[CERT-daily] Tageszusammenfassung - 02.07.2019

Daily end-of-shift report team at cert.at
Tue Jul 2 18:20:08 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 01-07-2019 18:00 − Dienstag 02-07-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Network Time Security: Sichere Uhrzeit übers Netz ∗∗∗
---------------------------------------------
Fast alle modernen Geräte synchronisieren ihre Uhrzeit übers Internet. Das dafür genutzte Network Time Protocol ist nicht gegen Manipulationen geschützt - bisher. Mit der Erweiterung Network Time Security soll sich das ändern.
---------------------------------------------
https://www.golem.de/news/network-time-security-sichere-uhrzeit-uebers-netz-1907-142137-rss.html


∗∗∗ IT-Sicherheit: BSI erarbeitet neue Mindeststandards für Browser ∗∗∗
---------------------------------------------
Vor zwei Jahren formulierte das Bundesamt für Sicherheit in der Informationstechnik Anforderungen an sichere Browser. Nun soll das Dokument aktualisiert werden, um Kommentierung wird gebeten.
---------------------------------------------
https://www.golem.de/news/it-sicherheit-bsi-erarbeitet-neue-mindeststandards-fuer-browser-1907-142261-rss.html


∗∗∗ Using Powershell in Basic Incident Response - A Domain Wide "Kill-Switch", (Tue, Jul 2nd) ∗∗∗
---------------------------------------------
Now that we have the hashes for all the running processes in the AD Domain, and also have the VT Score for each hash in the system, how can we use this information?  Incident Response comes immediately to mind for me.  If you've ever been in a medium-to-large-scale "incident", the situation that you often find is 'we know everything seems to be infected, but out of thousands of machines, which ones are actually infected right now?
---------------------------------------------
https://isc.sans.edu/diary/rss/25088


∗∗∗ Tale of a Windows Error Reporting Zero-Day (CVE-2019-0863) ∗∗∗
---------------------------------------------
In December 2018, a hacker who goes by the alias ‘SandboxEscaper’ publicly disclosed a zero-day vulnerability in the Windows Error Reporting (WER) component. Digging deeper into her submission, I discovered another zero-day vulnerability, which could be abused to elevate system privileges. According to the Microsoft advisory, attackers exploited this bug as a zero-day in the wild until the patch was released in May 2019. So how did this bug work exactly?
---------------------------------------------
https://unit42.paloaltonetworks.com/tale-of-a-windows-error-reporting-zero-day-cve-2019-0863/


∗∗∗ Firefox 68: Mozilla behebt Konflikte zwischen Browser und Antiviren-Software ∗∗∗
---------------------------------------------
Frühere Firefox-Versionen kollidierten häufig mit AV-Software; Fehlermeldungen und Verbindungsprobleme waren die Folge. Mit Version 68 soll sich das ändern.
---------------------------------------------
https://heise.de/-4460657


∗∗∗ The art and science of password hashing ∗∗∗
---------------------------------------------
The recent FlipBoard breach shines a spotlight again on password security and the need for organizations to be more vigilant. Password storage is a critical area where companies must take steps to ensure they don’t leave themselves and their customer data vulnerable. Storing passwords in plaintext is recognized as a major cybersecurity blunder.
---------------------------------------------
https://www.helpnetsecurity.com/2019/07/02/password-hashing/


∗∗∗ SD-WAN Security Assessment: The First Hours ∗∗∗
---------------------------------------------
SD-WAN Security Assessment: The First HoursIntroductionSuppose you need to perform a security assessment of an SD-WAN solution.There are several reasons for this and one of them is selecting an SD-WAN provider or product.A traditional SD-WAN system involves many planes, technologies, mechanisms, services, protocols and features.It has distributed and multilayered architecture. So where should you start?
---------------------------------------------
http://www.scada.sl/2019/07/sd-wan-security-assessment-first-hours.html


∗∗∗ Achtung Fake: cyberino.store ∗∗∗
---------------------------------------------
Bestellen Sie nicht bei cyberino.store, denn Sie werden Ihre Ware nie erhalten. Es handelt sich um einen Fake-Shop!
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-fake-cyberinostore/


