End-of-Day report
Timeframe: Donnerstag 12-03-2020 18:00 - Freitag 13-03-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Dimitri Robl
News
CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware
The security research team at DomainTools recently observed an uptick in suspicious Coronavirus and COVID-19 domains, leading them to discover CovidLock, a malicious Android App.
https://www.domaintools.com/resources/blog/covidlock-mobile-coronavirus-tracking-app-coughs-up-ransomware
mTAN abgefangen: Betrüger räumten Konten in Österreich leer
Mit SIM-Swapping haben Kriminelle bei Dutzenden Österreichern Geld abgehoben. Nun wurden sie verhaftet. (TAN, Malware)
https://www.golem.de/news/mtan-abgefangen-betrueger-raeumten-konten-in-oesterreich-leer-2003-147234-rss.html
Persistent Cross-Site Scripting, the MSSQL Way
If you save wide Unicode brackets (i.e. --) into a char or varchar field, MSSQL Server will convert them into HTML brackets (i.e. ). So, -img src=x onerror=alert(pxss)- will be converted to compliments of the backend DB. This will likely help you sneak past server-side filters, WAFs, etc. and execute a persistent Cross-Site Scripting (PXSS) attack. As a bonus, .NET request validation will not detect it.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/persistent-cross-site-scripting-the-mssql-way/
Tor team warns of Tor Browser bug that runs JavaScript on sites it shouldnt
Tor team says its working on a fix, but has no timeline.
https://www.zdnet.com/article/tor-team-warns-of-tor-browser-bug-that-runs-javascript-on-sites-it-shouldnt/
Vulnerabilities
Security updates for Friday
Security updates have been issued by Arch Linux (firefox, golang-golang-x-crypto, kernel, mbedtls, ppp, and python-django), Debian (slirp and yubikey-val), Fedora (firefox, java-1.8.0-openjdk-aarch32, mbedtls, monit, seamonkey, sympa, and zsh), Gentoo (chromium, e2fsprogs, firefox, groovy, postgresql, rabbitmq-c, ruby, and vim), Mageia (ppp), openSUSE (kernel), and SUSE (glibc, kernel, openstack-manila, php5, and squid).
https://lwn.net/Articles/814817/
Update - Kritische Sicherheitslücke in Microsoft SMBv3 - Patch und Workarounds verfügbar
03. März 2020 Update: 13. März 2020 Beschreibung Microsoft hat außerhalb des monatlichen Patch-Zyklus ein Security Advisory mit Workarounds für eine kritische Sicherheitslücke in Microsoft Server Message Block 3.1.1 (SMBv3) veröffentlicht. CVE-Nummern: CVE-2020-0796 CVSS Base Score: 10.0 (laut CERT/CC) Update: 13. März 2020 Microsoft gibt unter https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 ebenfalls einen CVSS Base Score
https://cert.at/de/warnungen/2020/3/kritische-sicherheitslucke-in-microsoft-smbv3-workarounds-verfugbar
Security Bulletin: PowerVC is impacted by information leakage from nova APIs during external exception (CVE-2019-14433)
https://www.ibm.com/blogs/psirt/security-bulletin-powervc-is-impacted-by-information-leakage-from-nova-apis-during-external-exception-cve-2019-14433/
Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java- Technology Edition
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-ibm-sdk-java-technology-edition/
Security Bulletin: Content Collector for Email is affected by a 3RD PARTY Path Traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS)
https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-email-is-affected-by-a-3rd-party-path-traversal-vulnerability-in-the-administrative-console-in-ibm-websphere-application-server-was/
Security Bulletin: Content Collector for Email is affected by a cross-site scripting vulnerability in WebSphere Application Server Admin Console
https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-email-is-affected-by-a-cross-site-scripting-vulnerability-in-websphere-application-server-admin-console/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for/
Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect Snapshot for VMware (CVE-2019-2989)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-ibm-spectrum-protect-snapshot-for-vmware-cve-2019-2989/
Security Bulletin: A vulnerability in Python affects IBM Operations Analytics Predictive Insights (CVE-2019-18348)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-python-affects-ibm-operations-analytics-predictive-insights-cve-2019-18348/
Security Bulletin: Content Collector for Email is affected by a File traversal vulnerability in WebSphere Application Server Admin Console
https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-email-is-affected-by-a-file-traversal-vulnerability-in-websphere-application-server-admin-console/
Security Bulletin: Content Collector for Email is affected by a Information disclosure vulnerability in WebSphere Application Server
https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-email-is-affected-by-a-information-disclosure-vulnerability-in-websphere-application-server-2/
Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for ACH Services
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-ach-services/
VMSA-2020-0004
https://www.vmware.com/security/advisories/VMSA-2020-0004.html
Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-0228