End-of-Day report
Timeframe: Mittwoch 22-07-2020 18:00 - Donnerstag 23-07-2020 18:00
Handler: Dimitri Robl
Co-Handler: n/a
News
Popular Chinese-Made Drone Is Found To Have Security Weakness
Cybersecurity researchers revealed on Thursday a newfound vulnerability in an app that controls the worlds most popular consumer drones, threatening to intensify the growing tensions between China and the United States. From a report: In two reports, the researchers contended that an app on Googles Android operating system that powers drones made by China-based Da Jiang Innovations, or DJI, collects large amounts of personal information that could be exploited ..
https://it.slashdot.org/story/20/07/23/1437214/
Skimmers in Images & GitHub Repos
MalwareBytes recently shared some information about web skimmers that store malicious code inside real .ico files. During a routine investigation, we detected a similar issue. Instead of targeting .ico files, however, attackers chose to inject content into real .png files - both on compromised sites and in booby trapped Magento repos on GitHub. Googletagmanager.png Our security analyst Keith Petkus found this piece of malware injected on a compromised Magento 2.x site.
https://blog.sucuri.net/2020/07/skimmers-in-images-github-repos.html
Towards native security defenses for the web ecosystem
With the recent launch of Chrome 83, and the upcoming release of Mozilla Firefox 79, web developers are gaining powerful new security mechanisms to protect their applications from common web vulnerabilities. In this post we share how our Information Security Engineering team is deploying Trusted Types, Content Security Policy, Fetch Metadata Request Headers and the Cross-Origin Opener Policy across Google to help guide and inspire other developers to similarly adopt these features to protect their applications.
https://security.googleblog.com/2020/07/towards-native-security-defenses-for.html
Forensoftware vBulletin: Schlecht programmiertes Testskript als mögliche Gefahr
Wer das Skript vb_test.php zum Test von vBulletin-Installationsvoraussetzungen nutzt, sollte es danach wegen gefährlicher Lücken sofort vom Server löschen.
https://heise.de/-4851012
Vulnerabilities
ASUS Router Vulnerable to Fake Updates and XSS
Recently ASUS patched two issues I discovered in the RT-AC1900P router firmware update functionality. These vulnerabilities could allow for complete compromise of the router and all traffic that traverses it.
Finding 1: Update Accepts Forged Server Certificates (CVE-2020-15498)
Finding 2: XSS in Release Notes Dialog Window (CVE-2020-15499)
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/asus-router-vulnerable-to-fake-updates-and-xss-cve-2020-15498-and-cve-2020-15499/
Drupal: Modal Form - Critical - Access bypass - SA-CONTRIB-2020-029
Project: Modal Form
Version: 8.x-1.x-dev
Date: 2020-July-22
Security risk: Critical 16-25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Access bypass
Description: The Modal form module is a toolset for quick start of using forms in modal windows.Any form is available for view and submit when the modal_form module is installed. The only requirement is to know the forms fully-qualified class name.
Solution: Upgrade to modal_form-8.x-1.2.
https://www.drupal.org/sa-contrib-2020-029
Sicherheitsupdate: Netzwerk-Schützer von Cisco sind löchrig
Admins, die Netzwerke mit Hard- und Software von Cisco schützen, sollten aus Sicherheitsgründen die aktuellen Versionen von Adaptive Security Appliance (ASA) und Firepower Threat Defense (FTD) installieren. ... Ein entfernter und unangemeldeter Angreifer könnte mittels präparierter HTTP-Anfragen auf das Web-Services-Dateisystem von anvisierten Geräten zugreifen (Directory-Traversal-Attacke). Dieses Dateisystem ist aber nur verfügbar, wenn Any-Connect- oder WebVPN-Features aktiviert sind. Davon sind alle Geräte mit verwundbaren ASA- und FTD-Versionen betroffen. (CVE-2020-3452)
https://heise.de/-4850949
Security updates for Thursday
Security updates have been issued by Debian (poppler and tomcat8), Fedora (cacti, cacti-spine, java-1.8.0-openjdk, mbedtls, mingw-python3, singularity, and xen), openSUSE (firefox, redis, and singularity), Red Hat (samba), SUSE (java-11-openjdk, qemu, and vino), and Ubuntu (ffmpeg and pillow).
https://lwn.net/Articles/826841/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Z Development and Test Environment - April 2020
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-z-development-and-test-environment-april-2020/
Security Bulletin: Novalink is impacted by Denial of service vulnerability in WebSphere Application Server Liberty
https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-denial-of-service-vulnerability-in-websphere-application-server-liberty/
Security Bulletin: Websphere Application Server Liberty vulnerabilities used by IBM Streams
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-vulnerabilities-used-by-ibm-streams-3/
Security Bulletin: Java vulnerability CVE-2019-2949 affecting IBM Streams
https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerability-cve-2019-2949-affecting-ibm-streams/
Security Bulletin: IBM WebSphere Application Server Network Deployment security vulnerabilities in IBM Content Foundation on Cloud
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-network-deployment-security-vulnerabilities-in-ibm-content-foundation-on-cloud/
Security Bulletin: Vulnerability exists in Watson Explorer (CVE-2020-4329)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-exists-in-watson-explorer-cve-2020-4329/
Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2020-1967)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affects-watson-explorer-foundational-components-cve-2020-1967/
Security Bulletin: WebSphere security vulnerability in IBM Content Foundation on Cloud
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-security-vulnerability-in-ibm-content-foundation-on-cloud/
Security Bulletin: Java vulnerabilities affecting IBM Streams
https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerabilities-affecting-ibm-streams/
Security Bulletin: Cross Site Scripting security vulnerabilities in FileNet Content Manager
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-security-vulnerabilities-in-filenet-content-manager/