Tageszusammenfassung - 11.09.2020

End-of-Day report

Timeframe: Donnerstag 10-09-2020 18:00 - Freitag 11-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter

News

Zoom adds two-factor authentication (2FA) support to all accounts

Zoom has announced that starting today it has added two-factor authentication (2FA) support to all user accounts to make it simpler to secure them against security breaches and identity theft.

https://www.bleepingcomputer.com/news/security/zoom-adds-two-factor-authentication-2fa-support-to-all-accounts/


Whats in Your Clipboard? Pillaging and Protecting the Clipboard, (Fri, Sep 11th)

Recently I happened to notice that the Cisco AnyConnect VPN client clears the clipboard if you paste a password into it. (Note - if you know and can type any of your passwords in 2020, you should at least partially examine your life choices). Several password managers also do this "right thing" - retaining passwords in the clipboard is a great way for folks to accidentally paste that information into the worst [...]

https://isc.sans.edu/diary/rss/26556


WordPress Malware Disables Security Plugins to Avoid Detection

An alarm or monitoring system is a great tool that can be used to improve the security of a home or website, but what if an attacker can easily disable it?

https://blog.sucuri.net/2020/09/wordpress-malware-disables-security-to-avoid-detection.html


Bluetooth anfällig für Angriffe auf Schlüssel - irgendwie

Das CERT/CC und die Bluetooth-Standardisierer warnen vor Blurtooth - knausern aber mit Informationen zur entdeckten Schwachstelle.

https://heise.de/-4891764


Sichere Passwörter schützen vor Verlust und Missbrauch

Sichere Passwörter schützen nicht nur private Informationen vor Fremden. Sie schützen vor allem vor finanziellem Schaden und Identitätsmissbrauch. Daher ist auf die Passwort-Sicherheit besonderen Wert zu legen.

https://www.watchlist-internet.at/news/sichere-passwoerter-schuetzen-vor-verlust-und-missbrauch/

Vulnerabilities

Security updates for Friday

Security updates have been issued by Debian (python-pip), Fedora (kernel, libX11, and xen), openSUSE (go1.14), Oracle (libcroco, php:7.3, and postgresql:10), Red Hat (chromium-browser and httpd:2.4), and SUSE (gimp, golang-github-prometheus-prometheus, kernel, libxml2, pdsh, slurm_20_02, slurm, slurm_18_08, and tomcat).

https://lwn.net/Articles/831283/


Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-host-on-demand-2/


Security Bulletin: A vulnerability may affect IBM® SDK, Java- Technology Edition used in Liberty for Java for IBM Cloud (CVE-2020-2590)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-may-affect-ibm-sdk-java-technology-edition-used-in-liberty-for-java-for-ibm-cloud-cve-2020-2590/


Security Bulletin: IBM® Db2® on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2020-4411)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-on-aix-and-linux-affected-by-a-vulnerability-in-ibm-spectrum-scale-cve-2020-4411/


Security Bulletin: IBM® SDK, Java- Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability affects Liberty for Java for IBM Cloud

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2020-includes-oracle-jul-2020-cpu-plus-one-additional-vulnerability-affects-liberty-for-java-for-ibm-cloud/


Security Bulletin: IBM® Db2® on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2020-4412)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-on-aix-and-linux-affected-by-a-vulnerability-in-ibm-spectrum-scale-cve-2020-4412/


Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime related to the Kerberos component affect IBM® Db2®. (CVE-2019-2949)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-related-to-the-kerberos-component-affect-ibm-db2-cve-2019-2949/


Security Bulletin: A vulnerability may affect IBM® SDK, Java- Technology Edition used in Liberty for Java for IBM Cloud (CVE-2020-2601)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-may-affect-ibm-sdk-java-technology-edition-used-in-liberty-for-java-for-ibm-cloud-cve-2020-2601/