[CERT-daily] Tageszusammenfassung - 08.07.2019

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 05-07-2019 18:00 − Montag 08-07-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Anubis Android Malware Returns with Over 17,000 Samples ∗∗∗
---------------------------------------------
In mid-January of 2019, we saw Anubis use a plethora of techniques,
including the use of motion-based sensors to elude sandbox analysis and
overlays to steal personally identifiable information.
The latest samples of Anubis (detected by Trend Micro as
AndroidOS_AnubisDropper) we recently came across are no different.
While tracking Anubis’ activities, we saw two related servers
containing 17,490 samples.
---------------------------------------------
https://blog.trendmicro.com/trendlabs-security-intelligence
   /anubis-android-malware-returns-with-over-17000-samples/


∗∗∗ Godlua, Missverständnisse und der Streit um DNS over HTTPS ∗∗∗
---------------------------------------------
Der Linux-Schadcode Godlua verschlüsselt seinen DNS-Traffic mit HTTPS,
benutzt allerdings nicht das DoH-Protokoll.
---------------------------------------------
https://heise.de/-4464640


∗∗∗ Malicious Code Planted in strong_password Ruby Gem ∗∗∗
---------------------------------------------
A developer discovered that an update released for the
'strong_password' Ruby gem contained malicious code that allowed an
attacker to remotely execute arbitrary code.
Developer Tute Costa was updating gems used by a Rails application when
he noticed that version 0.0.7 of strong_password was pushed out on
RubyGems.org, the Ruby community's gem hosting service, but not on
GitHub.
---------------------------------------------
https://www.securityweek.com
   /malicious-code-planted-strongpassword-ruby-gem



=====================
=  Vulnerabilities  =
=====================

∗∗∗ ZDI-19-640: (0Day) Google Android Bluetooth hci_len Heap-based
Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows attackers in close proximity to execute
arbitrary code on vulnerable installations of Google Android. User
interaction is required to exploit this vulnerability in that the
target must accept a malicious file transfer.
...
06/07/19 - The vendor replied the fix was not public yet but would soon
be included in the next release of a major version
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-640/


∗∗∗ Multiple Vulnerabilities in innovaphone VoIP Products Fixed ∗∗∗
---------------------------------------------
innovaphone fixed several vulnerabilities in two VoIP products that we
disclosed a while ago. The affected products are the Linux Application
Platform and the IPVA. Unfortunately, the release notes are not public
(yet?) and the vendor does not include information about the
vulnerabilities for the Linux Application Platform. Therefore, we
decided to publish some more technical details for the issues.
---------------------------------------------
https://insinuator.net/2019/07
   /multiple-vulnerabilities-in-innovaphone-voip-products-fixed/


∗∗∗ ct deckt auf: Tastaturen und Mäuse von Logitech weitreichend
angreifbar ∗∗∗
---------------------------------------------
In etlichen Tastaturen, Mäusen und Presentern von Logitech klaffen
Sicherheitslücken. ct erklärt, welche Produkte betroffen sind und was
Sie jetzt tun sollten.
---------------------------------------------
https://heise.de/-4464149


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (dosbox, python-django,
squid3, and unzip), Fedora (filezilla, libfilezilla, and samba),
openSUSE (gvfs), Oracle (kernel), Red Hat (firefox and
redhat-virtualization-host), SUSE (bash and libpng16), and Ubuntu
(libvirt).
---------------------------------------------
https://lwn.net/Articles/793057/


∗∗∗ CVE-2019–13142: Razer Surround 1.1.63.0 EoP ∗∗∗
---------------------------------------------
Version: Razer Surround 1.1.63.0
Operating System tested on: Windows 10 1803 (x64)
Vulnerability: Razer Surround Elevation of Privilege through Insecure
folder/file permissions
---------------------------------------------
https://posts.specterops.io
   /cve-2019-13142-razer-surround-1-1-63-0-eop-f18c52b8be0c


∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability in
IBM SONAS ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt
   /ibm-security-bulletin-multiple-mozilla-firefox-vulnerability-in-ibm
   -sonas-2/


∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability in
IBM SONAS ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt
   /ibm-security-bulletin-multiple-mozilla-firefox-vulnerability-in-ibm
   -sonas/


∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerabilities in
IBM SONAS ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt
   /ibm-security-bulletin-multiple-mozilla-firefox-vulnerabilities-in-i
   bm-sonas-6/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime
affect IBM Cloud Transformation Advisor ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt
   /ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-
   affect-ibm-cloud-transformation-advisor-2/


∗∗∗ IBM Security Bulletin: A vulnerability in IBM Websphere Application
Server could affect IBM Cloud App Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt
   /ibm-security-bulletin-a-vulnerability-in-ibm-websphere-application-
   server-could-affect-ibm-cloud-app-management/


∗∗∗ HPESBHF03937 rev.1 - HPE UIoT Unauthorized Remote Access and Access
to Sensitive Information ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public
   /display?docLocale=en_US&docId=emr_na-hpesbhf03937en_us


∗∗∗ HPESBMU03941 rev.1 - HPE IceWall SSO Agent Option and IceWall MFA
Remote Denial of Service ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public
   /display?docLocale=en_US&docId=emr_na-hpesbmu03941en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily