[CERT-daily] Tageszusammenfassung - 19.06.2019

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 18-06-2019 18:00 − Mittwoch 19-06-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Zombieload: Intel-Microcode für Windows v1809/v1803 verfügbar ∗∗∗
---------------------------------------------
Schutz gegen Microarchitectural Data Sampling wie Zombieload: Wer noch Windows 10 oder Windows Server in einer älteren Version auf einem Intel-Prozessor nutzt, erhält nun direkt über das Betriebssystem passenden Microcode, um das System gegen Seitenkanalangriffe zu härten.
---------------------------------------------
https://www.golem.de/news/zombieload-intel-microcode-fuer-windows-v1809-v1803-verfuegbar-1906-141999-rss.html


∗∗∗ Pass the salt! Popular CMSs aren’t securing passwords properly ∗∗∗
---------------------------------------------
A group of researchers has discovered that many of the webs most popular content management systems are using obsolete algorithms to protect their users passwords.
---------------------------------------------
https://nakedsecurity.sophos.com/2019/06/19/popular-content-platforms-putting-passwords-at-risk/


∗∗∗ Quick Detect: Exim "Return of the Wizard" Attack, (Wed, Jun 19th) ∗∗∗
---------------------------------------------
Thanks to our reader Alex for sharing some of his mail logs with the latest attempts to exploit CVE-2019-10149 (aka "Return of the Wizard"). The vulnerability affects Exim and was patched about two weeks ago. There are likely still plenty of vulnerable servers, but it looks like attackers are branching out and are hitting servers not running Exim as well.
---------------------------------------------
https://isc.sans.edu/diary/rss/25052


∗∗∗ Evading Sysmon DNS Monitoring ∗∗∗
---------------------------------------------
In a recent update to Sysmon, a new feature was introduced allowing the ability to log DNS events. While this gives an excellent datapoint for defenders (shout out to the SysInternals team for continuing to provide and support these awesome tools for free), for us as attackers, this means that should our implant or payloads attempt to communicate via DNS, BlueTeam have a potential way to pick up on indicators which could lead to detection.
---------------------------------------------
https://blog.xpnsec.com/


∗∗∗ BSI veröffentlicht Empfehlungen zur sicheren Konfiguration von Microsoft-Office-Produkten ∗∗∗
---------------------------------------------
Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat für den Einsatz auf dem Betriebssystem Microsoft Windows sieben Cyber-Sicherheitsempfehlungen für eine sichere Konfiguration von Microsoft Office 2013/2016/2019 erstellt. Diese behandeln zum einen übergreifende Richtlinien für Microsoft Office, zum anderen Richtlinien für sechs häufig genutzte Microsoft Office-Anwendungen (Access, Excel, Outlook, PowerPoint, Visio und Word).
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Empfehlungen_Microsoft_190619.html


∗∗∗ Achtung vor gefälschten News zu BitUp und Bitcoin Code ∗∗∗
---------------------------------------------
Internetnutzer/innen stoßen vermehrt auf erfundene Nachrichtenartikel, die die Angebote von Bitcoin Code oder BitUp bewerben. Berichtet wird vom „größten Deal der Geschichte“ bei den Fernsehsendungen „Die Höhle der Löwen“ oder „2 Minuten 2 Millionen“. Die Angebote auf bitcoincodesoftapps.com und bitupapp.com sind unseriös und Anleger/innen verlieren ihr Geld!
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-vor-gefaelschten-news-zu-bitup-und-bitcoin-code/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Zero Day: Mozilla schließt ausgenutzte Sicherheitslücke in Firefox ∗∗∗
---------------------------------------------
Firefox-Hersteller Mozilla hat eine kritische Sicherheitslücke in seinem Browser geschlossen, die wohl aktiv ausgenutzt wird. Updates stehen bereit und werden von Mozilla bereits verteilt.
---------------------------------------------
https://www.golem.de/news/zero-day-mozilla-schliesst-ausgenutzte-sicherheitsluecke-in-firefox-1906-141997.html


∗∗∗ Oracle Releases Security Advisory for WebLogic ∗∗∗
---------------------------------------------
Original release date: June 19, 2019 Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/06/19/Oracle-Releases-Security-Advisory-WebLogic


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (dbus, firefox, kernel, linux-lts, linux-zen, and python), CentOS (bind and kernel), Debian (firefox-esr, glib2.0, and vim), Fedora (dbus, kernel, kernel-headers, mingw-libxslt, poppler, and python-gnupg), openSUSE (gnome-shell, kernel, libcroco, php7, postgresql10, python, sssd, and thunderbird), Oracle (kernel and libvirt), Red Hat (go-toolset:rhel8, gvfs, java-11-openjdk, pki-deps:10.6, systemd, and WALinuxAgent), SUSE (docker, kernel, libvirt, [...]
---------------------------------------------
https://lwn.net/Articles/791462/


∗∗∗ PHOENIX CONTACT Multiple Vulnerabilities in Automation Worx Software Suite ∗∗∗
---------------------------------------------
Security Advisory for Automation Worx Software Suite version 1.86 and earlier
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2019-014


∗∗∗ Vuln: Symantec DLP CVE-2019-9701 Cross Site Scripting Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/108733


∗∗∗ Samba: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0521


∗∗∗ IBM Security Bulletin: IBM API Connect is affected by sensitive information leakage in LoopBack (CVE-2019-4382) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-sensitive-information-leakage-in-loopback-cve-2019-4382/


∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4377) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosure-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2019-4377/


∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Command Center (CVE-2019-2602) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-cognos-command-center-cve-2019-2602/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-application-dependency-discovery-manager-taddm-5/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM API Connect ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-api-connect/


∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by sensitive information leak (CVE-2018-2013) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-impacted-by-sensitive-information-leak-cve-2018-2013/


∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by software stack information leak (CVE-2018-2011) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-impacted-by-software-stack-information-leak-cve-2018-2011/


∗∗∗ IBM Security Bulletin: API Connect V5 is vulnerable to CSRF attacks (CVE-2018-1858) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v5-is-vulnerable-to-csrf-attacks-cve-2018-1858/


∗∗∗ FreeBSD SACK Slowness vulnerability CVE-2019-5599 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K75521003


∗∗∗ Linux SACK Slowness vulnerability CVE-2019-11478 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K26618426


∗∗∗ Linux SACK Panic vulnerability CVE-2019-11477 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K78234183


∗∗∗ Excess resource consumption due to low MSS values vulnerability CVE-2019-11479 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K35421172


∗∗∗ Intel CSME and SPS vulnerability CVE-2019-0093 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K13710800


∗∗∗ Intel Server Platform Services vulnerability CVE-2019-0089 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K47234311

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily