[CERT-daily] Tageszusammenfassung - 12.07.2019

Daily end-of-shift report team at cert.at
Fri Jul 12 18:26:04 CEST 2019 

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 11-07-2019 18:00 − Freitag 12-07-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Burning down the house with IoT ∗∗∗
---------------------------------------------
For years we’ve been trying to set fire to ‘smart’ things by hacking them. We got some charring on the iKettle, but nothing more. Then we found some smart hair straighteners.
---------------------------------------------
https://www.pentestpartners.com/security-blog/burning-down-the-house-with-iot/


∗∗∗ Investigating Some Subscription Scam iOS Apps ∗∗∗
---------------------------------------------
For some reason Apple allows "subscription scam" apps on the App Store. These are apps that are free to download and then ask you to subscribe right on launch. ... Aside from being classic subscription scam apps, I wanted to examine how they work internally and how they communicate with their servers and what type of information are they sending.
---------------------------------------------
https://apple.slashdot.org/story/19/07/11/1953207/investigating-some-subscription-scam-ios-apps


∗∗∗ iOS URL Scheme Susceptible to Hijacking ∗∗∗
---------------------------------------------
For example, when a URL with facetime:// is opened, FaceTime places a call — this is the URL Scheme coming into play. It is a very convenient shortcut; but the URL Scheme is designed for communication, not security. Below, we discuss how abuse of the URL Scheme can potentially result in the loss of privacy, bill fraud, exposure to pop-up ads, and more.
---------------------------------------------
https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/


∗∗∗ 16Shop Now Targets Amazon ∗∗∗
---------------------------------------------
Since early November 2018 McAfee Labs have observed a phishing kit, dubbed 16Shop, being used by malicious actors to target Apple account holders in the United States and Japan. Typically, the victims receive an email with a pdf file attached. An example of the message within the email is shown below, with an accompanying translation: [...]
---------------------------------------------
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/16shop-now-targets-amazon/


∗∗∗ FIRST Announces CVSS Version 3.1 ∗∗∗
---------------------------------------------
The Forum of Incident Response and Security Teams (FIRST) on Friday announced version 3.1 of the Common Vulnerability Scoring System (CVSS). CVSS is a widely adopted standard for rating the severity of software vulnerabilities, and it provides a framework for communicating the characteristics and impact of security flaws.
---------------------------------------------
https://www.securityweek.com/first-announces-cvss-version-31



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Philips Holter 2010 Plus ∗∗∗
---------------------------------------------
This advisory provides information about, and mitigations for, a vulnerability reported in the Philips Holter 2010 Plus.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsma-19-192-01


∗∗∗ Delta Industrial Automation CNCSoft ScreenEditor ∗∗∗
---------------------------------------------
This advisory includes mitigations for heap-based buffer overflow and out-of-bounds read vulnerabilities reported in the Delta Electronics CNCSoft ScreenEditor.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-192-01


∗∗∗ AVEVA Vijeo Citect and Citect SCADA Floating License Manager ∗∗∗
---------------------------------------------
This advisory provides information about, and mitigations for, several vulnerabilities reported in the AVEVA Vijeo Citect and Citect SCADA Floating License Manager applications.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-192-05


∗∗∗ Schneider Electric Interactive Graphical SCADA System ∗∗∗
---------------------------------------------
This advisory includes mitigations for an out-of-bounds write vulnerability in the Schneider Electric Interactive Graphical SCADA System software.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-192-06


∗∗∗ Schneider Electric Floating License Manager ∗∗∗
---------------------------------------------
This advisory includes mitigations for improper input validation and memory corruption vulnerabilities in the Schneider Electric Floating License Manager software.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-192-07


∗∗∗ CVE-2019-11360: BufferOverflow in iptables-restore v1.8.2 ∗∗∗
---------------------------------------------
This blogpost is about a BufferOverflow vulnerability which I found by fuzzing iptables-restore using AFL in March, 2019. It was fixed by the netfilter team in April 2019 ... All in all, I believe that this vulnerability can only be used for academic/educational purposes and has no particular real-world impact.
---------------------------------------------
https://0day.work/cve-2019-11360-bufferoverflow-in-iptables-restore-v1-8-2/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (dbus), Debian (firefox-esr, python3.4, and redis), Mageia (ffmpeg), Oracle (firefox, libvirt, and qemu), Red Hat (firefox and virt:8.0.0), Scientific Linux (firefox), and SUSE (kernel).
---------------------------------------------
https://lwn.net/Articles/793563/


∗∗∗ QNX-2019-001 Vulnerability in procfs service Impacts BlackBerry QNX Software Development Platform ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000057178


∗∗∗ Security Advisory 2019-10: Security Update for OTRS Framework ∗∗∗
---------------------------------------------
https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/


∗∗∗ Security Advisory 2019-11: Security Update for OTRS Framework ∗∗∗
---------------------------------------------
https://community.otrs.com/security-advisory-2019-11-security-update-for-otrs-framework/


∗∗∗ Security Advisory 2019-12: Security Update for OTRS Framework ∗∗∗
---------------------------------------------
https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/


∗∗∗ Vuln: Oracle July 2019 Critical Patch Update Multiple Vulnerabilities ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/109125


∗∗∗ ZDI-19-660: (Pwn2Own) Xiaomi Mi6 Browser miui.share APK Download Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-660/


∗∗∗ ZDI-19-659: Xiaomi Mi6 Captive Portal WebView Authorization Bypass Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-659/


∗∗∗ IBM Security Bulletin: Publicly disclosed vulnerability in Java used by IBM FileNet Content Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vulnerability-in-java-used-by-ibm-filenet-content-manager/


∗∗∗ IBM Security Bulletin: Publicly disclosed vulnerability in Oracle Outside In Technology used by IBM FileNet Content Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vulnerability-in-oracle-outside-in-technology-used-by-ibm-filenet-content-manager-2/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Watson Assistant for IBM Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-affect-ibm-watson-assistant-for-ibm-cloud-pak-for-data/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-qradar-siem-3/


∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to a publicly disclosed vulnerability in Spring Framework (CVE-2018-15756) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-a-publicly-disclosed-vulnerability-in-spring-framework-cve-2018-15756/


∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerability Affects IBM Campaign, IBM Contact Optimization and IBM Marketing Operations (CVE-2016-1000031) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-commons-fileupload-vulnerability-affects-ibm-campaign-ibm-contact-optimization-and-ibm-marketing-operations-cve-2016-1000031/


∗∗∗ Asterisk: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0606

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list