End-of-Day report
Timeframe: Dienstag 14-04-2020 18:00 - Mittwoch 15-04-2020 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Patchday: Microsoft schließt über 100 Lücken, drei Windows-Lücken unter Beschuss
Wichtige Sicherheitsupdates schützen Windows & Co. 17 Schwachstellen sind mit dem Angriffsrisiko "kritisch" eingestuft.
https://heise.de/-4702540
Sicherheitswarnungen für Git und GitHub
Eine Schwachstelle in Git ermöglicht das Umleiten von Credentials, und GitHub warnt vor einer Welle von Phishing-Mails.
https://heise.de/-4702519
Medikamente sicher und legal online kaufen
Apotheken sind in Österreich trotz Corona-Krise geöffnet. Dennoch wollen Menschen die Ansteckungsgefahr in den Apotheken vermeiden und kaufen rezeptfreie Medikamente online. Es gibt jedoch zahlreiche Fake-Apotheken im Internet, die mit scheinbar rezeptfreien Medikamenten werben. Mit dem EU-Sicherheitslogo erkennen Sie legale Apotheken und können Medikamente ohne Risiko legal online kaufen.
https://www.watchlist-internet.at/news/medikamente-sicher-und-legal-online-kaufen/
Vulnerabilities
Microsoft Office April security updates fix critical RCE bugs
Microsoft released the April 2020 Office security updates on April 14, 2020, with a total of 55 security updates and 5 cumulative updates for 7 different products, and patching 5 critical bugs allowing attackers to run scripts as the current user and remotely execute arbitrary code on unpatched systems.
https://www.bleepingcomputer.com/news/security/microsoft-office-april-security-updates-fix-critical-rce-bugs/
Eaton HMiSoft VU3
This advisory contains mitigations for stack-based buffer overflow and out-of-bounds read vulnerabilities in Eatons HMiSoft VU3 human-machine interface (HMI).
https://www.us-cert.gov/ics/advisories/icsa-20-105-01
Triangle MicroWorks DNP3 Outstation Libraries
This advisory contains mitigations for a stack-based buffer overflow vulnerability in Triangle MicroWorks DNP3 components and source code libraries.
https://www.us-cert.gov/ics/advisories/icsa-20-105-02
Triangle MicroWorks SCADA Data Gateway
This advisory contains mitigations for stack-based buffer overflow, out-of-bounds read, and type confusion vulnerabilities in the Triangle MicroWorks SCADA Data Gateway.
https://www.us-cert.gov/ics/advisories/icsa-20-105-03
VMSA-2020-0007
VMware vRealize Log Insight addresses Cross Site Scripting (XSS) and Open Redirect vulnerabilities (CVE-2020-3953, CVE-2020-3954)
https://www.vmware.com/security/advisories/VMSA-2020-0007.html
Security updates for Wednesday
Security updates have been issued by Debian (git, graphicsmagick, php-horde-data, and php-horde-trean), Mageia (apache, gnutls, golang, krb5-appl, libssh, libvncserver, mediawiki, thunderbird, tor, and wireshark), openSUSE (chromium, nagios, and thunderbird), Oracle (kernel and krb5-appl), Red Hat (elfutils, kernel, nss-softokn, ntp, procps-ng, and python), Scientific Linux (firefox), Slackware (git), SUSE (git and ruby2.5), and Ubuntu (git).
https://lwn.net/Articles/817565/
IPAS: Security Advisories for April 2020
Hello, Today, in addition to the 6 security advisories we are releasing, we want to call your attention to a new whitepaper we have just published addressing CVE-2019-0090, a vulnerability in the Intel® Converged Security Management Engine (CSME) that we first disclosed in May of last year. You can read the whitepaper HERE.
https://blogs.intel.com/technology/2020/04/ipas-security-advisories-for-april-2020/
BSRT-2020-001 Local File Inclusion Vulnerability in Apache Tomcat Impacts BlackBerry Workspaces Server and BlackBerry Good Control
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000062739
Security Advisory - Denial of Service Vulnerability on Huawei Smartphone
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200415-02-dos-en
Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200415-01-smartphone-en
Security Advisory - Out of Bounds Read Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200415-01-oob-en
Security Bulletin: IBM QRadar SIEM is vulnerable to privilege escalation (CVE-2020-4270)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-privilege-escalation-cve-2020-4270/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-6/
Security Bulletin: A vulnerability in IBM Websphere Application Server affects the IBM Performance Management product (CVE-2019-4720)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-server-affects-the-ibm-performance-management-product-cve-2019-4720/
Security Bulletin: A vulnerability in jQuery affects the IBM Performance Management product (CVE-2019-11358)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-jquery-affects-the-ibm-performance-management-product-cve-2019-11358/
Security Bulletin: IBM QRadar SIEM is vulnerable to PHP object injection (CVE-2020-4271)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-php-object-injection-cve-2020-4271/
Security Bulletin: IBM QRadar SIEM is vulnerable to information exposure (CVE-2019-4593)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-information-exposure-cve-2019-4593/
Security Bulletin: IBM QRadar SIEM is vulnerable to instantiation of arbitrary objects (CVE-2020-4272)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-instantiation-of-arbitrary-objects-cve-2020-4272/
Security Bulletin: Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nx-os-firmware-used-by-ibm-c-type-san-directors-and-switches/
Security Bulletin: IBM QRadar SIEM is vulnerable to Server-Side Request Forgery (SSRF) (CVE-2020-4294)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-server-side-request-forgery-ssrf-cve-2020-4294/
Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-oracle-mysql-vulnerabilities-2/
Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Überschreiben von Dateien
http://www.cert-bund.de/advisoryshort/CB-K20-0325