2020年1月30日 星期四

RHSA-2020:0122 - java-11-openjdk security update

Description

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Security Fix(es):
  • OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)
  • OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)
  • OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)
  • OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)
  • OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)
  • OpenJDK: Incorrect handling of unexpected CertificateVerify TLS handshake messages (JSSE, 8231780) (CVE-2020-2655)
  • OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)
REF: https://access.redhat.com/errata/RHSA-2020:0122

Cloudflare Analytics - Unlock the power of your data

insights option 2x
REF: https://www.cloudflare.com/analytics/

2020年1月28日 星期二

RHSA-2020:0124 - git security update

Description

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Security Fix(es):
  • git: Remote code execution in recursive clones with nested submodules (CVE-2019-1387)
REF: https://access.redhat.com/errata/RHSA-2020:0124

Cloudflare: A cost-effective and extensible testbed for transport protocol development


REF: https://blog.cloudflare.com/a-cost-effective-and-extensible-testbed-for-transport-protocol-development/

[USN-4235-1] nginx vulnerability

---------- Forwarded message ---------
From: Marc Deslauriers
Date: Jan 14, 2020 1:10AM

Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly
handled certain error_page configurations. A remote attacker could possibly
use this issue to perform HTTP request smuggling attacks and access
resources contrary to expectations.

References:
  https://usn.ubuntu.com/4235-1
  CVE-2019-20372

CISO essentials: How to empower your defenders and security operations with AI

This graph describes how the Microsoft Intelligent Security Graph connects different signals in order to protect all Microsoft solutions from possible threats.
REF: https://discover.microsoft.com/enhancing-security-through-ai-guide/

2020年1月24日 星期五

[USN-4230-1] ClamAV vulnerability

---------- Forwarded message ---------
From: Marc Deslauriers
Date: Jan 8, 2020 11:04PM

It was discovered that ClamAV incorrectly handled certain MIME messages. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service.

References:
  https://usn.ubuntu.com/4230-1
  CVE-2019-15961

2020年1月23日 星期四

Introducing Cloudflare for Campaigns


REF: https://blog.cloudflare.com/introducing-cloudflare-for-campaigns/

2020年1月22日 星期三

[USN-4244-1] Samba vulnerabilities

---------- Forwarded message ---------
From: Marc Deslauriers
Date: Jan 21, 2020 10:41PM

It was discovered that Samba did not automatically replicate ACLs set to
inherit down a subtree on AD Directory, contrary to expectations. This
issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu
19.10. (CVE-2019-14902)

Robert Święcki discovered that Samba incorrectly handled certain character
conversions when the log level is set to 3 or above. In certain
environments, a remote attacker could possibly use this issue to cause
Samba to crash, resulting in a denial of service. (CVE-2019-14907)

Christian Naumer discovered that Samba incorrectly handled DNS zone
scavenging. This issue could possibly result in some incorrect data being
written to the DB. This issue only applied to Ubuntu 19.04 and Ubuntu
19.10. (CVE-2019-19344)

References:
  https://usn.ubuntu.com/4244-1
  CVE-2019-14902, CVE-2019-14907, CVE-2019-19344

2020年1月21日 星期二

Announcing the Cloudflare Access App Launch


REF: https://blog.cloudflare.com/announcing-the-cloudflare-access-app-launch/

[Checkmk Announce] New Checkmk stable release 1.6.0p8

---------- Forwarded message ---------
From: Checkmk Announcements
Date: Thu, Jan 16, 2020 at 10:47 PM

Checks & agents:
* 10419 AWS EC2 Limits graphs collects now all instance types in a single graph
* 10418 Update AWS EC2 Limits to use new vCPU-based instance limits
* 10417 FIX: AWS EC2 default limits are preserved for unconfigured instances
* 10519 FIX: Autochecks files of cluster nodes will no longer contain duplicates from other nodes
* 10674 FIX: Interface bandwith: Add missing perf-O-meter for in/out measured in bits/s
* 10737 FIX: Kubernetes: don't crash if resized PVCs exist
* 10676 FIX: OpenHardwareMonitor: Fixed a bug that prevented the generation of the section
* 10679 FIX: Windows Agent installs correctly cap file with empty files inside
* 10757 FIX: agent_ucs_bladecenter: Always output faultinst section
* 10665 FIX: brocade_optical: Do not crash if device does not send temperature values for some interfaces
* 10649 FIX: ceph_status.pgs: Fixed Unknown service state for 'peering'
* 10716 FIX: if64_tplink: Improve support for interface aliases of TP-LINK switches
* 10650 FIX: job: Fixed wrong state marker
* 10736 FIX: k8s_resources.pods: don't count finished pods
* 10576 FIX: mem.used: Fix graph of pagetables metric
* 10672 FIX: mk_oracle: Bugfix for wrong sid definition in Custom SQL
* 10670 FIX: mssql_transactionlogs, mssql_datafiles: Do not apply percentual levels if the reference size is zero
* 10669 FIX: mtr: Fixed applying levels configured in WATO which had no effect
* 10668 FIX: mtr: Fixed summary state which is always OK if at least one partial result is OK
* 10673 FIX: oracle_instance: Fixed evaluating amount of logins if Oracle DB is a PDB
* 10662 FIX: oracle_jobs: Fixed IndexError while discovery
* 10756 FIX: storeonce_servicesets.capacity: Fixed handling of old format

Core & setup:
* 10701 FIX: Fix possible timeout exception during site update

HW/SW inventory:
* 10663 FIX: HW/SW Inventory: Fixed "Cannot update tree" on clusters
* 10502 FIX: oracle_instance: Skip uptime and DB creation time entries if they cannot be converted

Site management:
* 10664 FIX: Cleanup piggyback: Do not throw exception if piggyback folders are missing

User interface:
* 10699 FIX: Filtering "Alert Statistics" view resulted in empty page
* 10416 FIX: Fix GUI network topology view with IE11
* 10697 FIX: Fix possible issue with custom GUI config plugins since #10565
* 10645 FIX: Problem Hosts sidebar snapin was not refreshed regularly

WATO:
* 10700 FIX: "Tags using this auxiliary tag" was not listing the referencing tag IDs
* 10696 FIX: Fix rule analyzation issues on service object parameter page
* 10698 FIX: LDAP: Fix possible "TypeError: 'bool' object is not iterable" during LDAP config test
* 10654 FIX: hacmp_resources.py: allowing to save the any node option in the WATO configuration

You can download Checkmk from our download page:
 * https://checkmk.com/download.php

Cloudflare: Introducing Load Balancing Analytics


REF: https://blog.cloudflare.com/introducing-load-balancing-analytics/

2020年1月18日 星期六

[LSN-0061-1] Linux kernel vulnerability

---------- Forwarded message ---------
From: benjamin.romer@canonical.com
Date: Jan 8, 2020 11:04PM

It was discovered that a heap-based buffer overflow existed in the Marvell
WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-14895)

It was discovered that a heap-based buffer overflow existed in the Marvell
Libertas WLAN Driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-14896)

It was discovered that a heap-based buffer overflow existed in the Marvell
Libertas WLAN Driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-14897)

It was discovered that a heap-based buffer overflow existed in the Marvell
WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-14901)

Jann Horn discovered that the OverlayFS and ShiftFS Drivers in the Linux
kernel did not properly handle reference counting during memory mapping
operations when used in conjunction with AUFS. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-15794)

References:
  CVE-2019-14895, CVE-2019-14896, CVE-2019-14897, CVE-2019-14901,
  CVE-2019-15794

Cloudflare: Accelerating UDP packet transmission for QUIC

sendmsg
REF: https://blog.cloudflare.com/accelerating-udp-packet-transmission-for-quic/

2020年1月16日 星期四

ADMIN: Storage monitoring with Grafana

Create intuitive and meaningful visualizations of storage performance values with a "TIG" stack: Telegraf, InfluxDB, and Grafana.

REF: http://www.admin-magazine.com/Articles/Storage-monitoring-with-Grafana

Prototyping optimizations with Cloudflare Workers and WebPageTest

With the OverrideHost script command WebPageTest + Cloudflare Workers = magic
REF: https://blog.cloudflare.com/workers-and-webpagetest/

[USN-4228-1] Linux kernel vulnerabilities

---------- Forwarded message ---------
From: Steve Beattie
Date: Jan 7, 2020 1:33PM

It was discovered that a heap-based buffer overflow existed in the Marvell
WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-14895, CVE-2019-14901)

It was discovered that a heap-based buffer overflow existed in the Marvell
Libertas WLAN Driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-14896, CVE-2019-14897)

Anthony Steinhauser discovered that the Linux kernel did not properly
perform Spectre_RSB mitigations to all processors for PowerPC architecture
systems in some situations. A local attacker could use this to expose
sensitive information. (CVE-2019-18660)

It was discovered that Geschwister Schneider USB CAN interface driver in
the Linux kernel did not properly deallocate memory in certain failure
conditions. A physically proximate attacker could use this to cause a
denial of service (kernel memory exhaustion). (CVE-2019-19052)

It was discovered that the driver for memoryless force-feedback input
devices in the Linux kernel contained a use-after-free vulnerability. A
physically proximate attacker could possibly use this to cause a denial of
service (system crash) or execute arbitrary code. (CVE-2019-19524)

It was discovered that the PEAK-System Technik USB driver in the Linux
kernel did not properly sanitize memory before sending it to the device. A
physically proximate attacker could use this to expose sensitive
information (kernel memory). (CVE-2019-19534)

References:
  https://usn.ubuntu.com/4228-1
  CVE-2019-14895, CVE-2019-14896, CVE-2019-14897, CVE-2019-14901,
  CVE-2019-18660, CVE-2019-19052, CVE-2019-19524, CVE-2019-19534

Cloudflare + Remote Browser Isolation


REF: https://blog.cloudflare.com/cloudflare-and-remote-browser-isolation/

Azure: Learning from cryptocurrency mining attack scripts on Linux

Cryptocurrency mining attacks continue to represent a threat to many of our Azure Linux customers. In the past, we've talked about how some attackers use brute force techniques to guess account names and passwords and use those to gain access to machines. Today, we're talking about an attack that a few of our customers have seen where a service is exploited to run the attackers code directly on the machine hosting the service.

REF: https://azure.microsoft.com/en-us/blog/learning-from-cryptocurrency-mining-attack-scripts-on-linux/

Introducing Cloudflare for Teams


REF: https://blog.cloudflare.com/introducing-cloudflare-for-teams/

TrendLabs: January Patch Tuesday: Update List Includes Fixes for Internet Explorer, Remote Desktop, Cryptographic Bugs

The listed vulnerabilities covered a range of Microsoft products including Windows RDP Gateway servers, Internet Explorer, ASP.NET, CryptoAPI, .NET Framework, Hyper-V, Office, Excel, and OneDrive.

REF: https://blog.trendmicro.com/trendlabs-security-intelligence/january-patch-tuesday-update-list-includes-fixes-for-internet-explorer-remote-desktop-cryptographic-bugs/

Security on the Internet with Cloudflare for Teams


REF: https://blog.cloudflare.com/cloudflare-for-teams-products/

Azure is now certified for the ISO/IEC 27701 privacy standard

The PIMS certification demonstrates that Azure provides a comprehensive set of management and operational controls that can help your organization demonstrate compliance with privacy laws and regulations. Microsoft’s successful audit can also help enable Azure customers to build upon our certification and seek their own certification to more easily comply with an ever-increasing number of global privacy requirements.

REF: https://azure.microsoft.com/en-us/blog/azure-is-now-certified-for-the-iso-iec-27701-privacy-standard/

2020年1月7日 星期二

TrendLabs: First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group

Figure. XX


Figure 1. The three apps related to SideWinder group
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/

Cloudflare Expanded to 200 Cities in 2019

Map of the world with dots denoting Cloudflare's geographically diverse presence in 200 cities
REF: https://blog.cloudflare.com/cloudflare-expanded-to-200-cities-in-2019/

2020年1月5日 星期日

LM: MX Linux MX-19


REF: http://www.linux-magazine.com/Issues/2020/231/This-Month-s-DVD

Cloudflare: First Half 2019 Transparency Report and an Update on a Warrant Canary


REF: https://blog.cloudflare.com/first-half-2019-transparency-report-and-an-update-on-a-warrant-canary/

LM: Zorin OS 15 Core



Zorin OS Core is a Linux distro focused on serving as a drop-in replacement to Windows or macOS. Their stated hope is to let newcomers transition to Linux so you "…won't need to learn anything to get started."

REF: http://www.linux-magazine.com/Issues/2020/231/This-Month-s-DVD

2020年1月2日 星期四

TrendLabs: Looking into Attacks and Techniques Used Against WordPress Sites

Figure 1. A sample of an attempt to log in with weak credentials
Figure 1. A sample of an attempt to log in with weak credentials
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/looking-into-attacks-and-techniques-used-against-wordpress-sites/

Plex: Serving our server owners

Serving our server owners
And for our power users who are managing servers for the whole fam, we’ve been working on giving you more tools and insights to make your job easier and more fun.

TrendLabs: DDoS Attacks and IoT Exploits: New Activity from Momentum Botnet

Figure. 2
Figure 2. Command and control communication path (downloader/distributer server, IRC server)
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/ddos-attacks-and-iot-exploits-new-activity-from-momentum-botnet/

Cloudflare: Adopting a new approach to HTTP prioritization

REF: https://blog.cloudflare.com/adopting-a-new-approach-to-http-prioritization/