Tageszusammenfassung - 14.07.2020

End-of-Day report

Timeframe: Montag 13-07-2020 18:00 - Dienstag 14-07-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter

News

SCANdalous! (External Detection Using Network Scan Data and Automation)

Real Quick In case you-re thrown by that fantastic title, our lawyers made us change the name of this project so we wouldn-t get sued. SCANdalous-a.k.a. Scannah Montana a.k.a. Scanny McScanface a.k.a. -Scan I Kick It? (Yes You Scan)--had another name before today that, for legal reasons, we-re keeping to ourselves. A special thanks to our legal team who is always looking out for us, this blog post would be a lot less fun without them. Strap in folks.

http://www.fireeye.com/blog/threat-research/2020/07/scandalous-external-detection-using-network-scan-data-and-automation.html


Vorsicht vor betrügerischer Werbung auf Facebook

Facebook und Instagram, durchaus lukrative Werbekanäle. Dass haben auch Kriminelle erkannt. Mit der Botschaft, dass die Shops luvpatient.com, liebesfreund.de und colorootd.com die Corona-Krise angeblich nicht überstanden haben, werden Produkte zu sehr günstigen Preisen im Feed oder zwischen den Stories beworben. Doch Vorsicht: Die bestellte Ware kommt nicht oder nur in minderwertiger Qualität an!

https://www.watchlist-internet.at/news/vorsicht-vor-betruegerischer-werbung-auf-facebook/

Vulnerabilities

Security Bulletins Posted

Adobe has published security bulletins for Adobe Creative Cloud Desktop Application (APSB20-33), Adobe Media Encoder (APSB20-36), Adobe Genuine Service (APSB20-37), Adobe ColdFusion (APSB20-43) and Adobe Download Manager (APSB20-49). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.

https://blogs.adobe.com/psirt/?p=1893


SAP Patchday Juli 2020

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in mehreren SAP Produkten ausnutzen, um die Kontrolle über SAP Anwendungen zu übernehmen, um Informationen offenzulegen, um einen Cross-Site Scripting Angriff durchzuführen und um weitere, nicht spezifizierte Auswirkungen zu erreichen.

https://www.cert-bund.de/advisoryshort/CB-K20-0690


SSA-305120 (Last Update: 2020-07-14): Vulnerabilities in SICAM MMU, SICAM T and SICAM SGU

SICAM MMU, SICAM T and the discontinued SICAM SGU devices are affected by multiple security vulnerabilities which could allow an attacker to perform a variety of attacks. This may include unauthenticated firmware installation, remote code execution and leakage of confidential data like passwords. Siemens has released updates to introduce authentication to the web application. It is still recommended to implement further mitigations, as most of the vulnerabilities might not be sufficiently [...]

https://cert-portal.siemens.com/productcert/txt/ssa-305120.txt


SSA-364335 (Last Update: 2020-07-14): Clear Text Transmission Vulnerability on SIMATIC HMI Panels

A clear text transmission vulnerability in SIMATIC HMI panels could allow an attacker to access sensitive information under certain circumstances.Siemens recommends specific countermeasures to mitigate this vulnerability.

https://cert-portal.siemens.com/productcert/txt/ssa-364335.txt


SSA-573753 (Last Update: 2020-07-14): Remote Code Execution in Siemens LOGO! Web Server

The latest update for LOGO! 8 BM devices fixes a vulnerability that could allow remote code execution in the web server functionality.Siemens provides a firmware update for the latest versions of LOGO! BM.

https://cert-portal.siemens.com/productcert/txt/ssa-573753.txt


SSA-589181 (Last Update: 2020-07-14): Denial-Of-Service in SIMATIC S7-200 SMART CPU Family Devices

The latest update for SIMATIC S7-200 SMART fixes a vulnerability that could allow an attacker to cause a permanent Denial-of-Service of an affected device by sending a large number of crafted packets.Siemens has released an update for the SIMATIC S7-200 SMART CPU family and recommends that customers update to the latest version.

