[CERT-daily] Tageszusammenfassung - 12.11.2019

Tue Nov 12 18:35:07 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 11-11-2019 18:00 − Dienstag 12-11-2019 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Threat Alert: TCP Amplification Attacks ∗∗∗
---------------------------------------------
TCP reflection attacks, such as SYN-ACK reflection attacks, have been less popular among attackers until recently. The lack of popularity was mainly due to the wrong assumption that TCP reflection attacks cannot generate enough amplification compared to UDP-based reflections. In general, TCP attacks are low bandwidth and less likely to saturate an internet link.
---------------------------------------------
https://blog.radware.com/security/2019/11/threat-alert-tcp-reflection-attacks/


∗∗∗ Tech Support Scammers Exploiting Unpatched Firefox Bug ∗∗∗
---------------------------------------------
Mozilla is working on addressing a Firefox bug that has been exploited by tech support scammers to lock the browser when users visit specially crafted websites. 
---------------------------------------------
https://www.securityweek.com/tech-support-scammers-exploiting-unpatched-firefox-bug


∗∗∗ Netflix: Vorsicht vor betrügerischen Phishing-Mails ∗∗∗
---------------------------------------------
Aktuell häufen sich Meldungen über betrügerische E-Mails, die angeblich von Netflix stammen. Es sei ein Problem mit der Zahlungsabwicklung aufgetreten, sodass Netflix die Nutzungsgebühr nicht abbuchen kann und daher den Account vorübergehend gesperrt hat. Kriminelle fordern Netflix-NutzerInnen auf, die Kontoinformationen zu aktualisieren. Es handelt sich jedoch um Phishing!
---------------------------------------------
https://www.watchlist-internet.at/news/netflix-vorsicht-vor-betruegerischen-phishing-mails/


∗∗∗ This unusual new ransomware is going after servers ∗∗∗
---------------------------------------------
The previously undetected server-encrypting malware has been detailed in research by cyber security analysts at Intezer and IBM X-Force, who've named it PureLocker because it's written in written in the PureBasic programming language.
...
It's currently uncertain how exactly PureLocker is delivered to victims, but researchers note that more_eggs campaigns begin with phishing emails, so the ransomware attacks could begin in the same way, with the final payload likely to be the final part of a multi-staged attack.
---------------------------------------------
https://www.zdnet.com/article/this-unusual-new-ransomware-is-going-after-servers/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ McAfee Patches Privilege Escalation Flaw in Antivirus Software ∗∗∗
---------------------------------------------
McAfee patched a security vulnerability discovered in all editions of its Antivirus software for Windows and enabling potential attackers to escalate privileges and execute code using SYSTEM privileges. 
---------------------------------------------
https://www.bleepingcomputer.com/news/security/mcafee-patches-privilege-escalation-flaw-in-antivirus-software/


∗∗∗ Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191112-asa-ftd-lua-rce


∗∗∗ Adobe Security Bulletins ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Animate CC (APSB19-34), Adobe Illustrator CC (APSB19-36), Adobe Media Encoder (APSB19-52) and Adobe Bridge CC (APSB19-53).
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1801


∗∗∗ Sicherheitsupdate: Magento-Onlineshops von Schadcode-Attacken gefährdet ∗∗∗
---------------------------------------------
Wer einen Onlineshop mit Magento-Software betreibt, sollte aus Sicherheitsgründen zügig die aktuelle Version installieren.
---------------------------------------------
https://heise.de/-4584383


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (community-mysql, crun, java-latest-openjdk, and mupdf), openSUSE (libssh2_org), and SUSE (go1.12, libseccomp, and tar).
---------------------------------------------
https://lwn.net/Articles/804412/


∗∗∗ Synology-SA-19:38 Synology Assistant ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to conduct denial-of-service attacks via a susceptible version of Synology Assistant.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_19_38


∗∗∗ SAP Security Patch Day – November 2019 ∗∗∗
---------------------------------------------
On 12th of November 2019, SAP Security Patch Day saw the release of 12 Security Notes. There are 3 updates to previously released Patch Day Security Notes.
---------------------------------------------
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390


∗∗∗ Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache ActiveMQ vulnerability (CVE-2018-11775) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-apache-activemq-vulnerability-cve-2018-11775/


∗∗∗ Security Bulletin: Incorrect permissions on restored files and directories on Windows using IBM Spectrum Protect Plus (CVE-2019-4652) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-incorrect-permissions-on-restored-files-and-directories-on-windows-using-ibm-spectrum-protect-plus-cve-2019-4652/


∗∗∗ Security Bulletin: Multiple vulnerabilities in Java affect IBM Spectrum Protect Plus ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-java-affect-ibm-spectrum-protect-plus/


∗∗∗ Security Bulletin: IBM Tivoli Netcool Impact Configuration and Deployment Management Clickjacking ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-configuration-and-deployment-management-clickjacking/


∗∗∗ Security Bulletin: IBM Tivoli Netcool Impact is affected by a jQuery vulnerability (CVE-2015-9251) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-a-jquery-vulnerability-cve-2015-9251/


∗∗∗ Security Bulletin: IBM Tivoli Netcool Impact is affected by a jQuery vulnerability (CVE-2019-11358) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-a-jquery-vulnerability-cve-2019-11358/


∗∗∗ SSA-686531 (Last Update: 2019-11-12): Hardware based manufacturing access on S7-1200 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf


∗∗∗ SSA-616472 (Last Update: 2019-11-12): ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf


∗∗∗ SSA-898181 (Last Update: 2019-11-12): Desigo PX Web Remote Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-898181.pdf


∗∗∗ SSA-434032 (Last Update: 2019-11-12): Vulnerability in Mentor Nucleus Networking Module ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf


∗∗∗ Multiple tcpdump vulnerabilities ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K44551633

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily