen. PoC-Code und ein Patch liegen vor.
https://heise.de/-4786877
Security updates for Wednesday
Security updates have been issued by Arch Linux (dbus and intel-ucode), CentOS (libexif), Debian (vlc), SUSE (xen), and Ubuntu (dbus, libexif, and nss).
https://lwn.net/Articles/823283/
Security Bulletin: WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-used-in-ibm-websphere-application-server-in-ibm-cloud-is-vulnerable-to-a-server-side-request-forgery-vulnerability-cve-2020-4365/
Security Bulletin: Security Vulnerabilities in IBM® Java SDK April 2020 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-april-2020-cpu-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology-2/
Security Bulletin: Information disclosure vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4532
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-affects-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4532/
Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server and IBM WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-http-server-and-ibm-websphere-application-server-used-in-ibm-websphere-application-server-in-ibm-cloud/