[CERT-daily] Tageszusammenfassung - 27.12.2019

Fri Dec 27 18:09:21 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 23-12-2019 18:00 − Freitag 27-12-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Timely acquisition of network traffic evidence in the middle of an incident response procedure, (Wed, Dec 25th) ∗∗∗
---------------------------------------------
The acquisition of evidence is one of the procedures that always brings controversy in incident management. We must answer questions such as: [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/25560


∗∗∗ Bypassing UAC to Install a Cryptominer ∗∗∗
---------------------------------------------
First of all, Merry Christmas to all our readers! I hope youre enjoying the break with your family and friends! Even if everything slows down in this period, there is always malicious activity ongoing. I found a small PowerShell script that looked interesting for a quick diary. First of all, it has a VT score of 2/60[1]. It installs a cryptominer and its most interesting feature is the use of a classic technique to bypass UAC[2].
---------------------------------------------
https://isc.sans.edu/forums/diary/Bypassing+UAC+to+Install+a+Cryptominer/25644/


∗∗∗ Video: Identitätsdiebstahl mit gefälschten Airbnb-Mails ∗∗∗
---------------------------------------------
Airbnb genießt hohes Vertrauen bei seinen UserInnen. Das versuchen sich auch Kriminelle zu Nutze zu machen. Sie versenden betrügerische Phishing-Mails im Design von Airbnb.
---------------------------------------------
https://www.watchlist-internet.at/news/video-identitaetsdiebstahl-mit-gefaelschten-airbnb-mails/


∗∗∗ Video: Erpressungs-Mails ∗∗∗
---------------------------------------------
Kriminelle versenden massenhaft Erpressungs-Mails an InternetnutzerInnen. Darin behaupten sie, die EmpfängerInnen der Nachrichten beim Masturbieren gefilmt zu haben. Um zu vermeiden, dass das Video veröffentlicht wird, sollen gewisse Geldbeträge in Form von Bitcoins bezahlt werden.
---------------------------------------------
https://www.watchlist-internet.at/news/video-erpressungs-mails/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ New Magellan 2.0 SQLite Vulnerabilities Affect Many Programs ∗∗∗
---------------------------------------------
New vulnerabilities in the SQLite database engine affect a wide range of applications that utilize it as a component within their software packages.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-magellan-20-sqlite-vulnerabilities-affect-many-programs/


∗∗∗ AVE DOMINAplus 1.10.x Credentials Disclosure Exploit ∗∗∗
---------------------------------------------
The application suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/authClients.xml and obtain administrative login information that allows for a successful authentication bypass attack.
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5550.php


∗∗∗ AVE DOMINAplus 1.10.x Authentication Bypass Exploit ∗∗∗
---------------------------------------------
DOMINAplus suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials.
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5549.php


∗∗∗ AVE DOMINAplus 1.10.x Unauthenticated Remote Reboot ∗∗∗
---------------------------------------------
The application suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario.
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5548.php


∗∗∗ AVE DOMINAplus 1.10.x CSRF/XSS Vulnerabilities ∗∗∗
---------------------------------------------
The application suffers from multiple CSRF and XSS vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Input passed to several GET/POST parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script [...]
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5547.php


∗∗∗ Inim Electronics Smartliving SmartLAN/G/SI 6.x Hard-coded Credentials ∗∗∗
---------------------------------------------
The devices utilizes hard-coded credentials within its Linux distribution image. These sets of credentials (Telnet, SSH, FTP) are never exposed to the end-user and cannot be changed through any normal operation of the smart home device. Attacker could exploit this vulnerability by logging in and gain system access.
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5546.php


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (freetype, kernel, nss, nss-softokn, nss-util, and thunderbird), Mageia (ghostpcl, libmirage, and spamassassin), Oracle (fribidi), and SUSE (mariadb-100, shibboleth-sp, and slurm).
---------------------------------------------
https://lwn.net/Articles/808090/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox, fribidi, nss, nss-softokn, nss-util, openslp, and thunderbird), Debian (opensc), and Mageia (389-ds-base, apache, apache-mod_auth_openidc, kernel, libofx, microcode, php, and ruby).
---------------------------------------------
https://lwn.net/Articles/808119/


∗∗∗ CA Client Automation 14.x Privilege Escalation ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2019120108


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191225-01-validation-en


∗∗∗ Security Advisory - Integer Overflow Vulnerability in the Linux Kernel (SACK Panic) ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191225-01-kernel-en


∗∗∗ Security Advisory - Multiple Vulnerabilities in the X.509 Implementation in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191225-01-eudemon-en


∗∗∗ Security Advisory - Missing Integrity Checking Vulnerability on Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191225-01-digital-en


∗∗∗ Red Hat Enterprise Linux: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1110


∗∗∗ ImageMagick / GraphicsMagick: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1117


∗∗∗ D-LINK Router: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1116


∗∗∗ Nvidia GeForce Experience: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1114


∗∗∗ Trend Micro Maximum Security: Schwachstelle ermöglicht Denial of Service oder Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1113


∗∗∗ Trend Micro AntiVirus für Mac: Schwachstelle ermöglicht Manipulation von Dateien ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1120

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily