{"id":13350,"date":"2020-02-26T00:35:44","date_gmt":"2020-02-25T23:35:44","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=13350"},"modified":"2020-10-23T20:39:20","modified_gmt":"2020-10-23T18:39:20","slug":"security-information-feb-25-2020","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/02\/26\/security-information-feb-25-2020\/","title":{"rendered":"Security information (Feb. 25, 2020)"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/02\/25\/sicherheitsinfos-25-2-2020\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]In this blog post, I will quickly summarize important security information that has come to my attention in the last few hours. There are so many topics that the blog would burst with individual contributions. Are violent things like missing security features in certain Microsoft Office 365 variants about RCE vulnerabilities that endanger power plants, etc. are once again all there. <\/p>\n<p><!--more--><\/p>\n<h2>Microsoft Office 365&nbsp; fails in protection against Emotet<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg02.met.vgwort.de\/na\/c1dfaf4ce63b4d929291792e5b7dbeca\" width=\"1\" height=\"1\">The ransomware Trojan Emotet is often initially spread via spam mail attachments. Administrators should actually secure their Microsoft Office 365 environments against Emotet attacks. The business versions of Office 365 lack an important protective function that can prevent Emotet infections, among other things. This is documented by Microsoft, but largely unknown. <\/p>\n<p>Background: Admins can use group policies to block some things like macro execution in Office. But: When you switch to Office 365, most versions of Office 365 ignore the defaults from Group Policy (without reporting this). German magazine heise has documented it in <a href=\"https:\/\/www.heise.de\/newsticker\/meldung\/Emotet-Sicherheitsrisiko-Microsoft-Office-365-4665197.html\" target=\"_blank\" rel=\"noopener noreferrer\">this article<\/a>.&nbsp; <\/p>\n<h2>RCE bug threaten power plants<\/h2>\n<p>Critical remote code vulnerabilities (RCE) in Siemens SPPA-T3000 control system threaten global power plants. A chain of 17 bugs could be exploited to stop power generation and cause malfunctions in power plants..<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Critical Remote Code-Execution Bugs Threaten Global Power Plants Seventeen bugs could be exploited to stop electrical generation and cause malfunctions at power plants. <a href=\"https:\/\/t.co\/HZ7ekdz4pN\">https:\/\/t.co\/HZ7ekdz4pN<\/a><a href=\"https:\/\/twitter.com\/hashtag\/News?src=hash&amp;ref_src=twsrc%5Etfw\">#News<\/a><\/p>\n<p>\u2014 Mark Cutting (@phenomlab) <a href=\"https:\/\/twitter.com\/phenomlab\/status\/1232241523376435201?ref_src=twsrc%5Etfw\">February 25, 2020<\/a><\/p><\/blockquote>\n<p><span id=\"preserve62b5cecc4f684fd1b5a6254e5be9f7a8\" class=\"wlWriterPreserve\"><SCRIPT charset=\"utf-8\" src=\"https:\/\/platform.twitter.com\/widgets.js\" async><\/SCRIPT><\/span> <\/p>\n<p>Phenomlab.com has taken it up in the tweet above and documented it here. The product concerned is the SPPA-T3000, a distributed process control system from Siemens that is used to control and monitor power generation in large power plants in the USA, Germany, Russia and other countries. Siemens provides <a href=\"https:\/\/cert-portal.siemens.com\/productcert\/pdf\/ssa-451445.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">this security advisory<\/a>.&nbsp; <\/p>\n<h2>Samsung privacy incident on website<\/h2>\n<p>These days, Samsung smartphone users received (accidentally) a strange push notification if they were logged on to \"Find my Mobile\". Some media has reported that last week.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" title=\"Samsung Push-Benachrichtigung\" alt=\"Samsung Push-Benachrichtigung\" src=\"https:\/\/heise.cloudimg.io\/width\/610\/q85.png-lossy-85.webp-lossy-85.foil1\/_www-heise-de_\/imgs\/18\/2\/8\/4\/6\/3\/7\/7\/Screenshot_20200220-093044_Nova_Launcher-1b1b2b5c4beeba26.jpeg\" width=\"402\" height=\"339\"><\/p>\n<p>However, it appears that Samsung has had a privacy incident on its website. According to The Register, Samsung <a href=\"https:\/\/www.theregister.co.uk\/2020\/02\/24\/samsung_data_breach_find_my_mobile\/\" target=\"_blank\" rel=\"noopener noreferrer\">has admitted<\/a> that a \"small number\" of users were actually able to read other people's personal details after last week's inexplicable Find my Mobile alert. <\/p>\n<blockquote>\n<p>\"A technical error resulted in a small number of users being able to access the details of another user. As soon as we became of aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed.\"<\/p>\n<\/blockquote>\n<h2>LTE vulnerability enables identity theft<\/h2>\n<p>Security researchers have discovered a vulnerability in the LTE protocol. It allowed them to take over the identity of a smartphone user and, for example, to take out subscriptions at the user's expense. Quote from the security researchers' press release.&nbsp; <\/p>\n<blockquote>\n<p>An attacker could use the booked services, for example, stream series, but the owner of the victim's mobile phone would have to pay for them,\" explains Prof. Dr. Thorsten Holz from the Horst G\u00f6rtz Institute for IT Security, who discovered the security gap together with David Rupprecht, Dr. Katharina Kohls and Prof. Dr. Christina P\u00f6pper. The Bochum team will present the results at the Network Distributed System Security Symposium, NDSS for short, in San Diego, USA, on 25 February 2020. <\/p>\n<\/blockquote>\n<p>Details of the attacks are also available on the website <u><a href=\"http:\/\/www.imp4gt-attacks.net\" target=\"_blank\" rel=\"noopener noreferrer\">www.imp4gt-attacks.net<\/a><\/u>. However, the effort required for the IMP4GT attack (IMPersonation Attacks in 4G NeTworks) is considerable. <\/p>\n<h2>Privacy incident at Washington School of Medicine<\/h2>\n<p>There seems to have been a privacy incident at the Washington School of Medicine. Now there's a class action suit against those responsible, according to this tweet.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">UW Medicine Facing Breach Lawsuit <a href=\"https:\/\/t.co\/nc267yWfUD\">https:\/\/t.co\/nc267yWfUD<\/a><\/p>\n<p>\u2014 Infosecurity Mag (@InfosecurityMag) <a href=\"https:\/\/twitter.com\/InfosecurityMag\/status\/1231988424728567808?ref_src=twsrc%5Etfw\">February 24, 2020<\/a><\/p><\/blockquote>\n<p><span id=\"preservef41bb3525b454e68884fcd64b43e09bd\" class=\"wlWriterPreserve\"><SCRIPT charset=\"utf-8\" src=\"https:\/\/platform.twitter.com\/widgets.js\" async><\/SCRIPT><\/span> <\/p>\n<h2>Unprotected AWS S3 cloud storage leaks data<\/h2>\n<p>Unprotected data storage in Amazon's AWS S3 cloud is probably the source of constant data breaches. Now, more than 30,000 records of inmates in several U.S. states have been leaked via an unsecured and unencrypted AWS S3 Bucket. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">An unsecured and unencrypted <a href=\"https:\/\/twitter.com\/hashtag\/AWS?src=hash&amp;ref_src=twsrc%5Etfw\">#AWS<\/a> S3 <a href=\"https:\/\/twitter.com\/hashtag\/cloud?src=hash&amp;ref_src=twsrc%5Etfw\">#cloud<\/a> storage bucket unintentionally leaked more than 30,000 records of inmates in several U.S. states. Report: <a href=\"https:\/\/t.co\/LRpw9UkDpJ\">https:\/\/t.co\/LRpw9UkDpJ<\/a><\/p>\n<p>\u2014 Trend Micro (@TrendMicro) <a href=\"https:\/\/twitter.com\/TrendMicro\/status\/1231997720287678465?ref_src=twsrc%5Etfw\">February 24, 2020<\/a><\/p><\/blockquote>\n<p><span id=\"preservea7bba62b2f104337aff4be111887d00d\" class=\"wlWriterPreserve\"><SCRIPT charset=\"utf-8\" src=\"https:\/\/platform.twitter.com\/widgets.js\" async><\/SCRIPT><\/span> <\/p>\n<p>Trendmicro has disclosed the relevant details in the above tweet and linked the article. <\/p>\n<h2>KidsGuard app leaked information from Smartphones<\/h2>\n<p>The KidsGuard app promises access \"to all information\" on a target device. This includes access to the user's location in real time, text messages (SMS), browser history, as well as photos, videos and activities of the app and recordings of phone calls.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We just received an email from ClevGuard asking us to delete the two articles we published this week about the KidsGuard stalkerware, which has been used to spy on thousands of victims.<\/p>\n<p>We declined. <\/p>\n<p>Anyway, here's the story they don't want you to read. <a href=\"https:\/\/t.co\/sSaaRgdm9A\">https:\/\/t.co\/sSaaRgdm9A<\/a><\/p>\n<p>\u2014 Zack Whittaker (@zackwhittaker) <a href=\"https:\/\/twitter.com\/zackwhittaker\/status\/1231787468321632256?ref_src=twsrc%5Etfw\">February 24, 2020<\/a><\/p><\/blockquote>\n<p><span id=\"preserve9a08ec5a6b004df7862bb395f0a91d85\" class=\"wlWriterPreserve\"><SCRIPT charset=\"utf-8\" src=\"https:\/\/platform.twitter.com\/widgets.js\" async><\/SCRIPT><\/span>&nbsp; <\/p>\n<h2>EU Commission and Signal-Messenger<\/h2>\n<p>The EU Commission has recommended its staff to use the signal messenger for security reasons. Politico reports this in <a href=\"https:\/\/www.politico.eu\/pro\/eu-commission-to-staff-switch-to-signal-messaging-app\/\" target=\"_blank\" rel=\"noopener noreferrer\">this article<\/a> and The Verge has taken it up below. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Signal becomes European Commission's messaging app of choice in security clampdown <a href=\"https:\/\/t.co\/cw3TozO8rj\">https:\/\/t.co\/cw3TozO8rj<\/a> <a href=\"https:\/\/t.co\/uMImNHdKFg\">pic.twitter.com\/uMImNHdKFg<\/a><\/p>\n<p>\u2014 The Verge (@verge) <a href=\"https:\/\/twitter.com\/verge\/status\/1231994400709992448?ref_src=twsrc%5Etfw\">February 24, 2020<\/a><\/p><\/blockquote>\n<p><span id=\"preserveb4e2d45675954e6497a62d43527c062e\" class=\"wlWriterPreserve\"><SCRIPT charset=\"utf-8\" src=\"https:\/\/platform.twitter.com\/widgets.js\" async><\/SCRIPT><\/span> <\/p>\n<h2>Linux: Critical RCE Bug in OpenBSD SMTP Server <\/h2>\n<p>Security researchers have discovered a new critical vulnerability in the OpenSMTPD email server (that exists since 2015). An attacker could exploit it remotely to run shell commands as root on the underlying operating system.  <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Qualys discloses new OpenSMTPD bug (CVE-2020-8794) exploit included: <a href=\"https:\/\/t.co\/O3Sk8NN6Dy\">https:\/\/t.co\/O3Sk8NN6Dy<\/a><\/p>\n<p>The previous one was they disclosed in January was exploited in the wild <a href=\"https:\/\/t.co\/y53tH1kmkl\">https:\/\/t.co\/y53tH1kmkl<\/a><a href=\"https:\/\/t.co\/NN2wsHJZQY\">https:\/\/t.co\/NN2wsHJZQY<\/a><a href=\"https:\/\/t.co\/kV3sn36kfZ\">https:\/\/t.co\/kV3sn36kfZ<\/a><\/p>\n<p>\u2014 Catalin Cimpanu (@campuscodi) <a href=\"https:\/\/twitter.com\/campuscodi\/status\/1232278821186834432?ref_src=twsrc%5Etfw\">February 25, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>Qualsys has outlined the vulnerability within <a href=\"https:\/\/www.qualys.com\/2020\/02\/24\/cve-2020-8794\/lpe-rce-opensmtpd-default-install.txt\" target=\"_blank\" rel=\"noopener noreferrer\">this plain text article<\/a>. Bleeping Computer has also an article with details:  <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">New Critical RCE Bug in OpenBSD SMTP Server Threatens Linux Distros &#8211; by <a href=\"https:\/\/twitter.com\/Ionut_Ilascu?ref_src=twsrc%5Etfw\">@Ionut_Ilascu<\/a><a href=\"https:\/\/t.co\/rzfy1WElPU\">https:\/\/t.co\/rzfy1WElPU<\/a><\/p>\n<p>\u2014 BleepingComputer (@BleepinComputer) <a href=\"https:\/\/twitter.com\/BleepinComputer\/status\/1232256301343924226?ref_src=twsrc%5Etfw\">February 25, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>OpenSMTPD is present on many Unix-based systems, including FreeBSD, NetBSD, macOS, Linux (Alpine, Arch, Debian, Fedora, CentOS).  <\/p>\n<h2>Details about Exchange Exploit CVE-2020-0688<\/h2>\n<p>The Zero Day Initiative has outlined details how to exploit the recently patched Microsoft Exchange vulnerability CVE-2020-0688.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Want to know how to exploit the recently patched <a href=\"https:\/\/twitter.com\/hashtag\/Microsoft?src=hash&amp;ref_src=twsrc%5Etfw\">#Microsoft<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/Exchange?src=hash&amp;ref_src=twsrc%5Etfw\">#Exchange<\/a> CVE-2020-0688? <a href=\"https:\/\/twitter.com\/HexKitchen?ref_src=twsrc%5Etfw\">@hexkitchen<\/a> provides the details on how to take advantage of the fixed cryptographic keys used during installation. <a href=\"https:\/\/t.co\/N7fds4do5s\">https:\/\/t.co\/N7fds4do5s<\/a><\/p>\n<p>\u2014 Zero Day Initiative (@thezdi) <a href=\"https:\/\/twitter.com\/thezdi\/status\/1232339144732487680?ref_src=twsrc%5Etfw\">February 25, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]In this blog post, I will quickly summarize important security information that has come to my attention in the last few hours. There are so many topics that the blog would burst with individual contributions. Are violent things like missing &hellip; <a href=\"https:\/\/borncity.com\/win\/2020\/02\/26\/security-information-feb-25-2020\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-13350","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/13350","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=13350"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/13350\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=13350"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=13350"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=13350"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}