End-of-Day report
Timeframe: Donnerstag 23-07-2020 18:00 - Freitag 24-07-2020 18:00
Handler: Dimitri Robl
Co-Handler: n/a
News
5 severe D-Link router vulnerabilities disclosed, patch now
5 severe D-Link vulnerabilities have been disclosed that could allow an attacker to take complete control over a router without needing to login.
https://www.bleepingcomputer.com/news/security/5-severe-d-link-router-vulnerabilities-disclosed-patch-now/
Sicherheitslücke: Wenn das Youtube-Tutorial die Cloud-Zugangsdaten leakt
Sicherheitsforscher haben Hunderte Youtube-Tutorials ausgewertet und immer wieder Zugangsdaten entdeckt - mit diesen konnten sie sich auf AWS einloggen.
https://www.golem.de/news/sicherheitsluecke-wenn-das-youtube-tutorial-die-cloud-zugangsdaten-leakt-2007-149702-rss.html
MMS Exploit Part 2: Effective Fuzzing of the Qmage Codec
This post is the second of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices.
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-2-effective-fuzzing-qmage.html
Compromized Desktop Applications by Web Technologies, (Fri, Jul 24th)
For a long time now, it has been said that "the new operating system is the browser". Today, we do everything in our browsers, we connect to the office, we process emails, documents, we chat, we perform our system maintenances, ... But many popular web applications provide also desktop client: Twitter, Facebook, Slack are good examples. Such applications just replace the classic browser and use the API [...]
https://isc.sans.edu/diary/rss/26384
Garmin Connect: Ausfall offenbar nach Ransomware-Attacke
Eine Ransomware-Attacke hat Server von Garmin lahmgelegt. Fitnesstracker und Sportuhren lassen sich nicht synchronisieren. Der Ausfall dauert wohl mehrere Tage.
https://heise.de/-4851576
New variant of Phobos ransomware is coming
In recent years, the spread of ransomware has become increasingly severe, thousands of servers and databases around the world have been invaded and destroyed.
https://blog.360totalsecurity.com/en/new-variant-of-phobos-ransomware-is-coming/
-Letzte Mahnung-: Ignorieren Sie diese betrügerische BAWAG-Mail!
BetrügerInnen senden derzeit vermehrt E-Mails im Namen der Bank -BAWAG P.S.K.-. Darin werden Sie aufgefordert einen neuen Dienst zu aktivieren, indem Sie Ihre Bankdaten auf einer gefälschten BAWAG-Seite eingeben sollen. Achtung, diese Daten landen direkt in den Händen der Kriminelle!
https://www.watchlist-internet.at/news/letzte-mahnung-ignorieren-sie-diese-betruegerische-bawag-mail/
Vulnerabilities
Easy Breadcrumb - Moderately critical - Cross site scripting - SA-CONTRIB-2020-027
Project: Easy BreadcrumbVersion: 8.x-1.128.x-1.10Date: 2020-July-22Security risk: Moderately critical 13-25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross site scriptingDescription: This module enables you to use the current URL (path alias) and the current pages title to automatically extract the breadcrumbs segments and its respective links then show them as breadcrumbs on your website.The module doesnt sufficiently sanitize editor input in certain
https://www.drupal.org/sa-contrib-2020-027
Security updates for Friday
Security updates have been issued by Debian (qemu), Fedora (java-11-openjdk, mod_authnz_pam, podofo, and python27), openSUSE (cni-plugins, tomcat, and xmlgraphics-batik), Oracle (dbus and thunderbird), SUSE (freerdp, kernel, libraw, perl-YAML-LibYAML, and samba), and Ubuntu (libvncserver and openjdk-lts).
https://lwn.net/Articles/826965/
Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients.
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-platform-software-clients/
Security Bulletin: IBM Verify Gateway does not sufficiently guard against unauthorized API calls (PSIRT-ADV0022379)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-does-not-sufficiently-guard-against-unauthorized-api-calls-psirt-adv0022379/
Security Bulletin: IBM QRadar Advisor with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input (CVE-2020-4408)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-advisor-with-watson-app-for-ibm-qradar-siem-does-not-adequately-mask-all-passwords-during-input-cve-2020-4408/
Security Bulletin: IBM Verify Gateway PAM components do not set restricted access permission for debug logs (CVE-2020-4405)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-pam-components-do-not-set-restricted-access-permission-for-debug-logs-cve-2020-4405/
Privilege Escalation Vulnerability in SteelCentral Aternity Agent
https://sec-consult.com/./en/blog/advisories/privilege-escalation-vulnerability-in-steelcentral-aternity-agent-cve-2020-15592-cve-2020-15593/