[CERT-daily] Tageszusammenfassung - 07.06.2019

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 06-06-2019 18:00 − Freitag 07-06-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ SandboxEscaper Debuts ByeBear Windows Patch Bypass ∗∗∗
---------------------------------------------
SandboxEscaper is back, with a second bypass for the recent CVE-2019-0841 Windows patch.
---------------------------------------------
https://threatpost.com/sandboxescaper-byebear-windows-bypass/145470/


∗∗∗ Keep an Eye on Your WMI Logs, (Thu, Jun 6th) ∗∗∗
---------------------------------------------
WMI ("Windows Management Instrumentation")[1] is, like Microsoft says, "the infrastructure for management data and operations on Windows-based operating systems". Personally, I like to make a (very) rough comparison between WMI and SNMP: You can query information about a system (read) but also alter it (write). WMI is present on Windows systems since the version Windows 2000. As you can imagine, when a tool is available by default on all systems, [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/25012


∗∗∗ The EU Cybersecurity Act: a new Era dawns on ENISA ∗∗∗
---------------------------------------------
Today, 7th June 2019, the EU Cybersecurity Act was published in the Official Journal of the European Union.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/the-eu-cybersecurity-act-a-new-era-dawns-on-enisa


∗∗∗ Bloodhound walkthrough. A Tool for Many Tradecrafts ∗∗∗
---------------------------------------------
A walkthrough on how to set up and use BloodHound BloodHound (https://github.com/BloodHoundAD/BloodHound) is an application used to visualize active directory environments. The front-end is built on electron and the back-end is a Neo4j database, the data leveraged is pulled from a series of data collectors also referred to as ingestors which come in PowerShell and [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/bloodhound-walkthrough-a-tool-for-many-tradecrafts/


∗∗∗ New Mirai Variant Adds 8 New Exploits, Targets Additional IoT Devices ∗∗∗
---------------------------------------------
Palo Alto Networks Unit 42 has been tracking the evolution of the Mirai malware, known for targeting embedded devices with the primary intent of launching DDoS attacks and self-propagation, since 2016 when it took down several notable targets. As part of this ongoing research, we’ve recently discovered a new variant of Mirai that[...]
---------------------------------------------
https://unit42.paloaltonetworks.com/new-mirai-variant-adds-8-new-exploits-targets-additional-iot-devices/


∗∗∗ A botnet is brute-forcing over 1.5 million RDP servers all over the world ∗∗∗
---------------------------------------------
Furthermore, statistics show that despite BlueKeep, most RDP attacks today are brute-force attempts.
---------------------------------------------
https://www.zdnet.com/article/a-botnet-is-brute-forcing-over-1-5-million-rdp-servers-all-over-the-world/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Optergy Proton Enterprise Building Management System ∗∗∗
---------------------------------------------
This advisory includes mitigations for information exposure, cross-site request forgery, unrestricted upload of file with dangerous type, open redirect, hidden functionality, exposed dangerous method or function, and use of hard-coded credentials vulnerabilities reported in Optergy’s Proton/Enterprise Building Management System.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-157-01


∗∗∗ Panasonic Control FPWIN Pro ∗∗∗
---------------------------------------------
This advisory includes mitigations for heap-based buffer overflow and type confusion vulnerabilities reported in Panasonics Control FPWIN Pro PLC programming software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-157-02


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (evolution and qemu), Fedora (cyrus-imapd and hostapd), Gentoo (exim), openSUSE (exim), Red Hat (qpid-proton), SUSE (bind, libvirt, mariadb, mariadb-connector-c, python, and rubygem-rack), and Ubuntu (firefox, jinja2, and linux-lts-xenial, linux-aws).
---------------------------------------------
https://lwn.net/Articles/790647/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-infosphere-information-server/


∗∗∗ IBM Security Bulletin: IBM API Connect’s Developer Portal is impacted by vulnerabilities in PHP (CVE-2019-11035 CVE-2019-11034) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connects-developer-portal-is-impacted-by-vulnerabilities-in-php-cve-2019-11035-cve-2019-11034/


∗∗∗ IBM Security Bulletin: Secure Gateway is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-secure-gateway-is-affected-by-multiple-vulnerabilities/


∗∗∗ IBM Security Bulletin: IBM API Connect V5 is impacted by Cross Site Scripting vulnerability (CVE-2016-10531 CVE-2018-3721 CVE-2017-0268) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-is-impacted-by-cross-site-scripting-vulnerability-cve-2016-10531-cve-2018-3721-cve-2017-0268/


∗∗∗ Intel UEFI vulnerability CVE-2019-0119 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K85585101


∗∗∗ Intel Xeon access control vulnerability CVE-2019-0126 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K37428370

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily