Tageszusammenfassung - 14.09.2020

End-of-Day report

Timeframe: Freitag 11-09-2020 18:00 - Montag 14-09-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter

News

Zerologon übernimmt Domain-Controller

Unbemerkt von vielen hat Microsoft im August letzten Monats einen der schwerwiegendsten Fehler behoben, der dem Unternehmen jemals gemeldet wurde. Dieses Problem könnte dazu missbraucht werden, Windows-Server, die als Domänencontroller in Unternehmensnetzwerken laufen, einfach zu übernehmen.

https://www.zdnet.de/88382688/zerologon-uebernimmt-domain-controller/


Magento stores hit by largest automated hacking attack since 2015

In the largest automated hacking campaign against Magento sites, attackers compromised almost 2,000 online stores this weekend to steal credit cards.

https://www.bleepingcomputer.com/news/security/magento-stores-hit-by-largest-automated-hacking-attack-since-2015/


Creating patched binaries for pentesting purposes, (Sun, Sep 13th)

When doing pentestings, the establishment of backdoors is vital to be able to carry out lateral movements in the network or to reach the stage of action on objectives. This is usually accomplished by inviting someone to click on a commonly used executable on the computer using social engineering techniques.

https://isc.sans.edu/diary/rss/26560


ModSecurity, Regular Expressions and Disputed CVE-2020-15598

This blog post will discuss that tradeoff in the context of regular expressions in ModSecurity. It will cover an issue raised by a member of the community as a security issue (assigned CVE-2020-15598), which we disputed, and some tips for how to avoid the more problematic aspects of regular expressions in ModSecurity.

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-regular-expressions-and-disputed-cve-2020-15598/


New BlindSide attack uses speculative execution to bypass ASLR

New BlindSide technique abuses the CPUs internal performance-boosting feature to bypass OS security protection.

https://www.zdnet.com/article/new-blindside-attack-uses-speculative-execution-to-bypass-aslr/

Vulnerabilities

Hyland OnBase Arbitrary File Upload

Hyland OnBase allows malicious attackers to directly upload arbitrary files to the OnBase server using file upload methods. The client-side sometimes restricts file types, but the server-side does not allowing attackers with direct server access to upload files of any type including malicious files designed to compromise clients that view the data. OnBase also appears to lack the proper mechanisms to verify that files are of the type claimed and instead relies on file extensions, allowing attackers to upload malicious files whose extensions do not match the actual file type. This allows a second vector for malicious file upload and attacking clients.

https://cxsecurity.com/issue/WLB-2020090071


WordPress Plugin Flaw Allows Attackers to Forge Emails

The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.

https://threatpost.com/wordpress-plugin-flaw/159172/


Sicherheitsupdates: Root-Lücke bedroht Firewalls von Palo Alto

Eine kritische Lücke im Betriebssystem PAN-OS gefährdet Firewalls aus dem Hause Palo Alto.

https://heise.de/-4892796


Security updates for Monday

Security updates have been issued by CentOS (thunderbird), Debian (libproxy, qemu, and wordpress), Fedora (ansible, chromium, community-mysql, dotnet-build-reference-packages, dotnet3.1, drupal7, grub2, java-1.8.0-openjdk-aarch32, kernel, kernel-headers, kernel-tools, mingw-gnutls, php-symfony4, python-django, and selinux-policy), Gentoo (DBI, file-roller, gnome-shell, gst-rtsp-server, nextcloud-client, php, proftpd, qtgui, and zeromq), openSUSE (gimp, libjpeg-turbo, openldap2, [...]

https://lwn.net/Articles/831524/


Vulnerabilities Expose Thousands of MobileIron Servers to Remote Attacks

Researchers have disclosed the details of several potentially serious vulnerabilities affecting MobileIron-s mobile device management (MDM) solutions, including a flaw that can be exploited by an unauthenticated attacker for remote code execution on affected servers.

https://www.securityweek.com/vulnerabilities-expose-thousands-mobileiron-servers-remote-attacks


Multiple vulnerabilities in Buffalo AirStation WHR-G54S

https://jvn.jp/en/jp/JVN09166495/


Security Bulletin: IBM Cloud Pak System is affected by a vulnerability in VMware component

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-system-is-affected-by-a-vulnerability-in-vmware-component/


Security Bulletin: A vulnerability in Apache AvtiveMQ affects IBM Operations Analytics Predictive Insights (CVE-2020-1941)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-avtivemq-affects-ibm-operations-analytics-predictive-insights-cve-2020-1941/


Security Bulletin: Vulnerability in libcurl affects the OS image for RedHat Enterprise Linux for IBM Cloud Pak System (CVE-2019-5436)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-libcurl-affects-the-os-image-for-redhat-enterprise-linux-for-ibm-cloud-pak-system-cve-2019-5436/


Security Bulletin: Vulnerability in OpenSSL library affects OS Pattern Kit used in IBM Cloud Pak System

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-library-affects-os-pattern-kit-used-in-ibm-cloud-pak-system/


Security Bulletin: IBM Kenexa LMS On Premise -IBM SDK, Java Technology Edition Quarterly CPU -Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2020-includes-oracle-jul-2020-cpu-plus-one-additional-vulnerability/


Security Bulletin: IBM Kenexa LCMS Premier On Premise - [All] jQuery (Publicly disclosed vulnerability) CVEID: 180875

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-all-jquery-publicly-disclosed-vulnerability-cveid-180875/


Security Bulletin: Vulnerability in side channel in Intel CPUs affect IBM Cloud Pak System (CVE-2019-11135)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-side-channel-in-intel-cpus-affect-ibm-cloud-pak-system-cve-2019-11135/


Security Bulletin: IBM Kenexa LCMS Premier On Premise - [All] jQuery (Publicly disclosed vulnerability) CVE-2020-11023, CVE-2020-11022

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-all-jquery-publicly-disclosed-vulnerability-cve-2020-11023-cve-2020-11022/


Security Bulletin: Multiple vulnerabilities in IBM Java SDK addressed in IBM Cloud Pak System (April 2020 updates)

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-addressed-in-ibm-cloud-pak-system-april-2020-updates/