End-of-Day report
Timeframe: Montag 21-09-2020 18:00 - Dienstag 22-09-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Google Cloud Buckets Exposed in Rampant Misconfiguration
A too-large percentage of cloud databases containing highly sensitive information are publicly available, an analysis shows.
https://threatpost.com/google-cloud-buckets-exposed-misconfiguration/159429/
New and improved Security Update Guide!
We're excited to announce a significant update to the Security Update Guide, our one-stop site for information about all security updates provided by Microsoft. This new version will provide a more intuitive user experience to help protect our customers regardless of what Microsoft products or services they use in their environment.
https://msrc-blog.microsoft.com:443/2020/09/21/new-and-improved-security-update-guide/
Cyberbedrohungen: Kostenlose "Adversary Emulation Plans" für Firmen verfügbar
Ein neues MITRE-Projekt stellt Informationen bereit, die Red Teams Schritt für Schritt beim Nachstellen realitätsnaher Angriffsszenarien unterstützen sollen.
https://heise.de/-4907083
instructionsweb.com führt in Abo-Falle
Die Suche nach einer Gebrauchsanleitung für ein elektronisches Gerät führte Sie zu instructionsweb.com? Sie haben dort schnell und unkompliziert die benötigte Anleitung gefunden? Auch der Preis von 95 Cent ist erschwinglich. Vorsicht: Mit Eingabe Ihrer Kreditkartendaten tappen Sie in eine Abo-Falle, die Sie monatlich - 11,95 kostet! Und: Anleitung gibt's trotz Bezahlung keine!
https://www.watchlist-internet.at/news/instructionswebcom-fuehrt-in-abo-falle/
Does your business have a Well-Known URL for changing passwords? It should!
If you're a business which has a website that customers access via a password, spend a few minutes create your own .well-known/change-password which points users to the correct place.
https://businessinsights.bitdefender.com/business-url-changing-password
Optimizing Away JavaScript Obfuscation. (arXiv:2009.09170v1 [cs.CR])
JavaScript is a popular attack vector for releasing malicious payloads on unsuspecting Internet users. Authors of this malicious JavaScript often employ numerous obfuscation techniques in order to prevent the automatic detection by antivirus and hinder manual analysis by professional malware analysts. Consequently, this paper presents SAFE-Deobs, a JavaScript deobfuscation tool that we have built.
https://arxiv.org/abs/2009.09170
Microsoft sichert ungeschützten Backend-Server seiner Suchmaschine Bing
Er gibt 6,5 TByte Daten preis. Es handelt sich ausschließlich um Log-Dateien ohne persönliche Informationen. Microsoft spricht von einer Fehlkonfiguration - dem fraglichen Server fehlte ein Passwort.
https://www.zdnet.de/88382854/microsoft-sichert-ungeschuetzten-backend-server-seiner-suchmaschine-bing/
Vulnerabilities
Firefox: Neue Desktop-Versionen beseitigen mögliche Einfallstore für Angreifer
Mit den Versionen 81 und ESR 78.3 des Webbrowsers Firefox liefert das Mozilla-Team auch diverse Lücken-Fixes aus.
https://heise.de/-4909119
Security updates for Tuesday
Security updates have been issued by Mageia (mysql-connector-java), openSUSE (chromium, curl, libqt4, and singularity), Red Hat (bash and kernel), SUSE (python-pip and python3), and Ubuntu (busybox, ceph, freeimage, libofx, libpam-tacplus, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-azure, linux-gcp, linux-oracle, novnc, and tnef).
https://lwn.net/Articles/832164/
VMware Horizon DaaS: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in VMware Horizon DaaS ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
https://www.cert-bund.de/advisoryshort/CB-K20-0916
Xen Security Advisories
The Xen Project has released 10 Security Advisories on 2020-09-22.
https://xenbits.xen.org/xsa/
Security Bulletin: CVE-2020-2590 (deferred from Oracle Jan 2020 CPU)
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2590-deferred-from-oracle-jan-2020-cpu-2/
Security Bulletin: CVE-2020-2601 (deferred from Oracle Jan 2020 CPU)
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2601-deferred-from-oracle-jan-2020-cpu-2/
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities-2/
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2020-includes-oracle-jul-2020-cpu-plus-one-additional-vulnerability-2/
Security Bulletin: CVE-2020-2601 (deferred from Oracle Jan 2020 CPU)
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2601-deferred-from-oracle-jan-2020-cpu/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-cloud-manager-with-openstack-3/
Security Bulletin: Apache ZooKeeper as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2019-0201)
https://www.ibm.com/blogs/psirt/security-bulletin-apache-zookeeper-as-used-by-ibm-qradar-siem-is-vulnerable-to-information-disclosure-cve-2019-0201/
Security Bulletin: CVE-2020-2590 (deferred from Oracle Jan 2020 CPU)
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2590-deferred-from-oracle-jan-2020-cpu/
Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise V11
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-v11/
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2020-includes-oracle-jul-2020-cpu-plus-one-additional-vulnerability/