[CERT-daily] Tageszusammenfassung - 13.08.2019

Daily end-of-shift report team at cert.at
Tue Aug 13 18:06:58 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 12-08-2019 18:00 − Dienstag 13-08-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Steam Security Vulnerability Fixed, Researchers Dont Agree ∗∗∗
---------------------------------------------
Valve has pushed out a fix for a zero-day Steam Client local privilege escalation (LPE) vulnerability, but researchers say there are still other LPE vulnerabilities that are being ignored.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/steam-security-vulnerability-fixed-researchers-dont-agree/


∗∗∗ Troldesh Ransomware Dropper ∗∗∗
---------------------------------------------
Over the past few weeks, we’ve seen an increase in Troldesh ransomware using compromised websites as intermediary malware distributors. The malware often uses a PHP file that acts as a delivery tool for downloading the host malware dropper: hxxp://doolaekhun[.]com/cgi-bin/[redacted].php
---------------------------------------------
https://blog.sucuri.net/2019/08/troldesh-ransomware-dropper.html


∗∗∗ Back-to-Back Campaigns: Neko, Mirai, and Bashlite Malware Variants Use Various Exploits to Target Several Routers, Devices ∗∗∗
---------------------------------------------
Within a span of three weeks, our telemetry uncovered three notable malware variants of Neko, Mirai, and Bashlite. On July 22, 2019, we saw and started analyzing a Neko botnet sample, then observed another sample with additional exploits the following week. A Mirai variant that calls itself "Asher" [...]
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/jgzb2S8LB8M/


∗∗∗ MANRS Observatory: Monitoring the State of Internet Routing Security ∗∗∗
---------------------------------------------
Routing security is vital to the future and stability of the Internet, but it’s under constant threat. Which is why we’ve launched a free online tool so that network operators can see how they’re doing, and what they can improve, while anyone can see the health of the Internet at a glance.
---------------------------------------------
https://www.internetsociety.org/blog/2019/08/manrs-observatory-monitoring-the-state-of-internet-routing-security/


∗∗∗ The Twin Journey, Part 3: I’m Not a Twin, Can’t You See my Whitespace at the End? ∗∗∗
---------------------------------------------
In this series of 3 blogs (you can find part 1 here, and part 2 here), so far we have understood the implications of promoting files to “Evil Twins” where they can be created and remain in the system as different entities once case sensitiveness is enabled, and some issues that could be raised by [...]
---------------------------------------------
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/the-twin-journey-part-3-im-not-a-twin-cant-you-see-my-whitespace-at-the-end/


∗∗∗ CEO Cyber Quiz: What’s Your IT Security IQ? ∗∗∗
---------------------------------------------
Every business leader understands that, when it comes to cybersecurity, the stakes are extraordinarily high. CEOs tend to take notice when they read headlines about yet another big-name company being victimized by a massive data breach or about industry forecasts suggesting that the annual cost of crime losses and damage will hit $6 trillion by [...]
---------------------------------------------
https://www.tripwire.com/state-of-security/security-awareness/ceo-cyber-security-iq/


∗∗∗ Datingfalle.at: Kostenlose Hilfe bei Online-Dating-Fallen! ∗∗∗
---------------------------------------------
Auf www.datingfalle.at bietet der Internet Ombudsmann kostenlose Hilfe bei rechtlichen Problemen mit Online-Dating-Plattformen, Erotik-Portalen und Singlebörsen. Neben Infos und Tipps steht eine außergerichtliche Streitschlichtung zur Verfügung. Hier gibt es Hilfestellung bei Abo-Fallen, automatischer Vertragsverlängerung, Kündigungsschwierigkeiten oder Inkasso-Schreiben.
---------------------------------------------
https://www.watchlist-internet.at/news/datingfalleat-kostenlose-hilfe-bei-online-dating-fallen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe After Effects CC (APSB19-31), Adobe Character Animator CC (APSB19-32), Adobe Premiere Pro CC (APSB19-33), Adobe Prelude CC (APSB19-35), Adobe Creative Cloud Desktop Application (APSB19-39), Adobe Acrobat and Reader (APSB19-41), Adobe Experience Manager (APSB19-42) and Adobe Photoshop CC (APSB19-44). Adobe recommends users update their product installations to the latest versions using the instructions referenced [...]
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1773


∗∗∗ [20190801] - Core - Hardening com_contact contact form ∗∗∗
---------------------------------------------
Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 1.6.2 - 3.9.10 Exploit type: Incorrect Access Control Reported Date: 2019-April-09 Fixed Date: 2019-August-13 CVE Number: CVE-2019-XXXXX  Description Inadequate checks in com_contact could allowed mail submission in disabled forms. Affected Installs Joomla! CMS versions 1.6.2 - 3.9.10 Solution Upgrade to version 3.9.11
---------------------------------------------
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/H1jmq28mUAw/789-20190801-core-hardening-com-contact-contact-form.html


∗∗∗ # SSA-671286: Multiple Vulnerabilities in SCALANCE Products ∗∗∗
---------------------------------------------
The latest update for SCALANCE SC-600 fixes multiple vulnerabilities. The most severe could allow authenticated local users with physical access to the device to execute arbitrary commands on the device under certain conditions.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-671286.txt


∗∗∗ # SSA-530931: Denial-of-Service in Webserver of Industrial Products ∗∗∗
---------------------------------------------
A vulnerability in the affected products could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-530931.txt


∗∗∗ # SSA-232418: Vulnerabilities in SIMATIC S7-1200 and SIMATIC S7-1500 CPU families ∗∗∗
---------------------------------------------
Two vulnerabilities have been identified in the SIMATIC S7-1200 and the SIMATIC S7-1500 CPU families. One vulnerability could allow an attacker with network access to affected devices to modify the user program stored on these devices such that the source code differs from the actual running code. The other vulnerability could allow an attacker in a Man-in-the-Middle position to modify network traffic exchanged on port 102/tcp.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-232418.txt


∗∗∗ # SSA-100232: Denial-of-Service vulnerability in SCALANCE X switches ∗∗∗
---------------------------------------------
A vulnerability in the affected devices could allow an unauthenticated attacker with network access to an affected device to perform a denial-of-service.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-100232.txt


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, postgresql, and postgresql-libs), Debian (atril, chromium, evince, ghostscript, jackson-databind, kernel, and php5), Fedora (kf5-kconfig, mingw-sqlite, pam-u2f, and poppler), Mageia (kernel), openSUSE (aubio, chromium, kconfig, kdelibs4, nodejs10, osc, and zstd), Red Hat (ghostscript), and Ubuntu (ghostscript and MariaDB).
---------------------------------------------
https://lwn.net/Articles/796075/


∗∗∗ [remote] Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit) ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/47230


∗∗∗ [remote] ManageEngine OpManager 12.4x - Unauthenticated Remote Command Execution (Metasploit) ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/47229


∗∗∗ [remote] ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit) ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/47228


∗∗∗ [remote] ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit) ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/47227


∗∗∗ Linux kernel vulnerability CVE-2016-7097 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K31603170


∗∗∗ SAP Patchday August: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0714

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list