End-of-Day report
Timeframe: Montag 20-07-2020 18:00 - Dienstag 21-07-2020 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Microsoft will disable insecure TLS in Office 365 on Oct 15
Microsoft has set the official retirement date for the insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols in Office 365 starting with October 15, 2020, after temporarily halting deprecation enforcement for commercial customers due to COVID-19.
https://www.bleepingcomputer.com/news/microsoft/microsoft-will-disable-insecure-tls-in-office-365-on-oct-15/
Sextortion Update: The Final Final Chapter, (Mon, Jul 20th)
Even though the Sextortion emails which began in the July of 2018 are old news, and old hat, I am still tracking the BTC Addresses that were holding the money from the successful transactions.
https://isc.sans.edu/diary/rss/26334
Couple of interesting Covid-19 related stats, (Tue, Jul 21st)
It is nothing new that Covid-19 forced many organizations around the world to quickly adopt the "work from home" model, which in turn resulted in an increased number of machines offering remote access services and protocols accessible from the internet.
https://isc.sans.edu/diary/rss/26374
Understanding the Benefits of the Capability Maturity Model Integration (CMMI)
-Cybersecurity is the leading corporate governance challenge today, yet 87% of C-suite professionals and board members lack confidence in their company-s cybersecurity capabilities. Many CISOs and CSOs focus on implementing standards and frameworks, but what good is compliance if it does not improve your overall cybersecurity resilience?
https://www.tripwire.com/state-of-security/featured/understanding-benefits-capability-maturity-model-integration-cmmi/
Kleinanzeigenbetrug: Das können Opfer tun
Sie haben auf einer Kleinanzeigenplattform, wie ebay, willhaben und Co ein Produkt an einen Kriminellen verkauft? Sie haben den Betrug zu spät erkannt - das Paket wurde bereits aufgegeben? Mit ein wenig Glück, viele Recherche, Kommunikation und Hartnäckigkeit können Sie das Paket möglicherweise stoppen und wieder zurückbekommen!
https://www.watchlist-internet.at/news/kleinanzeigenbetrug-das-koennen-opfer-tun/
Vulnerabilities
Citrix Workspace app for Windows Security Update
A vulnerability has been identified in the automatic update service of Citrix Workspace app for Windows that could result in: A local user escalating their privilege level to that of an administrator on the computer running Citrix Workspace app for Windows. A remote compromise of the computer running Citrix Workspace app when Windows file sharing (SMB) is enabled.
https://support.citrix.com/article/CTX277662
Notfallpatches: Adobe stopft kritische Lücken in Bridge, Prelude und Photoshop
Der Softwarehersteller Adobe hat Sicherheitsupdates außer der Reihe für Android- und Windows-Anwendungen veröffentlicht.
https://heise.de/-4849092
Security updates for Tuesday
Security updates have been issued by Debian (ksh), openSUSE (ant, chromium, ldb, samba, and LibVNCServer), Red Hat (dbus, kernel, kernel-rt, and NetworkManager), and SUSE (cni-plugins, firefox, openexr, Salt, salt, SUSE Manager Client Tools, and tomcat).
https://lwn.net/Articles/826603/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Oct 2019 CPU ( CVE-2019-2949)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-oct-2019-cpu-cve-2019-2949/
Security Bulletin: WML CE: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-sqlite-through-3-32-0-has-an-integer-overflow-in-sqlite3_str_vappendf-in-printf-c/
Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (July 2020v1)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-object-storage-systems-july-2020v1/
Security Bulletin: SB003732
https://www.ibm.com/blogs/psirt/security-bulletin-sb003732/
Security Bulletin: WML CE: TensorFlow: In SQLite before 3.32.3, select.c mishandles query-flattener optimization
https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-tensorflow-in-sqlite-before-3-32-3-select-c-mishandles-query-flattener-optimization/
Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect B2B API of IBM Sterling B2B Integrator
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-b2b-api-of-ibm-sterling-b2b-integrator-3/
Red Hat Enterprise Linux: Schwachstelle ermöglicht XXE
http://www.cert-bund.de/advisoryshort/CB-K20-0740
Red Hat Enterprise Linux: Schwachstelle ermöglicht Offenlegung von Informationen
http://www.cert-bund.de/advisoryshort/CB-K20-0741