∗∗∗ In eigener Sache: CERT.at sucht Verstärkung ∗∗∗
---------------------------------------------
Für unsere täglichen Routineaufgaben suchen wir derzeit 1 Berufsein- oder -umsteiger/in mit ausgeprägtem Interesse an IT-Security, welche/r uns bei den täglich anfallenden Standard-Aufgaben unterstützt. Details finden sich auf unserer Jobs-Seite.
---------------------------------------------
http://www.cert.at/services/blog/20190702153623-2489.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ SquirrelMail XSS ∗∗∗
---------------------------------------------
When viewing e-mails in HTML mode (not active by default) SquirrelMail applies a custom sanitization step in an effort to remove possibly malicious script and other content from the viewed e-mail. Due to improper handling of RCDATA and RAWTEXT type elements, the HTML parser used in this process shows differences compared to real user agent behavior. Exploiting these differences JavaScript code can be introduced which is not removed.
---------------------------------------------
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-016.txt


∗∗∗ Patchday: Android und das löchrige Media Framework ∗∗∗
---------------------------------------------
Google hat Sicherheitsupdates veröffentlicht, die kritische Lücken in Pixel-Smartphones schließen.
---------------------------------------------
https://heise.de/-4460308


∗∗∗ VMSA-2019-0010 ∗∗∗
---------------------------------------------
VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2019-0010.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (firefox, firefox-developer-edition, libarchive, and vlc), CentOS (firefox, thunderbird, and vim), Debian (firefox-esr, openssl, and python-django), Fedora (glpi and xen), Mageia (thunderbird), openSUSE (ImageMagick, irssi, libheimdal, and phpMyAdmin), Red Hat (libssh2 and qemu-kvm), Scientific Linux (firefox, thunderbird, and vim), SUSE (389-ds, cf-cli, curl, dbus-1, dnsmasq, evolution, glib2, gnutls, graphviz, java-1_8_0-openjdk, and libxslt), [...]
---------------------------------------------
https://lwn.net/Articles/792595/


∗∗∗ Linux kernel vulnerability CVE-2019-3896 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K04327111


∗∗∗ TMM vulnerability CVE-2019-6628 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K04730051


∗∗∗ F5 TMUI and iControl Rest vulnerability CVE-2019-6634 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K64855220


∗∗∗ iControl REST vulnerability CVE-2019-6637 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K29149494


∗∗∗ TMM vulnerability CVE-2019-6629 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K95434410


∗∗∗ BIG-IP HTTP profile vulnerability CVE-2019-6631 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K19501795


∗∗∗ iControl REST vulnerability CVE-2019-6620 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K20445457


∗∗∗ iControl REST and tmsh vulnerability CVE-2019-6621 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K20541896


∗∗∗ iControl REST vulnerability CVE-2019-6641 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K22384173


∗∗∗ BIG-IP TMUI vulnerability CVE-2019-6625 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K79902360


∗∗∗ iControl REST vulnerability CVE-2019-6638 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K67825238


∗∗∗ SNMP vulnerability CVE-2019-6640 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K40443301


∗∗∗ BIG-IP Appliance mode vulnerability CVE-2019-6633 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K73522927


∗∗∗ BIG-IP Appliance mode vulnerability CVE-2019-6635 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K11330536


∗∗∗ vCMP vulnerability CVE-2019-6632 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K01413496


∗∗∗ F5 SSL Orchestrator vulnerability CVE-2019-6630 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K33444350


∗∗∗ F5 SSL Orchestrator vulnerability CVE-2019-6627 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K36320691


∗∗∗ BIG-IP AFM and PEM TMUI XSS vulnerability CVE-2019-6639 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K61002104


∗∗∗ iControl REST vulnerability CVE-2019-6622 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K44885536


∗∗∗ TMM vulnerability CVE-2019-6623 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K72335002


∗∗∗ BIG-IP TMUI XSS vulnerability CVE-2019-6626 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K00432398


∗∗∗ IP Intelligence Feed List TMUI vulnerability CVE-2019-6636 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K68151373

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list