End-of-Day report
Timeframe: Montag 22-06-2020 18:00 - Dienstag 23-06-2020 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
News
Comparing Office Documents with WinMerge, (Mon, Jun 22nd)
Sometimes I have to compare the internals of Office documents (OOXML files, e.g. ZIP container with XML files, ...). Since they are ZIP containers, I have to compare the files within. I used to do this with with zipdump.py tool, but recently, I started to use WinMerge because of its graphical user interface.
https://isc.sans.edu/diary/rss/26268
HTTP Request Smuggling: Abusing Reverse Proxies
SANS Penetration Testing blog about exploiting differences between web servers and their reverse proxies
https://www.sans.org/blog/http-request-smuggling-abusing-reverse-proxies?msc=rss
XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers
We have recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers; these are XORDDoS malware and Kaiji DDoS malware. While the XORDDoS attack infiltrated the Docker server to infect all the containers hosted on it, the Kaiji attack deploys its own container that will contain its DDoS malware.
https://blog.trendmicro.com/trendlabs-security-intelligence/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers/
Vorschussbetrug: Ein Opfer berichtet-
Vorschussbetrug funktioniert immer ähnlich: Ihnen wird per E-Mail mitgeteilt, dass Sie auserwählt wurden, einen sehr hohen Geldbetrag zu erhalten. Jedoch müssen Sie vorab eine Geldsumme überweisen - angeblich für Zertifikate, Spesen, die Abwicklung der Überweisung oder Ähnliches. Erst dann kann der Betrag an Sie übermittelt werden. Achtung: Den angeblichen Geldbetrag erhalten Sie nie und das vorab überwiesene Geld ist weg!
https://www.watchlist-internet.at/news/vorschussbetrug-ein-opfer-berichtet/
Vulnerabilities
Sicherheitsupdate Bitdefender: Websites könnten Schadcode auf PCs schleusen
In einer aktualisierten Version von Bitdefender Internet Security haben die Entwickler eine Sicherheitslücke geschlossen. Das Angriffsrisiko gilt als hoch.
https://heise.de/-4792200
Security updates for Tuesday
Security updates have been issued by CentOS (thunderbird), Debian (wordpress), Fedora (ca-certificates, kernel, libexif, and tomcat), openSUSE (chromium, containerd, docker, docker-runc, golang-github-docker-libnetwork, fwupd, osc, perl, php7, and xmlgraphics-batik), Oracle (unbound), Red Hat (containernetworking-plugins, dpdk, grafana, kernel, kernel-rt, kpatch-patch, libexif, microcode_ctl, ntp, pcs, and skopeo), Scientific Linux (unbound), SUSE (kernel, mariadb, mercurial, and xawtv), and Ubuntu (mutt, nfs-utils).
https://lwn.net/Articles/824264/
Atlassian Jira Software: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes
Ein lokaler Angreifer kann eine Schwachstelle in Atlassian Jira Software ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen.
http://www.cert-bund.de/advisoryshort/CB-K20-0617
Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-cross-site-scripting-vulnerability-2/
Security Bulletin: IBM API Connect V2018 (ova) is vulnerable to denial of service (CVE-2020-8551, CVE-2020-8552)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v2018-ova-is-vulnerable-to-denial-of-service-cve-2020-8551-cve-2020-8552/
Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2020-4323)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-security-secret-server-cve-2020-4323/
Security Bulletin: PowerVC is impacted by an Openstack Nova vulnerability which could leak consoleauth tokens into log files (CVE-2015-9543)
https://www.ibm.com/blogs/psirt/security-bulletin-powervc-is-impacted-by-an-openstack-nova-vulnerability-which-could-leak-consoleauth-tokens-into-log-files-cve-2015-9543/
Security Bulletin: IBM Security Guardium is affected by an OS Command Injection vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-os-command-injection-vulnerabilities-3/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-4/
Security Bulletin: IBM Security Guardium is affected by a Hard-coded passwords vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-hard-coded-passwords-vulnerability-2/
Security Bulletin: IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-improper-restriction-of-excessive-authentication-attempts-vulnerability-2/
Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2020-4327)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-security-secret-server-cve-2020-4327/
Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2020-4413)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-security-secret-server-cve-2020-4413/
KLCERT-20-014: Session token exposed in Honeywell ControlEdge PLC and RTU
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/06/23/klcert-20-014-session-token-exposed-in-honeywell-controledge-plc-and-rtu/
KLCERT-20-013: Unencypted password transmission in Honeywell ControlEdge PLC and RTU
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/06/23/klcert-20-013-unencypted-password-transmission-in-honeywell-controledge-plc-and-rtu/