End-of-Day report
Timeframe: Montag 24-08-2020 18:00 - Dienstag 25-08-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
iOS & MacOS: Apple will Sicherheitslücke erst nach einem Jahr schließen
Eine Lücke im Safari Browser ermöglicht das ungewollte Teilen lokaler Dateien. Apple will die nun veröffentlichte Lücke erst im Frühjahr 2021 schließen.
https://www.golem.de/news/ios-macos-apple-will-sicherheitsluecke-erst-nach-einem-jahr-schliessen-2008-150462-rss.html
Patch Management Policy: A Practical Guide
Patching - this highly necessary, yet sometimes neglected practice of resolving security issues related to vulnerabilities - can be a burden for organizations of all sizes. You probably already know that a regular and well-defined patch management routine proactively ensures your systems function as they are supposed to. However, it can seem like an overwhelming [...]
https://heimdalsecurity.com/blog/patch-management-policy/
RATs and Spam: The Node.JS QRAT
The Qua or Quaverse Remote Access Trojan (QRAT) is a Java-based RAT that can be used to gain complete control over a system.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rats-and-spam-the-nodejs-qrat/
[SANS ISC] Keep An Eye on LOLBins
I published the following diary on isc.sans.edu: -Keep An Eye on LOLBins-: Don-t misread, I won-t talk about -lolcats- today but -LOLBins- or -Living Off The Land Binaries-. All operating systems provide a rich toolbox to achieve multiple day-to-day tasks like maintenance of the certificates, installation of patches and applications, [...]
https://blog.rootshell.be/2020/08/25/sans-isc-keep-an-eye-on-lolbins/
Sicherheitsforscher fürchten infiltrierte App-Store-Anwendungen
Die XCSSET-Malware kommt über Xcode-Projekte auf den Mac. Das könnte Auswirkungen auf Apples Sicherheitskonzept haben.
https://heise.de/-4877855
Gerade auf Wohnungssuche? Dann sollten Sie sich vor gefälschten Inseraten in Acht nehmen!
Sie haben endlich Ihre Traumwohnung zu einem unglaublich günstigen Preis gefunden? Es gibt jedoch einen Haken: Der Vermieter ist gerade im Ausland und möchte, dass Sie bereits vor der Besichtigung die Kaution bezahlen? Dann sind Sie auf ein betrügerisches Wohnungsinserat gestoßen! Diese Wohnung existiert in Wahrheit nicht, Kriminelle versuchen mit einem verlockenden Angebot an Ihr Geld und Ihre Ausweiskopien zu kommen!
https://www.watchlist-internet.at/news/gerade-auf-wohnungssuche-dann-sollten-sie-sich-vor-gefaelschten-inseraten-in-acht-nehmen/
Browser-based cryptojacking sees sudden spike in activity in Q2 2020
However, theres nothing to worry about. Browser-based cryptojacking is not making a comeback.
https://www.zdnet.com/article/browser-based-cryptojacking-sees-sudden-spike-in-activity-in-q2-2020/
Vulnerabilities
WordPress: Wichtige Sicherheitsupdates für mehrere Plugins verfügbar
Updates für "Advanced Access Manager", "Discount Rules for WooCommerce" und "Quiz and Survey Master" schließen Lücken mit hoher bis kritischer Einstufung.
https://heise.de/-4878220
[20200802] - Core - Open redirect in com_content vote feature
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 3.0.0-3.9.20 Exploit type: Open Redirect Reported Date: 2020-July-05 Fixed Date: 2020-August-25 CVE Number: CVE-2020-24598 Description Lack of input validation in com_content leads to an open redirect. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.20 Solution Upgrade to version 3.9.21 Contact The JSST at the Joomla! Security Centre. Reported By: Ahmad Kamaran Jamil
https://developer.joomla.org:443/security-centre/825-20200802-core-open-redirect-in-com-content-vote-feature.html
[20200803] - Core - Directory traversal in com_media
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 2.5.0-3.9.20 Exploit type: Directory Traversal Reported Date: 2020-February-02 Fixed Date: 2020-August-25 CVE Number: CVE-2020-24597 Description Lack of input validation allows com_media root paths outside of the webroot. Affected Installs Joomla! CMS versions 2.5.0 - 3.9.20 Solution Upgrade to version 3.9.21 Contact The JSST at the Joomla! Security Centre. Reported By: Hoang Kien from VSEC
https://developer.joomla.org:443/security-centre/827-20200803-core-directory-traversal-in-com-media.html
[20200801] - Core - XSS in mod_latestactions
Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.9.0-3.9.20 Exploit type: XSS Reported Date: 2020-August-21 Fixed Date: 2020-August-25 CVE Number: CVE-2020-24599 Description Lack of escaping in mod_latestactions allows XSS attacks. Affected Installs Joomla! CMS versions 3.9.0 - 3.9.20 Solution Upgrade to version 3.9.21 Contact The JSST at the Joomla! Security Centre. Reported By: Peter Martin
https://developer.joomla.org:443/security-centre/824-20200801-core-xss-in-mod-latestactions.html
Security updates for Tuesday
Security updates have been issued by Debian (icingaweb2 and mongodb), Fedora (nss), Gentoo (chromium and shadow), Mageia (ghostscript, kdepim-runtime, kmail-account-wizard, luajit, mysql-connector-python, and python-ipaddress), openSUSE (python, python3, and webkit2gtk3), Red Hat (kernel and kernel-alt), Slackware (firefox), SUSE (squid3), and Ubuntu (bind9, ghostscript, net-snmp, postgresql-10, postgresql-12, postgresql-9.5, and sane-backends).
https://lwn.net/Articles/829548/
Microsoft Patches Code Execution, Privilege Escalation Flaws in Azure Sphere
Recently addressed Microsoft Azure Sphere vulnerabilities could lead to the execution of arbitrary code or to elevation of privileges, Cisco Talos- researchers warn. read more
https://www.securityweek.com/microsoft-patches-code-execution-privilege-escalation-flaws-azure-sphere
Security Bulletin: IBM Security Guardium is affected by a Missing Security Control vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-missing-security-control-vulnerability/
Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-5/
Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-2/
Security Bulletin: IBM Elastic Storage System 3000 is affected by weak crypto algorithm (CVE-2020-4349)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-system-3000-is-affected-by-weak-crypto-algorithm-cve-2020-4349/
Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java- Technology Edition for Content Collecor for SAP Applications
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-ibm-sdk-java-technology-edition-for-content-collecor-for-sap-applications/
Security Bulletin: IBM Elastic Storage Server GUI is affected by cross-site scripting (CVE-2020-4358)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-server-gui-is-affected-by-cross-site-scripting-cve-2020-4358-2/
Security Bulletin: IBM Elastic Storage System 3000 is affected by cross-site scripting (CVE-2020-4358)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-system-3000-is-affected-by-cross-site-scripting-cve-2020-4358/
Security Bulletin: WebSphere Application Server is vulnerable for information disclosure that affect IBM CICS TX on Cloud
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-for-information-disclosure-that-affect-ibm-cics-tx-on-cloud/
Security Bulletin: IBM Elastic Storage System 3000 GUI is affected by verbose error message (CVE-2020-4357)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-system-3000-gui-is-affected-by-verbose-error-message-cve-2020-4357/
Security Bulletin: IBM Elastic Storage System 3000 GUI is affected by weak crypto algorithm (CVE-2020-4379)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-system-3000-gui-is-affected-by-weak-crypto-algorithm-cve-2020-4379/