https://cert-portal.siemens.com/productcert/txt/ssa-589181.txt


SSA-604937 (Last Update: 2020-07-14): Multiple Web Server Vulnerabilities in Opcenter Execution Core

The latest update of Opcenter Execution Core fixes multiple vulnerabilities where the most severe could allow an attacker to perform a cross-site scripting (XSS) attack under certain conditions.Siemens has released an update for the Opcenter Execution Core and recommends that customers update to the latest version. Siemens recommends specific countermeasures as there are currently no further fixes available.

https://cert-portal.siemens.com/productcert/txt/ssa-604937.txt


SSA-631949 (Last Update: 2020-07-14): Ripple20 and Intel SPS Vulnerabilities in SPPA-T3000 Solutions

SPPA-T3000 solutions are affected by vulnerabilities that were recently dislosed by JSOF research lab (-Ripple20-) for the TCP/IP stack used in APC UPS systems, and by Intel for the Server Platform Services (SPS) used in SPPA-T3000 Application Server and Terminal Server hardware.The advisory provides information to what amount SPAA-T3000 solutions are affected.

https://cert-portal.siemens.com/productcert/txt/ssa-631949.txt


SSA-841348 (Last Update: 2020-07-14): Multiple Vulnerabilities in the UMC Stack

The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative privileges to execute code with SYSTEM level privileges.

https://cert-portal.siemens.com/productcert/txt/ssa-841348.txt


Security updates for Tuesday

Security updates have been issued by Fedora (mingw-podofo and python-rsa), openSUSE (LibVNCServer, mozilla-nss, nasm, openldap2, and permissions), Red Hat (dovecot, sane-backends, and thunderbird), Scientific Linux (dbus), and SUSE (firefox and thunderbird).

https://lwn.net/Articles/826113/


[20200706] - Core - System Information screen could expose redis or proxy credentials

https://developer.joomla.org:443/security-centre/823-20200706-core-system-information-screen-could-expose-redis-or-proxy-credentials.html


[20200705] - Core - Escape mod_random_image link

https://developer.joomla.org:443/security-centre/822-20200705-core-escape-mod-random-image-link.html


[20200704] - Core - Variable tampering via user table class

https://developer.joomla.org:443/security-centre/821-20200704-core-variable-tampering-via-user-table-class.html


[20200703] - Core - CSRF in com_privacy remove-request feature

https://developer.joomla.org:443/security-centre/820-20200703-core-csrf-in-com-privacy-remove-request-feature.html


[20200702] - Core - Missing checks can lead to a broken usergroups table record

https://developer.joomla.org:443/security-centre/819-20200702-core-missing-checks-can-lead-to-a-broken-usergroups-table-record.html


[20200701] - Core - CSRF in com_installer ajax_install endpoint

https://developer.joomla.org:443/security-centre/818-20200701-core-csrf-in-com-installer-ajax-install-endpoint.html


Security Bulletin: Apache Tika as used by IBM QRadar SIEM is vulnerable to a denial of service (CVE-2020-1951, CVE-2020-1950)

https://www.ibm.com/blogs/psirt/security-bulletin-apache-tika-as-used-by-ibm-qradar-siem-is-vulnerable-to-a-denial-of-service-cve-2020-1951-cve-2020-1950/


Security Bulletin: IBM QRadar is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2020-4510)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-is-vulnerable-to-an-xml-external-entity-injection-xxe-attack-cve-2020-4510/


Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (CVE-2020-4513)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-cross-site-scripting-cve-2020-4513/


Security Bulletin: Vulnerabilities in Java affect the IBM FlashSystem 900 (CVE-2019-2989 and CVE-2019-2964)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-affect-the-ibm-flashsystem-900-cve-2019-2989-and-cve-2019-2964/


Security Bulletin: IBM QRadar SIEM is vulnerable to denial of service (CVE-2020-4511)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-denial-of-service-cve-2020-4511/


Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/


Security Bulletin: IBM QRadar SIEM is vulnerable to command injection (CVE-2020-4512)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-command-injection-cve-2020-4512/


Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (CVE-2020-4364)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-cross-site-scripting-cve-2020-4364/