[CERT-daily] Tageszusammenfassung - 19.03.2019

Daily end-of-shift report team at cert.at
Tue Mar 19 18:22:31 CET 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 18-03-2019 18:00 − Dienstag 19-03-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Assessing Internal Network with JavaScript, Despite Same-Origin Policy ∗∗∗
---------------------------------------------
Researchers are warning about a hacking technique that enables attacks on the local network using JavaScript on a public website. Using the victims browser as a proxy, the code can reach internal hosts and do reconnaissance activity or even compromise vulnerable services. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/assessing-internal-network-with-javascript-despite-same-origin-policy/


∗∗∗ Business Email Compromise (BEC) Attacks Moving to Mobile ∗∗∗
---------------------------------------------
As text messaging has become a common form of communication within a business, Business Email Compromise (BEC) scammers have started to go mobile by utilizing SMS messaging to direct their targets. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/business-email-compromise-bec-attacks-moving-to-mobile/


∗∗∗ Monsters in the Middleboxes: Introducing Two New Tools for Detecting HTTPS Interception ∗∗∗
---------------------------------------------
The practice of HTTPS interception continues to be commonplace on the Internet. This blog post discusses types of monster-in-the-middle devices and software, and how to detect them.
---------------------------------------------
https://blog.cloudflare.com/monsters-in-the-middleboxes/


∗∗∗ What Is a Credential Stuffing Attack and How to Protect Yourself from One ∗∗∗
---------------------------------------------
You probably heard of at least one credential stuffing attack lately, as major companies become targets of this new hacking technique. Credential stuffing is not actually new as part of hackers’ repertoire, but lately, the method started being employed more often. I’ll explain the reasons for this surge in popularity down below. Did you notice […]The post What Is a Credential Stuffing Attack and How to Protect Yourself from One appeared first on Heimdal Security Blog.
---------------------------------------------
https://heimdalsecurity.com/blog/credential-stuffing-attack-protection/


∗∗∗ Protecting Against Social Engineering Attacks ∗∗∗
---------------------------------------------
Most people think of hacking as using malware and coding to bypass security defenses and steal data or money. Social engineers take a different approach, targeting the human instead of the software to achieve their goals. How Social Engineering Works Social engineers take advantage of knowledge of human behavior to perform their attacks. A person’s […]The post Protecting Against Social Engineering Attacks appeared first on InfoSec Resources.Protecting Against Social Engineering
---------------------------------------------
https://resources.infosecinstitute.com/protecting-against-social-engineering-attacks/


∗∗∗ Vulnerability hunting with Semmle QL, part 2 ∗∗∗
---------------------------------------------
The first part of this series introduced Semmle QL, and how the Microsoft Security Response Center (MSRC) are using it to investigate variants of vulnerabilities reported to us. This post discusses an example of how we’ve been using it proactively, covering a security audit of an Azure firmware component. This was part of a wider...
---------------------------------------------
https://blogs.technet.microsoft.com/srd/2019/03/19/vulnerability-hunting-with-semmle-ql-part-2/


∗∗∗ Arbitrary Directory Deletion in WP-Fastest-Cache ∗∗∗
---------------------------------------------
The WP-Fastest-Cache plugin authors released a new update, version 0.8.9.1, fixing a vulnerability (CVE-2019-6726) present during its install alongside the WP-PostRatings plugin. According to seclists.org: “A successful attack allows an unauthenticated attacker to specify a path to a directory from which files and directories will be deleted recursively. The vulnerable code path extracts the path portion of the referrer header and then uses string concatenation to build an absolute path.
---------------------------------------------
http://feedproxy.google.com/~r/sucuri/blog/~3/dJRlgHKTUzY/arbitrary-directory-deletion-in-wp-fastest-cache.html


∗∗∗ Discovering a zero day and getting code execution on Mozillas AWS Network ∗∗∗
---------------------------------------------
[...] Although basic authentication can be enabled by modifying the settings.ini file, and is recommended to prevent any anonymous access. Most deployments of WebPageTest that Assetnote CS identifies are unauthenticated, and the array of testing tools provided by WebPageTest can be used offensively to gain access to internal resources by server-side request forgery (commonly known as SSRF, but for WebPageTest, it is a feature).
---------------------------------------------
https://blog.assetnote.io/bug-bounty/2019/03/19/rce-on-mozilla-zero-day-webpagetest/


∗∗∗ BGP Hijacking is a RIPE Policy Violation ∗∗∗
---------------------------------------------
This proposal aims to clarify that BGP hijacking is not accepted as normal practice within the RIPE NCC service region, primarily because it negates the core purpose of running a (Regional Internet) Registry. The proposal is not concerned with simple operational mistakes - it is intended to address deliberate BGP hijacking events.
---------------------------------------------
https://www.ripe.net/participate/policies/proposals/2019-03


∗∗∗ Thunderclap ∗∗∗
---------------------------------------------
Vor kurzer Zeit produzierte das O.MG Kabel Schlagzeilen. In dieses harmlos wirkende USB-Kabel ist eine versteckte Hardware eingebaut, die sich beim Anschließen gegenüber dem Betriebssystem als Eingabegerät ausgibt und einem Angreifer die Fernsteuerung eines Rechners über WLAN ermöglicht. Jetzt haben Sicherheitsforscher nach einer zwei Jahre dauernden Zusammenarbeit des Department of Computer Science and Technology at the University of Cambridge, der Rice University und [...]
---------------------------------------------
https://www.dfn-cert.de/aktuell/Thunderclap.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ AVEVA InduSoft Web Studio and InTouch Edge HMI ∗∗∗
---------------------------------------------
This advisory includes mitigations for an uncontrolled search path element vulnerability in AVEVAs InduSoft Web Studio and InTouch Edge human machine interface software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-078-01


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (kernel), Debian (libjpeg-turbo, liblivemedia, neutron, and otrs2), Fedora (SDL), Gentoo (ntp), openSUSE (java-1_8_0-openjdk), Red Hat (cloud-init), Slackware (libssh2), SUSE (libssh2_org, nodejs10, and nodejs8), and Ubuntu (tiff).
---------------------------------------------
https://lwn.net/Articles/783473/


∗∗∗ Synology-SA-19:12 Calendar ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to execute arbitrary commands via a susceptible version of Calendar.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_19_12


∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE-2018-5391 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-update-is-being-released-to-address-cve-2018-5391/


∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE-2018-12384 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-update-is-being-released-to-address-cve-2018-12384/


∗∗∗ ENDRESS+HAUSER WIFI enabled products utilising WPA2 ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2019-005

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list