[CERT-daily] Tageszusammenfassung - 15.07.2019

Mon Jul 15 18:33:26 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 12-07-2019 18:00 − Montag 15-07-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Turla renews its arsenal with Topinambour ∗∗∗
---------------------------------------------
2019 has seen the Turla actor actively renew its arsenal. Its developers are still using a familiar coding style, but they’re creating new tools. Here we’ll tell you about several of them, namely “Topinambour” and its related modules.
---------------------------------------------
https://securelist.com/turla-renews-its-arsenal-with-topinambour/91687/


∗∗∗ Brilliant Boston boffins blow big borehole in Bluetooths ballyhooed barricades: MAC addy randomization broken ∗∗∗
---------------------------------------------
Scrambling addresses cant always hide you from stalkers, say eggheads A team of US academics have proposed a simple method to defeat the Bluetooth LE standards anti-tracking measures.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2019/07/12/untraceable_bluetooth_exposed/


∗∗∗ ENISA: Annual report Trust Services Security Incidents 2018 ∗∗∗
---------------------------------------------
The document gives an aggregated overview of security breaches with significant impact reported in 2018 by EU national supervisory bodies. It shows root causes, statistics and trends, and marks the third round of security incident reporting for the EU’s trust services sector.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/annual-report-trust-services-security-incidents-2018


∗∗∗ Hackers Can Manipulate Media Files Transferred via WhatsApp, Telegram ∗∗∗
---------------------------------------------
Researchers at Symantec have detailed an attack method, dubbed “Media File Jacking,” that allows a malicious Android application with “write-to-external storage” permissions to quickly modify files sent or received via WhatsApp and Telegram between the time they are written to the disk and the moment they are loaded in the app’s user interface.
---------------------------------------------
https://www.securityweek.com/hackers-can-manipulate-media-files-transferred-whatsapp-telegram


∗∗∗ NCSC-UK: Ongoing DNS hijacking and mitigation advice ∗∗∗
---------------------------------------------
This NCSC advisory highlights further hijacking activity of Domain Name Systems, and provides mitigation advice.
---------------------------------------------
https://www.ncsc.gov.uk/news/ongoing-dns-hijacking-and-mitigation-advice

=====================
=  Vulnerabilities  =
=====================

∗∗∗ VideoLAN VLC CVE-2019-13602 Heap Based Buffer Overflow Vulnerability ∗∗∗
---------------------------------------------
Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.
---------------------------------------------
https://www.securityfocus.com/bid/109158/discuss


∗∗∗ McAfee Agent CVE-2019-3592 Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
An attacker can exploit this issue to gain elevated privileges. McAfee Agent 5.x versions prior to 5.6.1 HF3 are vulnerable.
---------------------------------------------
https://www.securityfocus.com/bid/109148/discuss


∗∗∗ Xiaomi Mi6 Browser CVE-2019-13322 Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the user. Failed exploits will result in denial-of-service conditions. Xiaomi Browser version prior to 10.4.0 are vulnerable.
---------------------------------------------
https://www.securityfocus.com/bid/109138/discuss


∗∗∗ Critical Vulnerability Patched in Ad Inserter Plugin ∗∗∗
---------------------------------------------
On Friday, July 12th, our Threat Intelligence team discovered a vulnerability present in Ad Inserter, a WordPress plugin installed on over 200,000 websites. The weakness allowed authenticated users (Subscribers and above) to execute arbitrary PHP code on websites using the plugin. We privately disclosed the issue to the plugin’s developer, who released a patch the very next day.
---------------------------------------------
https://www.wordfence.com/blog/2019/07/critical-vulnerability-patched-in-ad-inserter-plugin/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox), Debian (libspring-java, ruby-mini-magick, and thunderbird), Fedora (fossil, python-django, snapd-glib, and thunderbird), openSUSE (helm and monitoring-plugins), Red Hat (cyrus-imapd, thunderbird, and vim), Scientific Linux (vim), Slackware (bzip2), SUSE (bubblewrap, bzip2, expat, glib2, kernel, php7, python3, and tomcat), and Ubuntu (exiv2, firefox, and flightcrew).
---------------------------------------------
https://lwn.net/Articles/793740/


∗∗∗ Squid: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Squid ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen oder einen Denial of Service Angriff durchzuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0608
∗∗∗ 2019-07-15: Authentication Bypass Vulnerability in CCLAS and Ellipse ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A6224&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ Security Advisory - Intel Microarchitectural Data Sampling (MDS) vulnerabilities ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190712-01-mds-en


∗∗∗ IBM Security Bulletin: Apache Struts Vulnerability Affects IBM Campaign and IBM Contact Optimization (CVE-2017-7525) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-struts-vulnerability-affects-ibm-campaign-and-ibm-contact-optimization-cve-2017-7525/


∗∗∗ IBM Security Bulletin: A Security Vulnerability affects Cloud Foundry for IBM Cloud Private (CVE-2019-3789) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-affects-cloud-foundry-for-ibm-cloud-private-cve-2019-3789/


∗∗∗ Linux kernel vulnerability CVE-2018-20836 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K11225249

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily