Tageszusammenfassung - 16.07.2020

End-of-Day report

Timeframe: Mittwoch 15-07-2020 18:00 - Donnerstag 16-07-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter

News

BlackRock - the Trojan that wanted to get them all

Around May 2020 ThreatFabric analysts have uncovered a new strain of banking malware dubbed BlackRock that looked pretty familiar. After investigation, it became clear that this newcomer is derived from the code of the Xerxes banking malware, which itself is a strain of the LokiBot Android banking Trojan. The source code of the Xerxes malware was made public by its author around May 2019, which means that it is accessible to any threat actor.

https://www.threatfabric.com/blogs/blackrock_the_trojan_that_wanted_to_get_them_all.html


Windows Server Containers Are Open, and Here-s How You Can Break Out

We demonstrate a complete technique to escalate privileges and escape Windows Server Containers.The post Windows Server Containers Are Open, and Here-s How You Can Break Out appeared first on Unit42.

https://unit42.paloaltonetworks.com/windows-server-containers-vulnerabilities/

Vulnerabilities

Xen Security Advisory XSA-329 - Linux ioperm bitmap context switching issues

IO port permissions dont get rescinded when context switching to an unprivileged task. Therefore, all userspace can use the IO ports granted to the most recently scheduled task with IO port permissions.

https://xenbits.xen.org/xsa/advisory-329.html


Schadcode-Lücken gefährden Router von Cisco

Der Netzwerkausrüster Cisco holt zum Rundumschlag aus und veröffentlicht quer durch die eigenen Produktreihen Sicherheitsupdates.

https://heise.de/-4845109


https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2020%2F07%2F15&firstPublishedEndDate=2020%2F07%2F16&limit=50

2 Million Users Affected by Vulnerability in All in One SEO Pack

On July 10, 2020, our Threat Intelligence team discovered a vulnerability in All In One SEO Pack, a WordPress plugin installed on over 2 million sites. This flaw allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim accessed the wp-admin panel's [...]

https://www.wordfence.com/blog/2020/07/2-million-users-affected-by-vulnerability-in-all-in-one-seo-pack/


Security updates for Thursday

Security updates have been issued by Debian (evolution-data-server and webkit2gtk), Fedora (kernel, snapd, and xen), openSUSE (thunderbird and xen), Oracle (dbus and thunderbird), Red Hat (java-1.8.0-openjdk, java-11-openjdk, jbig2dec, sane-backends, and thunderbird), Scientific Linux (kernel), SUSE (cairo, containerd, docker, docker-runc, golang-github-docker-libnetwork, google-compute-engine, mailman, mercurial, openconnect, openexr, and xrdp), and Ubuntu (libvpx and snapd).

https://lwn.net/Articles/826288/


Synology-SA-20:18 DSM

Multiple vulnerabilities allow remote attackers to conduct man-in-the-middle attacks via a susceptible version of Synology DiskStation Manager (DSM).

https://www.synology.com/en-global/support/security/Synology_SA_20_18


Trend Micro Internet Security: Mehrere Schwachstellen

http://www.cert-bund.de/advisoryshort/CB-K20-0724


Nagios Enterprises Nagios XI: Mehrere Schwachstellen

http://www.cert-bund.de/advisoryshort/CB-K20-0721


macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra

https://support.apple.com/kb/HT211289


iOS 13.6 and iPadOS 13.6

https://support.apple.com/kb/HT211288


tvOS 13.4.8

https://support.apple.com/kb/HT211290


watchOS 6.2.8

https://support.apple.com/kb/HT211291


Security Advisory - Windows DNS Server Remote Code Execution Vulnerability

http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200716-01-dns-en


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Oct 2019 CPU (CVE-2019-2949)

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-application-manager-oct-2019-cpu-cve-2019-2949/


Security Bulletin: XML External Entity Injection (XXE) Vulnerability Affects IBM Secure External Authentication Server (CVE-2020-4462)

https://www.ibm.com/blogs/psirt/security-bulletin-xml-external-entity-injection-xxe-vulnerability-affects-ibm-secure-external-authentication-server-cve-2020-4462/


Security Bulletin: Cross-site Scripting and Vulnerable library - JQuery v1.11.1 affects IBM Engineering Workflow Management

https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-and-vulnerable-library-jquery-v1-11-1-affects-ibm-engineering-workflow-management/


Security Bulletin: Missing Cookie Attribute Vulnerability Affects IBM Secure Proxy

https://www.ibm.com/blogs/psirt/security-bulletin-missing-cookie-attribute-vulnerability-affects-ibm-secure-proxy/


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Jan 2020 CPU (CVE-2020-2654)

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-application-manager-jan-2020-cpu-cve-2020-2654/


Security Bulletin: IBM Java Runtime Vulnerability Affects IBM Secure External Authentication Server (CVE-2020-2654)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerability-affects-ibm-secure-external-authentication-server-cve-2020-2654/


Security Bulletin: : HTTP Header Weakness Affects IBM Secure External Authentication Server

https://www.ibm.com/blogs/psirt/security-bulletin-http-header-weakness-affects-ibm-secure-external-authentication-server/


Security Bulletin: Cross-site scripting vulnerability affects IBM Jazz Foundation and IBM Engineering products.

https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-ibm-jazz-foundation-and-ibm-engineering-products/


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Jan 2020 CPU (CVE-2020-2654)

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-jan-2020-cpu-cve-2020-2654/


Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management

https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-2/