End-of-Day report
Timeframe: Freitag 25-09-2020 18:00 - Montag 28-09-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Some Tyler Technologies Customers Targeted with The Installation of a Bomgar Client, (Mon, Sep 28th)
One of our readers, a Tyler Technologies's customer, reported to us that he found this morning the Bomgar client[1] (BeyondTrust) installed on one of his servers. There is an ongoing discussion on Reddit with the same kind of reports[2].
https://isc.sans.edu/diary/rss/26610
Magento Credit Card Stealing Malware: gstaticapi
Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information. To obtain sensitive details, the malware loads external javascript whenever the URL contains -checkout- -- this location typically belongs to the step in Magento-s checkout process where users enter their sensitive credit card information and shipping details.
https://blog.sucuri.net/2020/09/magento-credit-card-stealing-malware-gstaticapi.html
Kostenloses Entschlüsselungstool für Erpressungstrojaner ThunderX ist da
Sicherheitsforscher haben einen Fehler in der Verschlüsselung durch die Ransomware ThunderX entdeckt und bieten nun Hilfe an.
https://heise.de/-4913470
Vulnerabilities
Jetzt patchen! AgeLocker Ransomware hat es auf Qnap NAS abgesehen
Besitzer von Netzwerkspeichern (NAS) der Firma Qnap, sollten ihr Gerät aus Sicherheitsgründen auf den aktuellen Stand bringen.
https://heise.de/-4913513
Security updates for Monday
Security updates have been issued by Debian (curl, libdbi-perl, linux-4.19, lua5.3, mediawiki, nfdump, openssl1.0, qt4-x11, qtbase-opensource-src, ruby-gon, and yaws), Fedora (f2fs-tools, grub2, libxml2, perl-DBI, singularity, xawtv, and xen), Mageia (cifs-utils, kio-extras, libproxy, mbedtls, nodejs, novnc, and pdns), openSUSE (bcm43xx-firmware, chromium, conmon, fuse-overlayfs, libcontainers-common, podman, firefox, libqt4, libqt5-qtbase, openldap2, ovmf, pdns, rubygem-actionpack-5_1, and [...]
https://lwn.net/Articles/832831/
MediaWiki: Mehrere Schwachstellen
Ein lokaler Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen, einen Cross-Site Scripting Angriff durchzuführen, Daten zu manipulieren oder weitere Angriffe mit nicht spezifizierten Auswirkungen durchzuführen.
https://www.cert-bund.de/advisoryshort/CB-K20-0923
MediaWiki: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen oder Sicherheitsvorkehrungen zu umgehen.
https://www.cert-bund.de/advisoryshort/CB-K20-0934
Trend Micro Apex One: Mehrere Schwachstellen
Ein lokaler Angreifer kann mehrere Schwachstellen in Trend Micro Apex One ausnutzen, um seine Privilegien zu erhöhen, Code zur Ausführung zu bringen und Informationen offenzulegen.
https://www.cert-bund.de/advisoryshort/CB-K20-0925
F5 BIG-IP: Schwachstelle ermöglicht Denial of Service
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in F5 BIG-IP ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://www.cert-bund.de/advisoryshort/CB-K20-0927
Security Advisory - Buffer Overflow Vulnerability BootHole in GRUB2 Secure Boot
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200923-01-grub2-en
Security Bulletin: Insecure Use of InnerHTML or OuterHTML in IBM Enterprise Records
https://www.ibm.com/blogs/psirt/security-bulletin-insecure-use-of-innerhtml-or-outerhtml-in-ibm-enterprise-records/
Security Bulletin: Dynamically constructed href attribute in IBM Enterprise Records
https://www.ibm.com/blogs/psirt/security-bulletin-dynamically-constructed-href-attribute-in-ibm-enterprise-records/
Security Bulletin: Apache Commons Codec Vulnerability Affects IBM Control Center
https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-codec-vulnerability-affects-ibm-control-center/
Security Bulletin: Multiple Java Vulnerabilities Impact IBM Control Center
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-java-vulnerabilities-impact-ibm-control-center/
Security Bulletin: IBM Cloud Private is vulnerable to a Node.js lodash vulnerability (CVEID: 183560)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-node-js-lodash-vulnerability-cveid-183560/
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - OpenSSL (CVE-2019-1563, CVE-2019-1549, CVE-2019-1547)
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-openssl-cve-2019-1563-cve-2019-1549-cve-2019-1547-2/
Security Bulletin: IBM Event Streams is affected by a Node.js http-proxy and lodash module vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-a-node-js-http-proxy-and-lodash-module-vulnerabilities/
Security Bulletin: IBM Event Streams is affected by a vulnerability in the Go runtime (CVE-2020-16845)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-a-vulnerability-in-the-go-runtime-cve-2020-16845/
Security Bulletin: IBM Event Streams is affected by a Redis vulnerability (CVE-2020-14147)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-a-redis-vulnerability-cve-2020-14147/
Security Bulletin: IBM Cloud Private is vulnerable to an Elasticsearch vulnerability (CVE-2019-7614)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-elasticsearch-vulnerability-cve-2019-7614/
Security Bulletin: Publicly disclosed vulnerability from OpenSSH affects IBM Netezza Host Management
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-openssh-affects-ibm-netezza-host-management/
Security Bulletin: IBM Cloud Private is vulnerable to a Netty vulnerability (CVE-2020-11612)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-netty-vulnerability-cve-2020-11612/
Security Bulletin: A Security Vulnerability affects IBM Cloud Private - Logstash (CVE-2019-7620)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-logstash-cve-2019-7620/
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.12.0 ESR + CVE-2020-15664) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 - 2020.2.0
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-68-12-0-esr-cve-2020-15664-hava-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if11-icam2019-3-0-2020-2-0/
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.12.0 ESR + CVE-2020-15659) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 - 2020.2.0
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-68-12-0-esr-cve-2020-15659-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if11-icam2019-3-0-2020-2-0/
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.12.0 ESR) hava affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 - 2020.2.0
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-68-12-0-esr-hava-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if11-icam2019-3-0-2020-2-0/
Security Bulletin: IBM Cloud Private is vulnerable to Kibana vulnerabilities (CVE-2020-7015, CVE-2020-7013, CVE-2020-7012)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-kibana-vulnerabilities-cve-2020-7015-cve-2020-7013-cve-2020-7012/
Security Bulletin: IBM Cloud Private is vulnerable to a Kubernetes vulnerability (CVEID: 182747)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-kubernetes-vulnerability-cveid-182747/
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Node.js (CVE-2019-15605, CVE-2019-15606)
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-node-js-cve-2019-15605-cve-2019-15606-2/