End-of-Day report
Timeframe: Dienstag 30-06-2020 18:00 - Mittwoch 01-07-2020 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC)
In this blog post we will revisit CVE-2019-19781, a Remote Code Execution vulnerability affecting Citrix NetScaler / ADC. We will explore how this issue has been widely abused by various actors and how a hacker turf war led to some actors "adversary patching" the vulnerability in order to prevent secondary compromise by competing adversaries - hiding the true number of vulnerable and compromised devices in the wild.
https://blog.fox-it.com/2020/07/01/a-second-look-at-cve-2019-19781-citrix-netscaler-adc/
Massive Sicherheitsprobleme durch offene Git-Repositorys
In Deutschland sind Git-Repositorys auf tausenden Servern ungeschützt per Webbrowser zugänglich und Angreifer haben leichtes Spiel beim Abgreifen der Daten.
https://heise.de/-4795181
Vorsicht beim E-Bike-Kauf: Fake-Shop ebike-quadrat.com bietet günstige E-Bikes an!
Sommerzeit ist Fahrradzeit. Das denken sich wohl auch BetrügerInnen. Zum Beispiel die unseriösen BetreiberInnen des Fake-Shops ebike-quadrat.com. Auch wenn der Online-Shop auf den ersten Blick vertrauenswürdig wirkt, sollten Sie hier lieber nichts bestellen. Die angegebenen Kontaktdaten existieren genauso wenig wie die Firma selbst.
https://www.watchlist-internet.at/news/vorsicht-beim-e-bike-kauf-fake-shop-ebike-quadratcom-bietet-guenstige-e-bikes-an/
EvilQuest: Neue Ransomware für macOS im Umlauf
Es ist erst die dritte Erpressersoftware, die exklusiv für Macs entwickelt wurde. Die Lösegeldforderung fällt mit 50 Dollar recht moderat aus. Dafür hinterlässt EvilQuest zusätzlich einen Keylogger und eine Reverse Shell.
https://www.zdnet.de/88381156/evilquest-neue-ransomware-fuer-macos-im-umlauf/
https://blog.malwarebytes.com/mac/2020/06/new-mac-ransomware-spreading-through-piracy/
Vulnerabilities
Microsoft verteilt wichtige Updates für Remote-Lücken in Windows 10 und Server
Außerplanmäßige, über den Microsoft Store verteilte Updates beseitigen zwei aus der Ferne ausnutzbare Sicherheitslücken in der Windows Codecs Library.
https://heise.de/-4800675
Security updates for Wednesday
Security updates have been issued by Arch Linux (bind, chromium, freerdp, imagemagick, sqlite, and tomcat8), Debian (coturn, imagemagick, jackson-databind, libmatio, mutt, nss, and wordpress), Fedora (libEMF, lynis, and php-PHPMailer), Red Hat (httpd24-nghttp2), and SUSE (ntp, openconnect, squid, and transfig).
https://lwn.net/Articles/824955/
PHOENIX CONTACT: Two Vulnerabilities in Automation Worx Suite
PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution.
https://cert.vde.com/de-de/advisories/vde-2020-023
Cellebrite EPR Decryption Hardcoded AES Key Material
https://cxsecurity.com/issue/WLB-2020070003
Reflected Cross-site scripting (XSS) in EQDKP Plus CMS
https://sec-consult.com/./en/blog/advisories/reflected-cross-site-scripting-xss-in-eqdkp-plus-cms/
F5 BIG-IP: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-0647
Security Advisory - Improper Authentication Vulnerability in Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-03-smartphone-en
Security Advisory - Race Condition Vulnerability in Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-04-smartphone-en
Security Advisory - Type Confusion Vulnerability in Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-05-smartphone-en
Security Advisory - Use After Free Vulnerability in Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-06-smartphone-en
Security Advisory - Use After Free Vulnerability in Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-07-smartphone-en
Security Advisory - CallStranger Vulnerability in UPnP Protocol
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200701-01-upnp-en
Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200415-01-smartphone-en
Security Bulletin: Rational Asset Analyzer is affected by a vulnerability in Websphere Application Server.
https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-affected-by-a-vulnerability-in-websphere-application-server-3/
Security Bulletin: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers.
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-7-0-8-0-8-5-and-9-0-is-vulnerable-to-a-denial-of-service-caused-by-improper-handling-of-request-headers/
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure. (CVE-2020-4386)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-cve-2020-4386/
Security Bulletin: IBM MQ for HPE NonStop Server is affected by vulnerability CVE-2020-4376
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4376/
Security Bulletin: Potential vulnerability (SSRF) in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2017-3164)
https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-ssrf-in-apache-solr-affect-ibm-operations-analytics-log-analysis-cve-2017-3164/
Security Bulletin: Host Header Injection vulnerability in IBM Operations Analytics - Log Analysis (pre-login scenario)
https://www.ibm.com/blogs/psirt/security-bulletin-host-header-injection-vulnerability-in-ibm-operations-analytics-log-analysis-pre-login-scenario/
Security Bulletin: A security vulnerabilities has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 .
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerabilities-has-been-identified-in-websphere-liberty-profile-shipped-with-ibm-license-metric-tool-v9/
Security Bulletin: Insecure Path Attribute in IBM Operations Analytics - Log Analysis (CSRFToken , LtpaToken2)
https://www.ibm.com/blogs/psirt/security-bulletin-insecure-path-attribute-in-ibm-operations-analytics-log-analysis-csrftoken-ltpatoken2/
Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-buffer-overflow-leading-to-a-privileged-escalation-cve-2020-4363/
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure and denial of service (CVE-2020-4414)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-and-denial-of-service-cve-2020-4414/