[CERT-daily] Tageszusammenfassung - 23.04.2019

Tue Apr 23 18:06:51 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 19-04-2019 18:00 − Dienstag 23-04-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Operation ShadowHammer: a high-profile supply chain attack ∗∗∗
---------------------------------------------
In late March 2019, we briefly highlighted our research on ShadowHammer attacks, a sophisticated supply chain attack involving ASUS Live Update Utility. Now it is time to share more details about the research with our readers.
---------------------------------------------
https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/


∗∗∗ IT Security Guidelines for Transport Layer Security (TLS) ∗∗∗
---------------------------------------------
These guidelines are intended to aid during procurement, set-up and review of configurations of the Transport Layer Security protocol (TLS). TLS is the most popular protocol to secure connections on the Internet.
---------------------------------------------
https://www.ncsc.nl/english/current-topics/factsheets/it-security-guidelines-for-transport-layer-security-tls.html


∗∗∗ Analysis: Abuse of Custom Actions in Windows Installer MSI to Run Malicious JavaScript, VBScript, and PowerShell Scripts ∗∗∗
---------------------------------------------
We recently discovered malicious Microsoft Software Installation (MSI) files that download and execute other files, and could bypass traditional security solutions. Malicious actors can abuse custom actions in these files to execute malicious scripts and drop malware that are either capable of initiating a system shutdown or targeting financial systems located in certain locations.The post Analysis: Abuse of Custom Actions in Windows Installer MSI to Run Malicious JavaScript, VBScript, and
---------------------------------------------
https://blog.trendmicro.com/trendlabs-security-intelligence/analysis-abuse-of-custom-actions-in-windows-installer-msi-to-run-malicious-javascript-vbscript-and-powershell-scripts/


∗∗∗ CARBANAK Week Part One: A Rare Occurrence ∗∗∗
---------------------------------------------
It is very unusual for FLARE to analyze a prolifically-used, privately-developed backdoor only to later have the source code and operator tools fall into our laps. Yet this is the extraordinary circumstance that sets the stage for CARBANAK Week, a four-part blog series that commences with this post. CARBANAK is one of the most full-featured backdoors around. It was used to perpetrate millions of dollars in financial crimes, largely by the group we track as FIN7. In 2017, Tom Bennett and Barry
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-one-a-rare-occurrence.html


∗∗∗ So erkennen Sie Fake-Shops bevor es zu spät ist! ∗∗∗
---------------------------------------------
Auf der Schnäppchenjagd im Internet stoßen Konsument/innen häufig auf Online-Shops, die trotz Bezahlung keine Ware liefern. Kurz gesagt: Fake-Shops. Diese Webseiten werden von Kriminellen betrieben, die es ausschließlich auf das Geld ihrer Opfer abgesehen haben. Bezahlungen erfolgen per Vorkasse und die überwiesenen Beträge sind verloren. Das Erkennen von Fake-Shops ist oft schwierig, mit unseren Tipps aber nicht unmöglich!
---------------------------------------------
https://www.watchlist-internet.at/news/so-erkennen-sie-fake-shops-bevor-es-zu-spaet-ist/


∗∗∗ Trojanized TeamViewer used in government, embassy attacks across Europe ∗∗∗
---------------------------------------------
The remote desktop software is being weaponized to gain access to victim systems.
---------------------------------------------
https://www.zdnet.com/article/trojanized-teamviewer-used-in-government-political-attacks-across-europe/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (java-1.8.0-openjdk and java-11-openjdk), Debian (clamav, debian-security-support, and drupal7), Fedora (egl-wayland, elementary-camera, elementary-code, elementary-terminal, ephemeral, geocode-glib, gnome-characters, gnome-shell-extension-gsconnect, group-service, libmodulemd, libxmlb, mate-user-admin, mesa, meson, mpris-scrobbler, reportd, switchboard-plug-display, switchboard-plug-pantheon-shell, wingpanel, and wireshark), openSUSE (blueman and glibc), Red Hat (java-1.7.0-openjdk).
---------------------------------------------
https://lwn.net/Articles/786458/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (java-1.7.0-openjdk), Debian (ghostscript and wget), Gentoo (apache, glib, opendkim, and sqlite), Red Hat (kernel, kernel-alt, kernel-rt, ovmf, polkit, and python27-python), Scientific Linux (java-1.7.0-openjdk), and SUSE (php72).
---------------------------------------------
https://lwn.net/Articles/786538/


∗∗∗ BlackBerry Powered by Android Security Bulletin - April 2019 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000056358


∗∗∗ Malware-Verteiler werden immer jünger, infizieren sich oft selbst ∗∗∗
---------------------------------------------
https://heise.de/-4403823


∗∗∗ IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-v ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vyatta-5600-vrouter-software-patches-release-1801-v/


∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-1901) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-websphere-application-server-affects-ibm-spectrum-scale-packaged-in-ibm-elastic-storage-server-cve-2018-1901/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Integration Bus & IBM App Connect Enterprise V11 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-node-js-affect-ibm-integration-bus-ibm-app-connect-enterprise-v11-2/


∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in GNU C Library (CVE-2017-15804) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integrated-management-module-ii-imm2-is-affected-by-vulnerability-in-gnu-c-library-cve-2017-15804/


∗∗∗ IBM Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise are affected by a Websphere Application Server Vulnerability (CVE-2014-7810) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integration-bus-ibm-app-connect-enterprise-are-affected-by-a-websphere-application-server-vulnerability-cve-2014-7810/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM HTTP Server (CVE-2019-0211 CVE-2019-0220) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-http-server-cve-2019-0211-cve-2019-0220/


∗∗∗ IBM Security Bulletin: Potential vulnerability related to Unsafe Deserialization in Apache Solr shipped with IBM Operations Analytics – Log Analysis (CVE-2019-0192) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-vulnerability-related-to-unsafe-deserialization-in-apache-solr-shipped-with-ibm-operations-analytics-log-analysis-cve-2019-0192/


∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2019-4146, CVE-2019-4222) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosure-vulnerabilities-affect-ibm-sterling-b2b-integrator-cve-2019-4146-cve-2019-4222/


∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerabilities CVE-2018-5744 CVE-2019-6465 and CVE-2018-5745. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-is-affected-by-networking-bind-vulnerabilities-cve-2018-5744-cve-2019-6465-and-cve-2018-5745/


∗∗∗ IBM Security Bulletin: Security Bulletin: IBM Content Navigator is affected by an open redirect vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-ibm-content-navigator-is-affected-by-an-open-redirect-vulnerability/


∗∗∗ IBM Security Bulletin: Multiple Cross-Site Scripting Vulnerabilities Affect IBM Sterling B2B Integrator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-cross-site-scripting-vulnerabilities-affect-ibm-sterling-b2b-integrator/


∗∗∗ IBM Security Bulletin: Public disclosed vulnerability from SQLite CVE-2018-20346 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-public-disclosed-vulnerability-from-sqlite-cve-2018-20346/


∗∗∗ IBM Security Bulletin: IBM Content Navigator is vulnerable to cross-site scripting. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator-is-vulnerable-to-cross-site-scripting/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-data-redaction-5/


∗∗∗ IBM Security Bulletin: Weak Cryptographic Algorithm Vulnerability Affects IBM Sterling B2B Integrator (CVE-2018-1720) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weak-cryptographic-algorithm-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2018-1720/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily