[CERT-daily] Tageszusammenfassung - 10.07.2019

Wed Jul 10 18:21:18 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 09-07-2019 18:00 − Mittwoch 10-07-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ eCh0raix — New Ransomware Targets QNAP NAS Devices ∗∗∗
---------------------------------------------
A new ransomware family has been found targeting Network Attached Storage (NAS) devices made by Taiwan-based QNAP Systems and holding users data hostage until a ransom is paid, researchers told The Hacker News. Ideal for home and small business, NAS devices are dedicated file storage units connected to a network or through the Internet ...
---------------------------------------------
https://thehackernews.com/2019/07/ransomware-nas-devices.html


∗∗∗ New FinSpy iOS and Android implants revealed ITW ∗∗∗
---------------------------------------------
FinSpy is used to collect a variety of private user information on various platforms. Since 2011 Kaspersky has continuously monitored the development of this malware and the emergence of new versions in the wild. According to our telemetry, several dozen unique mobile devices have been infected over the past year, with recent activity recorded in Myanmar in June 2019.
---------------------------------------------
https://securelist.com/new-finspy-ios-and-android-implants-revealed-itw/91685/


∗∗∗ ENISA puts out EU ICT Industrial Policy paper for consultation ∗∗∗
---------------------------------------------
The EU Agency for Cybersecurity, ENISA, launches its consultation paper ‘EU ICT Industrial Policy: Breaking the Cycle of Failure’, a paper that aims to explore issues such as digital sovereignty and the supply chain of cybersecurity products in Europe, as well as to present an overview of the relationship between the global ICT market and the cybersecurity market.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/enisa-puts-out-eu-ict-industrial-policy-paper-for-consultation


∗∗∗ Error in DNSSEC implementation on F5 BIG-IP load balancers ∗∗∗
---------------------------------------------
The vendor (F5) was informed about the error in August 2018 and now it has released the recommended configuration to workaround the problem. As the operators of DNS resolvers are already encountering the bug in normal operation, we are publishing a detailed description of the error to inform the professional public and raise awareness of the problem.
---------------------------------------------
https://en.blog.nic.cz/2019/07/10/error-in-dnssec-implementation-on-f5-big-ip-load-balancers/


∗∗∗ Verschlüsseln mit PGP: Das neue GnuPG und der langsame Tod des Web of Trust ∗∗∗
---------------------------------------------
Die neue Version von GnuPG soll die Auswirkungen des Signatur-Spams einschränken. Deshalb ignoriert es ab sofort alle Signaturen der importierten Schlüssel.
---------------------------------------------
https://heise.de/-4467052


∗∗∗ Angreifbare Logitech-Tastaturen: Antworten auf die dringendsten Fragen ∗∗∗
---------------------------------------------
Was muss man bei kabellosen Tastaturen und Mäusen von Logitech jetzt beachten? Wie gefährliche sind die Lücken? Unsere FAQ beantworten die häufigsten Fragen.
---------------------------------------------
https://heise.de/-4466921


∗∗∗ Discovering and fingerprinting BACnet devices ∗∗∗
---------------------------------------------
BACnet is a communication protocol deployed for building automation and control networks. The most widely accepted networks include Internet Protocol (BACnet/IP) and the Master-Slave Token-Passing network (BACnet MS/TP). Generally, routers are required to interconnect BACnet networks while gateways are preferred for connecting non-compliant devices to a primary BACnet network. It is anticipated that 64% of the building automation industry uses BACnet for effective operations.
---------------------------------------------
https://www.helpnetsecurity.com/2019/07/10/bacnet-devices/


∗∗∗ Windows zero-day CVE-2019-1132 exploited in targeted attacks ∗∗∗
---------------------------------------------
The exploit abuses a local privilege escalation vulnerability in Microsoft Windows, specifically a NULL pointer dereference in the win32k.sys component. Once the exploit was discovered and analyzed, it was reported to the Microsoft Security Response Center, who promptly fixed the vulnerability and released a patch.
---------------------------------------------
https://www.welivesecurity.com/2019/07/10/windows-zero-day-cve-2019-1132-exploit/


