End-of-Day report
Timeframe: Donnerstag 27-08-2020 18:00 - Freitag 28-08-2020 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Zahlen ohne PIN - Forscher knacken Visas NFC-Bezahlfunktion
Kontaktlos und ohne PIN bezahlten Forscher mit einer Visa-Karte quasi beliebig teure Produkte.
https://heise.de/-4881555
Achtung vor betrügerischen Werbeanzeigen auf Facebook, Instagram und Google!
Überall lauert Werbung, die uns dazu bringen will, ein bestimmtes Produkt zu kaufen oder eine Dienstleistung in Anspruch zu nehmen. Doch nicht jede Werbung ist seriös. Unter den vielen legitimen Werbetreibenden finden sich auch immer wieder Kriminelle. Das gilt für Soziale Medien genauso wie für Anzeigen, die bei einer Google-Suche ganz oben auftauchen. Wir zeigen Ihnen auf was Sie achten müssen, um unseriöse Werbeanzeigen zu entlarven!
https://www.watchlist-internet.at/news/achtung-vor-betruegerischen-werbeanzeigen-auf-facebook-instagram-und-google/
Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning
Microsoft Defender ATP leverages AMSI-s visibility into scripts and harnesses the power of machine learning to detect and stop post-exploitation activities that largely rely on scripts.
https://www.microsoft.com/security/blog/2020/08/27/stopping-active-directory-attacks-and-other-post-exploitation-behavior-with-amsi-and-machine-learning/
Exploring the Ubiquiti UniFi Cloud Key Gen2 Plus
Scoping attack surface, setting up debugging for UniFi Protect and UniFi Management Portal APIs, and finding unauthenticated API vulnerabilities
https://medium.com/tenable-techblog/exploring-the-ubiquiti-unifi-cloud-key-gen2-plus-f5b0f7ca688
Vulnerabilities
Multiple NETGEAR switching hubs vulnerable to cross-site request forgery
GS716Tv2 and GS724Tv3 provided by NETGEAR contain a cross-site request forgery vulnerability.
https://jvn.jp/en/jp/JVN29903998/
Cisco NX-OS Software Call Home Command Injection Vulnerability
A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of specific Call Home configuration parameters when the software is configured for transport method HTTP.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-callhome-cmdinj-zkxzSCY
[webapps] Wordpress Plugin Autoptimize 2.7.6 - Arbitrary File Upload (Authenticated)
https://www.exploit-db.com/exploits/48770
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-5/
Security Bulletin: IBM Resilient users may experience a denial of service of the SOAR Platform due to a insufficient input validation (CVE-2019-4579)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-users-may-experience-a-denial-of-service-of-the-soar-platform-due-to-a-insufficient-input-validation-cve-2019-4579/
Security Bulletin: Information Disclosure vulnerability in IBM Spectrum Protect Server (CVE-2020-4591)
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-ibm-spectrum-protect-server-cve-2020-4591/
Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java- Technology Edition for Content Collecor for SAP Applications
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-ibm-sdk-java-technology-edition-for-content-collecor-for-sap-applications-2/
Security Bulletin: IBM Resilient users may experience a denial of service of the SOAR Platform due to a insufficient input validation (CVE-2019-4533)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-users-may-experience-a-denial-of-service-of-the-soar-platform-due-to-a-insufficient-input-validation-cve-2019-4533/
Security Bulletin: Information disclosure vulnerability in WebSphere Application Server - Liberty affects IBM MobileFirst Platform Foundation
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-liberty-affects-ibm-mobilefirst-platform-foundation/
Security Bulletin: Vulnerability exposure ( deferred from Oracle Jan 2020 Java CPU ) in IBM Java SDK affects IBM Operations Analytics Predictive Insights
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-exposure-deferred-from-oracle-jan-2020-java-cpu-in-ibm-java-sdk-affects-ibm-operations-analytics-predictive-insights/
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability affects Content Collecor for SAP Applications
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2020-includes-oracle-jul-2020-cpu-plus-one-additional-vulnerability-affects-content-collecor-for-sap-applications-2/
Security Bulletin: Denial of Service vulnerability in IBM Spectrum Protect Server (CVE-2020-4559)
https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnerability-in-ibm-spectrum-protect-server-cve-2020-4559/