Tageszusammenfassung - 07.09.2020

End-of-Day report

Timeframe: Freitag 04-09-2020 18:00 - Montag 07-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: n/a

News

Visa warns of new Baka credit card JavaScript skimmer

Visa issued a warning regarding a new JavaScript e-commerce skimmer known as Baka that will remove itself from memory after exfiltrating stolen data and analysis.

https://www.bleepingcomputer.com/news/security/visa-warns-of-new-baka-credit-card-javascript-skimmer/


Threema E2EE chat app to go fully open source within months

Threema follows in the footsteps of Signal and Wickr and opens its apps codebase.

https://www.zdnet.com/article/threema-e2ee-chat-app-to-go-fully-open-source-within-months/


Manipulierte Excel-Dateien in Phishing-Mails

Eine neu entdeckte Malware-Bande benutzt einen cleveren Trick, um bösartige Excel-Dateien zu erstellen, die eine höhere Chance haben, Sicherheitssysteme zu umgehen.

https://www.zdnet.de/88382491/manipulierte-excel-dateien-in-phishing-mails/


Angriffe auf WordPress-Plugin

Millionen von WordPress-Sites wurden diese Woche angegriffen, weil Hacker eine Zero-Day-Schwachstelle in "File Manager", einem beliebten WordPress-Plugin, ausnutzen.

https://www.zdnet.de/88382493/angriffe-auf-wordpress-plug-in/

Vulnerabilities

Linux: Keine Eile beim Schließen einer Kernel-Sicherheitslücke

Mit einem Buffer Overflow im Linux-Kernel lässt sich ein System durch lokale Nutzer zum Absturz bringen, eine Rechteausweitung ist wohl möglich.

https://www.golem.de/news/linux-keine-eile-beim-schliessen-einer-kernel-sicherheitsluecke-2009-150712-rss.html


Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster

During a routine research audit for our Sucuri Firewall, we discovered a post deletion, arbitrary posting in social networks, and arbitrary plugin settings update affecting over 100,000 users of the WordPress plugin.

https://blog.sucuri.net/2020/09/insufficient-privilege-validation-in-nextscripts-social-networks-auto-poster.html


Security updates for Monday

Security updates have been issued by Debian (ark, netty, netty-3.9, qemu, squid3, and xorg-server), Fedora (chromium), Gentoo (dovecot and gnutls), Mageia (ansible, postgresql, and python-rsa), openSUSE (curl, freerdp, libX11, php7, squid, and xorg-x11-server), Oracle (kernel), Red Hat (thunderbird), Slackware (gnutls), and SUSE (firefox, kernel, and thunderbird).

https://lwn.net/Articles/830856/


Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4698

https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4698/


Security Bulletin: Vulnerability in IBM Java SDK affects IMS- Enterprise Suite: Explorer for Development (CVE-2020-14577)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-affects-ims-enterprise-suite-explorer-for-development-cve-2020-14577/


Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affecting-tivoli-netcool-omnibus-multiple-cves-2/


Security Bulletin: Cross Site Scripting vulnerabilities in jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-7656, CVE-2020-11022, CVE-2020-11023

https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023/


Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java- Technology Edition

https://www.ibm.com/blogs/psirt/security-bulletin-enterprise-content-management-system-monitor-is-affected-by-a-vulnerability-in-ibm-sdk-java-technology-edition/


Security Bulletin: Cross-site scripting vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4516

https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4516/


Security Bulletin: IBM Aspera Shares 1.9.14 Patch Level 1 and earlier are vulnerable to DOM XSS

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-shares-1-9-14-patch-level-1-and-earlier-are-vulnerable-to-dom-xss/


Security Bulletin: Java Quarterly CPU affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

https://www.ibm.com/blogs/psirt/security-bulletin-java-quarterly-cpu-affecting-watson-knowledge-catalog-for-ibm-cloud-pak-for-data-2/


Nagios Enterprises Nagios XI: Mehrere Schwachstellen

http://www.cert-bund.de/advisoryshort/CB-K20-0868