End-of-Day report
Timeframe: Montag 27-07-2020 18:00 - Dienstag 28-07-2020 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
News
QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS Devices
Called QSnatch (or Derek), the data-stealing malware is said to have compromised 62,000 devices since reports emerged last October, with a high degree of infection in Western Europe and North America. ... "All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes," the US Cybersecurity and Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre (NCSC) said in the alert.
https://thehackernews.com/2020/07/qnap-nas-malware-attack.html
Team Pangu demonstrated an unpatchable SEP vulnerability in iOS
Xu Hao a member of Team Pangu says they have found an -unpatchable- vulnerability on the Secure Enclave Processor (SEP) chip in iPhones. Hao presented his talk - Attack Secure Boot of SEP - on 24th July at MOSEC 2020 in Shanghai, China.
https://androidrookies.com/team-pangu-demonstrates-unpatchable-secure-enclave-processor-sep-chip-vulnerability-in-ios/
IT-Sicherheit: Public Cloud kann zum Einfallstor in Unternehmen werden
Schlecht gepflegte Workloads und Authentifizierungsschwächen in Cloud-Umgebungen untergraben die Sicherheit - von beidem gibt es reichlich, meint eine Studie.
https://heise.de/-4856561
Vorsicht: 500 Euro Amazon-Geschenkkarte führt in Abo-Falle
Freuen Sie sich nicht zu früh, wenn Sie eine 500 Euro Amazon-Geschenkkarte in Ihrem E-Mail-Posteingang finden. Sie werden in eine Abo-Falle gelockt, denn dieses E-Mail stammt nicht von Amazon! Klicken Sie nicht auf den Link und verschieben Sie das E-Mail in den Spam-Ordner. Haben Sie auf den Link geklickt und Kreditkartendaten angeführt, wird Ihnen Monat für Monat ein Betrag zwischen 50 und 90 Euro abgebucht! Lesen Sie hier, wie Sie dieses betrügerische Abo kündigen!
https://www.watchlist-internet.at/news/vorsicht-500-euro-amazon-geschenkkarte-fuehrt-in-abo-falle/
Vulnerabilities
Reverse String WooCommerce WordPress Credit Card Swiper
As 2020 continues to be the worst year in almost anybody-s lifetime, allow me to take this opportunity to stoke the fires of your existential dread even further. As a sequel to my last blog post earlier this year about the credit card swiper that I found on a WordPress ecommerce website using WooCommerce, today I found another very noteworthy infection of the same variety.
https://blog.sucuri.net/2020/07/reverse-string-woocommerce-wordpress-credit-card-swiper.html
TYPO3-CORE-SA-2020-008: Sensitive Information Disclosure
It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains ..
https://typo3.org/security/advisory/typo3-core-sa-2020-008
TYPO3-CORE-SA-2020-007: Potential Privilege Escalation
In case an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch typo3conf/LocalConfiguration.php which again contains the encryptionKey as well as credentials of the database management system being used.
https://typo3.org/security/advisory/typo3-core-sa-2020-007
TYPO3-PSA-2020-001: Critical vulnerability in legacy versions of TYPO3 CMS
It has been discovered that TYPO3 CMS is susceptible to sensitive information disclosure in previous TYPO3 versions which are not maintained by the community anymore.
https://typo3.org/security/advisory/typo3-psa-2020-001
TYPO3-EXT-SA-2020-014: Sensitive Information Disclosure in extension "Media Content Element" (mediace)
It has been discovered that the extension "Media Content Element" (mediace) is susceptible to Sensitive Information Disclosure.
https://typo3.org/security/advisory/typo3-ext-sa-2020-014
Security updates for Tuesday
Security updates have been issued by openSUSE (cacti, cacti-spine, go1.13, SUSE Manager Client Tools, and tomcat), Red Hat (postgresql-jdbc and python-pillow), Slackware (mozilla), SUSE (python-Django and python-Pillow), and Ubuntu (clamav, librsvg, libslirp, linux-gke-5.0, linux-oem-osp1, linux-hwe, linux-azure-5.3, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-oracle-5.3, and sqlite3).
https://lwn.net/Articles/827232/
Security Vulnerabilities fixed in Thunderbird 78.1
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/
Security Vulnerabilities fixed in Firefox 79
Severity: high
- CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker
- CVE-2020-6514: WebRTC data channel leaks internal address to peer
- CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy
- CVE-2020-15659: Memory safety bugs fixed in Firefox 79
https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/
JSA11041 - 2020-07 Security Bulletin: Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of large packets requiring fragmentation (CVE-2020-1655)
http://kb.juniper.net/InfoCenter/index/content&id=JSA11041&actp=RSS
JSA11036 - 2020-07 Security Bulletin:Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of small fragments requiring reassembly (CVE-2020-1649)
http://kb.juniper.net/InfoCenter/index/content&id=JSA11036&actp=RSS
Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service vulnerability (CVE-2020-4466)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-a-denial-of-service-vulnerability-cve-2020-4466/
Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2020-2654)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2020-2654/
Security Bulletin: Pentest results for IBM Netcool Operations Insight found a security vulnerability.
https://www.ibm.com/blogs/psirt/security-bulletin-pentest-results-for-ibm-netcool-operations-insight-found-a-security-vulnerability/
Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-cross-site-scripting-vulnerability-3/
Security Bulletin: XML parsing vulnerability in Apache Santuario might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2019-12400
https://www.ibm.com/blogs/psirt/security-bulletin-xml-parsing-vulnerability-in-apache-santuario-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2019-12400/
Security Bulletin: Security Bulletin: A Vulnerability in IBM® Java- SDK and IBM® Java- Runtime that affect IBM® Intelligent Operations Center products (CVE-2019-2949)
https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-a-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-that-affect-ibm-intelligent-operations-center-products-cve-2019-2949/
Security Bulletin: SB0003782
https://www.ibm.com/blogs/psirt/security-bulletin-sb0003782/
Security Bulletin: Novalink is impacted by Swagger vulnerability affects WebSphere Application Server Liberty
https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-swagger-vulnerability-affects-websphere-application-server-liberty/
Security Bulletin: IBM Ingelligent Operations Center is Vulnerable to Stored Cross-Site Scripting (CVE-2020-4318)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-ingelligent-operations-center-is-vulnerable-to-stored-cross-site-scripting-cve-2020-4318/
Security Bulletin: IBM MQ Appliance is affected by multiple libxml2 vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-libxml2-vulnerabilities/