∗∗∗ Bank Austria Phishing-Nachricht mit PDF-Anhang in Umlauf ∗∗∗
---------------------------------------------
Vorsicht vor einer betrügerischen E-Mail im Namen der Bank Austria. Kriminelle versenden eine Nachricht mit .pdf-Anhang, die zur Eingabe der Online-Banking-Daten auffordert, da Datenbankprobleme aufgetreten sein sollen. Anschließend sollen Betroffene einen SMS-Code erhalten. Achtung! Es handelt sich vermutlich um eine SMS-Tan für eine betrügerische Abbuchungen.
---------------------------------------------
https://www.watchlist-internet.at/news/bank-austria-phishing-nachricht-mit-pdf-anhang-in-umlauf/


∗∗∗ Using Wireshark: Exporting Objects from a PCAP ∗∗∗
---------------------------------------------
When reviewing packet captures (pcaps) of suspicious activity, security professionals may need to export objects from the pcaps for a closer examination.This tutorial offers tips on how to export different types of objects from a pcap. The instructions assume you understand network traffic fundamentals. We will use these pcaps of network traffic to practice extracting objects using Wireshark.
---------------------------------------------
https://unit42.paloaltonetworks.com/using-wireshark-exporting-objects-from-a-pcap/


∗∗∗ New Android malware replaces legitimate apps with ad-infested doppelgangers ∗∗∗
---------------------------------------------
New "Agent Smith" malware operation is preparing to invade the Google Play Store.
---------------------------------------------
https://www.zdnet.com/article/new-android-malware-replaces-legitimate-apps-with-ad-infested-doppelgangers/#ftag=RSSbaffb68


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Medizin: Sicherheitslücken in Beatmungsgeräten ∗∗∗
---------------------------------------------
Über das Krankenhausnetzwerk lassen sich Befehle an Anästhesie- und Beatmungsgeräte des Herstellers GE senden. Eine Sicherheitslücke ermöglicht unter anderem, Dosierung und Typ des Narkosemittels zu ändern.
---------------------------------------------
https://www.golem.de/news/medizin-sicherheitsluecken-in-beatmungsgeraeten-1907-142459-rss.html


∗∗∗ [20190701] - Core - Filter attribute in subform fields allows remote code execution ∗∗∗
---------------------------------------------
Project: Joomla! SubProject: CMS
Impact: Moderate
Severity: Low 
Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
---------------------------------------------
https://developer.joomla.org/security-centre/787-20190701-core-filter-attribute-in-subform-fields-allows-remote-code-execution.html


∗∗∗ VMWare Security Advisory on DoS Vulnerability in ESXi, (Tue, Jul 9th) ∗∗∗
---------------------------------------------
VMWare has released patches for ESXi that address a denial of service vulnerablility in hostd. ESXi 6.0 is unaffected, 6.5 has a patch, and 6.7 has a patch pending. This addresses a vulnerability described in CVE-2019-5528 and is rated important (CVSSv3 = 5.3). A workaround has also been published. If you run ESXi, you should take a look at this as well today.
---------------------------------------------
https://isc.sans.edu/diary/rss/25112


∗∗∗ Vuln: Intel Processor Diagnostic Tool CVE-2019-11133 Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
A local attacker can exploit this issue to gain elevated privileges, obtain sensitive information or cause denial-of-service conditions. 
---------------------------------------------
http://www.securityfocus.com/bid/109096


∗∗∗ Vuln: Symantec Messaging Gateway CVE-2019-12751 Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
An attacker can exploit this issue to gain elevated privileges on an affected system. Symantec Messaging Gateway versions prior to 10.7.1 are vulnerable. 
---------------------------------------------
http://www.securityfocus.com/bid/108925


∗∗∗ Patchday: Angreifer attackieren Windows und Windows Server ∗∗∗
---------------------------------------------
Microsoft schließt fast 80 Sicherheitslücken in Windows & Co. Davon gelten mehrere Schwachstellen als kritisch.
---------------------------------------------
https://heise.de/-4466722


∗∗∗ Security Advisory - Three Vulnerabilities in Huawei PCManager Product ∗∗∗
---------------------------------------------
There are two information leak vulnerabilities in Huawei PCManager product. Successful exploitation may cause the attacker to read/write some information. The two vulnerabilities have been assigned two Common Vulnerabilities and Exposures (CVE) IDs: CVE-2019-5237 and CVE-2019-5238.
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190710-01-pcmanager-en


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (redis), Fedora (expat), Mageia (dosbox, irssi, microcode, and postgresql11), Red Hat (bind, dbus, openstack-ironic-inspector, openstack-tripleo-common, python-novajoin, and qemu-kvm-rhev), Scientific Linux (kernel), SUSE (kernel-firmware, libdlm, libqb, and libqb), and Ubuntu (apport).
---------------------------------------------
https://lwn.net/Articles/793360/


∗∗∗ ImageMagick: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in ImageMagick ausnutzen, um einen Denial of Service Angriff durchzuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0589
∗∗∗ Emerson DeltaV Distributed Control System ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-190-01


∗∗∗ Rockwell Automation PanelView 5510 ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-190-02


∗∗∗ Schneider Electric Zelio Soft 2 ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-190-03


∗∗∗ IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to Intel Microarchitectural Data Sampling (MDS) Side Channel vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-released-unified-extensible-firmware-interface-uefi-fixes-in-response-to-intel-microarchitectural-data-sampling-mds-side-channel-vulnerabilities/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cloud-transformation-advisor-3/


∗∗∗ IBM Security Bulletin: The IBM Runtime Environment Java Version 8 used by Transparent Cloud Tiering has a vulnerability which disclosed as part of the IBM Java SDK updates in April 2019 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-the-ibm-runtime-environment-java-version-8-used-by-transparent-cloud-tiering-has-a-vulnerability-which-disclosed-as-part-of-the-ibm-java-sdk-updates-in-april-2019/


∗∗∗ IBM Security Bulletin: IBM® Java™ SDK Technology Edition, Apr 2019, affects IBM Security Identity Manager Virtual Appliance ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-java-sdk-technology-edition-apr-2019-affects-ibm-security-identity-manager-virtual-appliance/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2019-2684) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-decision-optimization-center-cve-2019-2684/


∗∗∗ IBM Security Bulletin: Vulnerabilities CVE-2019-0196, CVE-2019-0197, and CVE-2019-0220 in the IBM i HTTP Server affect IBM i. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-cve-2019-0196-cve-2019-0197-and-cve-2019-0220-in-the-ibm-i-http-server-affect-ibm-i/


∗∗∗ IBM Security Bulletin: Security vulnerability in IBM WebSphere Application Server affects IBM Voice Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerability-in-ibm-websphere-application-server-affects-ibm-voice-gateway/


∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerability-2/


∗∗∗ IBM Security Bulletin: A vulnerability in Apache Tomcat affects the IBM FlashSystem 840 and 900 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-apache-tomcat-affects-the-ibm-flashsystem-840-and-900/


∗∗∗ IBM Security Bulletin: A vulnerability in Apache Tomcat affects the IBM FlashSystem V840 and V9000 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-apache-tomcat-affects-the-ibm-flashsystem-v840-and-v9000/


∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – IAM WebSphere Liberty (CVE-2018-1683, CVE-2018-1755) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-iam-websphere-liberty-cve-2018-1683-cve-2018-1755/


∗∗∗ IBM Security Bulletin: Mozilla Firefox vulnerability in IBM SONAS (CVE-2019-11708) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-mozilla-firefox-vulnerability-in-ibm-sonas-cve-2019-11708/


∗∗∗ IBM Security Bulletin: Mozilla Firefox vulnerability in IBM SONAS (CVE-2019-11707) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-mozilla-firefox-vulnerability-in-ibm-sonas-cve-2019-11707/


∗∗∗ IBM Security Bulletin: Vulnerabilities in Intel CPUs affect IBM Integrated Analytics System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-intel-cpus-affect-ibm-integrated-analytics-system/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily