[CERT-daily] Tageszusammenfassung - 19.07.2019

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 18-07-2019 18:00 − Freitag 19-07-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Elusive MegaCortex Ransomware Found - Here is What We Know ∗∗∗
---------------------------------------------
A sample of the ransomware called MegaCortex that is known to target the enterprise in targeted attacks has been found and analyzed. In this article, we will provide a brief look at the MegaCortex Ransomware and how it encrypts a computer. 
---------------------------------------------
https://www.bleepingcomputer.com/news/security/elusive-megacortex-ransomware-found-here-is-what-we-know/


∗∗∗ The Strange Case of the Malicious Favicon ∗∗∗
---------------------------------------------
During the past year, our Remediation department has seen a large increase in the number of fully spammed sites. The common factors are strangely named and unusually located favicon.ico files, along with the creation of “bak.bak” index files peppered around the website. In the majority of the cases, the pattern is similar regardless of the size of the website or the CMS being used. We have found WordPress, Magento, Joomla, and even HTML-only sites impacted by this campaign.
---------------------------------------------
https://blog.sucuri.net/2019/07/the-strange-case-of-the-malicious-favicon.html


∗∗∗ [webapps] fuelCMS 1.4.1 - Remote Code Execution ∗∗∗
---------------------------------------------
fuelCMS 1.4.1 - Remote Code Execution
---------------------------------------------
https://www.exploit-db.com/exploits/47138



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Johnson Controls exacqVision Server ∗∗∗
---------------------------------------------
This advisory includes mitigations for an unquoted search path or element vulnerability reported in the Johnson Controls exacqVision Server.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-199-01


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (bzip2), Fedora (freetds, kernel, kernel-headers, and knot-resolver), openSUSE (bubblewrap, fence-agents, kernel, libqb, libu2f-host, pam_u2f, and tomcat), Oracle (vim), SUSE (kernel, LibreOffice, libxml2, and tomcat), and Ubuntu (libmspack and squid, squid3).
---------------------------------------------
https://lwn.net/Articles/794190/


∗∗∗ IBM Security Bulletin: Buffer overflow vulnerability in IBM Spectrum Protect Backup-Archive Client (CVE-2019-4267) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-buffer-overflow-vulnerability-in-ibm-spectrum-protect-backup-archive-client-cve-2019-4267/


∗∗∗ IBM Security Bulletin: ACLs not backed up on VxFS-HP-UX filesystems by IBM Spectrum Protect Backup-Archive Client (CVE-2019-4236) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-acls-not-backed-up-on-vxfs-hp-ux-filesystems-by-ibm-spectrum-protect-backup-archive-client-cve-2019-4236/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot for VMWare (CVE-2018-12547, CVE-2019-2426) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-snapshot-for-vmware-cve-2018-12547-cve-2019-2426/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Virtual Environments (CVE-2018-12547, CVE-2019-2426) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-for-virtual-environments-cve-2018-12547-cve-2019-2426/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Backup-Archive Client on Windows, Linux, and Macintosh (CVE-2018-12547, CVE-2019-2426) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-the-ibm-spectrum-protect-backup-archive-client-on-windows-linux-and-macintosh-cve-2018-12547-cve-2019-2426/


∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2019-1559) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-openssl-affects-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2019-1559/


∗∗∗ IBM Security Bulletin: Vulnerability in Node.js affects IBM Integration Bus & IBM App Connect Enterprise V11 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-node-js-affects-ibm-integration-bus-ibm-app-connect-enterprise-v11/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Integration Bus , IBM App Connect and WebSphere Message Broker ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-integration-bus-ibm-app-connect-and-websphere-message-broker/


∗∗∗ IBM Security Bulletin: Spoofing and denial of service vulnerabilities in WebSphere Application Liberty affect IBM Spectrum Protect Snapshot for VMware (CVE-2018-1902, CVE-2019-4046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-spoofing-and-denial-of-service-vulnerabilities-in-websphere-application-liberty-affect-ibm-spectrum-protect-snapshot-for-vmware-cve-2018-1902-cve-2019-4046/


∗∗∗ IBM Security Bulletin: Spoofing and denial of service vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect Client web user interface and IBM Spectrum Protect for Virtual Environments (CVE-2018-1902, CVE-2019-4046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-spoofing-and-denial-of-service-vulnerabilities-in-websphere-application-server-liberty-affect-ibm-spectrum-protect-client-web-user-interface-and-ibm-spectrum-protect-for-virtual/


∗∗∗ IBM Security Bulletin: IBM Netcool Agile Service Manager is affected by an Apache Zookeeper vulnerability (CVE-2019-0201) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-netcool-agile-service-manager-is-affected-by-an-apache-zookeeper-vulnerability-cve-2019-0201/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Jetty affect Netcool Agile Service Manager (CVE-2019-10247, CVE-2019-10246) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-jetty-affect-netcool-agile-service-manager-cve-2019-10247-cve-2019-10246/


∗∗∗ Expat XML parser vulnerability CVE-2018-20843 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K51011533


∗∗∗ VLC: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0634

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily