[CERT-daily] Tageszusammenfassung - 23.08.2019

Fri Aug 23 18:28:31 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 22-08-2019 18:00 − Freitag 23-08-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ The Many Possibilities of CVE-2019-8646 ∗∗∗
---------------------------------------------
CVE-2019-8646 is a somewhat unusual vulnerability I reported in iMessage. It has a number of consequences, including information leakage and the ability to remotely read files on a device. This blog post discusses the ways that an attacker could use this bug.
---------------------------------------------
https://googleprojectzero.blogspot.com/2019/08/the-many-possibilities-of-cve-2019-8646.html


∗∗∗ Instagram phishing uses 2FA as a lure ∗∗∗
---------------------------------------------
If the phishing page looks OK, and it has an HTTPS padlock, how are you supposed to spot phishes these days?
---------------------------------------------
https://nakedsecurity.sophos.com/2019/08/23/instagram-phishing-uses-2fa-as-a-lure/


∗∗∗ Simple Mimikatz & RDPWrapper Dropper, (Thu, Aug 22nd) ∗∗∗
---------------------------------------------
Let's review a malware sample that I spotted a few days ago. I found it interesting because it's not using deep techniques to infect its victims. The initial sample is a malicious VBScript. For a few weeks, I started to hunt for more Powershell based on encoded directives. The following regular expression matched on the file: [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/25262


∗∗∗ Sommerferien vorbei – Emotet ist zurück ∗∗∗
---------------------------------------------
Seit Freitag früh sind die Server der wohl gefährlichsten Cybercrime-Bande wieder aktiv.
---------------------------------------------
https://heise.de/-4503467


∗∗∗ Hackers Target Vulnerabilities in Fortinet, Pulse Secure Products ∗∗∗
---------------------------------------------
Recently disclosed vulnerabilities affecting enterprise virtual private network (VPN) products from Fortinet and Pulse Secure have been exploited in the wild, a researcher reported on Thursday.
---------------------------------------------
https://www.securityweek.com/hackers-target-vulnerabilities-fortinet-pulse-secure-products


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (cups, nginx, and openjdk-7), Fedora (httpd, mod_md, nghttp2, and patch), and SUSE (rubygem-loofah).
---------------------------------------------
https://lwn.net/Articles/797049/


∗∗∗ PrivEsc in Lenovo Solution Centre, 10 minutes later ∗∗∗
---------------------------------------------
CVE-2019-6177 – Lenovo Solution Centre Privilege Escalation. Slow, but sure. TL;DR We found a privilege escalation vulnerability in the Lenovo Solution Centre (LSC) software, which came pre-installed on many Windows-based Lenovo devices. Lenovo say LSC has been shipped since 2011, but haven’t been clear about when they stopped shipping it by default with new devices.
---------------------------------------------
https://www.pentestpartners.com/security-blog/privesc-in-lenovo-solution-centre-10-minutes-later/


∗∗∗ IBM Security Bulletin: Remote Execution Vulnerability Affects Red Hat Linux Used By IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter (CVE-2019-12735) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-remote-execution-vulnerability-affects-red-hat-linux-used-by-ibm-websphere-application-server-for-ibm-cloud-private-vm-quickstarter-cve-2019-12735/


∗∗∗ Spectre SWAPGS gadget vulnerability CVE-2019-1125 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K31085564


∗∗∗ HPESBUX03950 rev.1 - HP-UX Web Server Suite running Apache on HP-UX 11iv3, Multiple Remote Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily