End-of-Day report
Timeframe: Donnerstag 18-06-2020 18:00 - Freitag 19-06-2020 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Hackers use fake Windows error logs to hide malicious payload
Hackers have been using fake error logs to store ASCII characters disguised as hexadecimal values that decode to a malicious payload designed to prepare the ground for script-based attacks.
https://www.bleepingcomputer.com/news/security/hackers-use-fake-windows-error-logs-to-hide-malicious-payload/
IBM Maximo Asset Management servers patched against attacks
Details are hazy but the overall story is clear: if you use IBM-s Maximo Asset Management, make sure you-re patched.
https://nakedsecurity.sophos.com/2020/06/19/ibm-maximo-asset-management-servers-patched-against-attacks/
Sicherheitsupdate für CMS: Drupal anfällig für Remote Code Execution
Die Drupal-Entwickler haben zwei Sicherheitslücken in mehreren Versionen des Content Management Systems geschlossen.
https://heise.de/-4789539
Security: Four zero-days spotted in attacks on honeypot systems
Previously unknown attacks used against fake systems show big problems remain with industrial systems security.
https://www.zdnet.com/article/security-four-zero-day-attacks-spotted-in-attacks-against-honeypot-systems/
Vulnerabilities
BlackBerry Powered by Android Security Bulletin - June 2020
BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build.
https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000064303
Kritische 0day-Lücke in 79 Netgear-Router-Modellen
Über einen Fehler im eingebauten Webserver lassen sich die Geräte kapern - unter Umständen schon beim Besuch einer Webseite mit dem Exploit.
https://heise.de/-4789814
VMSA-2020-0014
VMware Tools for macOS update addresses a denial-of-service vulnerability (CVE-2020-3972)
https://www.vmware.com/security/advisories/VMSA-2020-0014.html
Security updates for Friday
Security updates have been issued by Debian (drupal7), Fedora (dbus, kernel, microcode_ctl, mingw-glib-networking, moby-engine, and roundcubemail), Mageia (libjpeg), openSUSE (chromium and rmt-server), Oracle (kernel and microcode_ctl), Red Hat (rh-nodejs8-nodejs and thunderbird), Slackware (bind), and SUSE (adns, containerd, docker, docker-runc, golang-github-docker-libnetwork, dbus-1, fwupd, gegl, gnuplot, guile, java-1_7_1-ibm, java-1_8_0-ibm, kernel, mozilla-nspr, mozilla-nss, perl, and [...]
https://lwn.net/Articles/823736/
Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Contract Management
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-server-security-vulnerabilities-affect-ibm-emptoris-contract-management/
Security Bulletin: Multiple vulnerabilities affects IBM Engineering Requirements Management DOORS Next
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-engineering-requirements-management-doors-next/
Security Bulletin: Vulnerability identified in Apache ActiveMQ used in Cloud Pak System (CVE-2020-1941)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-identified-in-apache-activemq-used-in-cloud-pak-system-cve-2020-1941/
Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-server-security-vulnerabilities-affect-ibm-emptoris-sourcing/