[CERT-daily] Tageszusammenfassung - 29.08.2019

Thu Aug 29 18:23:32 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 28-08-2019 18:00 − Donnerstag 29-08-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Malware Samples Compiling Their Next Stage on Premise, (Wed, Aug 28th) ∗∗∗
---------------------------------------------
I would like to cover today two different malware samples I spotted two days ago. They have one interesting behaviour in common: they compile their next stage on the fly directly on the victim's computer. At a first point, it seems weird but, after all, its an interesting approach to bypass low-level detection mechanisms that look for PE files.
---------------------------------------------
https://isc.sans.edu/diary/rss/25278


∗∗∗ ‘Heatstroke’ Campaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card Information ∗∗∗
---------------------------------------------
Despite having an apparent lull in the first half of 2019, phishing will remain a staple in a cybercriminal’s arsenal, and theyre not going to stop using it. The latest example is a phishing campaign dubbed Heatstroke, based on a variable found in their phishing kit code.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/9hQZwZfgZ7U/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitslücke: Buffer Overflow in Dovecot-Mailserver ∗∗∗
---------------------------------------------
Eine Sicherheitslücke im Dovecot-Mailserver könnte es Angreifern erlauben, Code auszuführen. Updates stehen bereit.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-buffer-overflow-in-dovecot-mailserver-1908-143508-rss.html


∗∗∗ Kritische Lücke mit Höchstwertung in Ciscos Betriebssystem ISO EX ∗∗∗
---------------------------------------------
Es gibt Sicherheitsupdates für verschiedene Betriebssystem-Versionen für Netzwerkgeräte von Cisco.
---------------------------------------------
https://heise.de/-4509454


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (apache2 and faad2), openSUSE (schismtracker), Red Hat (ceph and pango), Scientific Linux (pango), SUSE (apache-commons-beanutils, ceph, php7, and qemu), and Ubuntu (ceph, dovecot, and ghostscript).
---------------------------------------------
https://lwn.net/Articles/797775/


∗∗∗ Nextgen Gallery < 3.2.11 - SQL Injection ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/9816


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-ilog-cplex-optimization-studio-and-ibm-cplex-enterprise-server/


∗∗∗ IBM Security Bulletin: Vulnerability CVE-2019-1543 in OpenSSL affects IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-cve-2019-1543-in-openssl-affects-ibm-i/


∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2019-1559) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-master-data-management-standard-and-advanced-editions-are-affected-by-vulnerabilities-in-openssl-cve-2019-1559/


∗∗∗ External DNS Requests in Zyxel USG/UAG/ATP/VPN/NXC series ∗∗∗
---------------------------------------------
https://sec-consult.com/en/blog/advisories/external-dns-requests-in-zyxel-usg-uag-atp-vpn-nxc-series/


∗∗∗ Hardcoded FTP Credentials in Zyxel NWA/NAP/WAC wireless access point series ∗∗∗
---------------------------------------------
https://sec-consult.com/en/blog/advisories/hardcoded-ftp-credentials-in-zyxel-wireless-access-point-series/


∗∗∗ A specifically crafted HTTP request may lead the BIG-IP system to pass malformed HTTP requests to a target pool member webserver (HTTP Desync Attack) ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K50375550


∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2019-0004 ∗∗∗
---------------------------------------------
https://webkitgtk.org/security/WSA-2019-0004.html


∗∗∗ Atlassian Confluence: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0768


∗∗∗ Kubernetes: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0769

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily