End-of-Day report
Timeframe: Dienstag 08-09-2020 18:00 - Mittwoch 09-09-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Hackers use legit tool to take over Docker, Kubernetes platforms
In a recent attack, cybercrime group TeamTNT relied on a legitimate tool to avoid deploying malicious code on compromised cloud infrastructure and still have a good grip on it.
https://www.bleepingcomputer.com/news/security/hackers-use-legit-tool-to-take-over-docker-kubernetes-platforms/
Diffie-Hellman-Seitenkanal: Raccoon-Angriff auf TLS betrifft nur Wenige
Forscher zeigen eine bislang unbekannte Schwäche im TLS-Protokoll, die praktischen Risiken sind aber sehr gering.
https://www.golem.de/news/diffie-hellman-seitenkanal-raccoon-angriff-auf-tls-betrifft-nur-wenige-2009-150735-rss.html
Attacking the Qualcomm Adreno GPU
When writing an Android exploit, breaking out of the application sandbox is often a key step. There are a wide range of remote attacks that give you code execution with the privileges of an application (like the browser or a messaging application), but a sandbox escape is still required to gain full system access. This blog post focuses on an interesting attack surface that is accessible from the Android application sandbox: the graphics processing unit (GPU)
https://googleprojectzero.blogspot.com/2020/09/attacking-qualcomm-adreno-gpu.html
Adobe behebt Schwachstellen
Adobes neueste Runde von Sicherheitsupdates behebt schwerwiegende Fehler in Experience Manager, InDesign und Framemaker. Der Grafikspezialist verabschiedet sich zudem von Flash.
https://www.zdnet.de/88382613/adobe-behebt-schwachstellen/
Vulnerabilities
Patchday: Von Angreifern präparierte Websites könnten Windows gefährlich werden
Microsoft hat Sicherheitsupdates für mehrere Produkte veröffentlicht und über 120 Sicherheitslücken geschlossen.
https://heise.de/-4888876
IPAS: Security Advisories for September 2020
Hi everyone, Today we are releasing four security advisories addressing 9 vulnerabilities that were all internally found by Intel except for INTEL-SA-00405 which was reported through our bug bounty program.
https://blogs.intel.com/technology/2020/09/intel-september-2020-security-advisories/
Google Android: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um Schadcode auszuführen, um seine Privilegien zu erhöhen, um Informationen auszuspähen und um Sicherheitsmechanismen zu umgehen. Letztlich kann der Angreifer so die Kontrolle über das Gerät übernehmen. Zur Ausnutzung genügt es, eine bösartige App zu installieren bzw. zu nutzen.
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2020/09/warnmeldung_tw-t20-0158.html
Reflected XSS in WordPress Plugin Admin Pages
The administrative dashboard in WordPress is a pretty safe place: Only elevated users can access it. Exploiting a plugin-s admin panel would serve very little purpose here - an administrator already has the required permissions to do all of the actions a vulnerability could cause. While this is usually true, there are a number of techniques bad actors are using to trick an administrator into performing actions they would not expect, such as Cross Site Request Forgery (CSRF) or [...]
https://blog.sucuri.net/2020/09/reflected-xss-in-wordpress-plugin-admin-pages.html
Security updates for Wednesday
Security updates have been issued by Debian (grunt), Fedora (ansible and geary), openSUSE (firefox, gettext-runtime, python-Flask-Cors, and thunderbird), Oracle (firefox and thunderbird), Red Hat (.NET Core 3.1), SUSE (kernel and libjpeg-turbo), and Ubuntu (gnutls28 and libx11).
https://lwn.net/Articles/831069/
PHOENIX CONTACT: Products utilizing WIBU SYSTEMS CodeMeter components
Several vulnerabilities have been discovered in WIBU SYSTEMS CodeMeter Runtime.
https://cert.vde.com/de-de/advisories/copy_of_vde-2020-030
WAGO: Vulnerable WIBU-SYSTEMS Codemeter installed through e!COCKPIT
Multiple vulnerabilties were reported in WIBU-SYSTEMS Codemeter.
https://cert.vde.com/de-de/advisories/vde-2020-032
Security Advisory - Privilege Elevation Vulnerability in Microsoft Windows Kerberos Key Distribution Center
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20200909-01-windows-en
Security Advisory - Buffer Overflow Vulnerability on Several Mobile Broadband Products
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200909-01-mbb-en
Security Advisory - MITM Vulnerability on Huawei Share
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200909-01-share-en
Security Bulletin: IBM InfoSphere Metadata Asset Manager is vulnerable to stored cross-site scripting and server-side request forgery.
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-metadata-asset-manager-is-vulnerable-to-stored-cross-site-scripting-and-server-side-request-forgery-2/
Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-affect-ibm-websphere-application-server-in-ibm-cloud-3/
Security Bulletin: Improper DLL loading vulnerability affecting Aspera Connect 3.9.9 and earlier
https://www.ibm.com/blogs/psirt/security-bulletin-improper-dll-loading-vulnerability-affecting-aspera-connect-3-9-9-and-earlier-2/