[CERT-daily] Tageszusammenfassung - 25.11.2019

Mon Nov 25 18:15:24 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 22-11-2019 18:00 − Montag 25-11-2019 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ A Short History of Juice Jacking ∗∗∗
---------------------------------------------
The days are now shorter, and the holiday season is upon us. Many of us have travel booked to bring our family together and will soon be uncomfortably sitting in the halls of airline terminals, desperate to escape the monotony of an international waiting room we will sit transfixed to our mobile devices. Breaking our mobile-mindfulness-zen like state, an alert graces the screen: 15% battery life remaining.
---------------------------------------------
https://www.secjuice.com/history-of-juice-jacking/


∗∗∗ Local Malware Analysis with Malice, (Sat, Nov 23rd) ∗∗∗
---------------------------------------------
This project (Malice) provides the ability to have your own locally managed multi-engine malware scanning system. The framework allows the owner to analyze files for known malware. It can be used both as a command tool to analyze samples and review the results via a Kibana web interface. The Command-Line Interface (CLI) is used to scan a file or directory or can be setup to watch and scan new files when copied into a write only directory.
---------------------------------------------
https://isc.sans.edu/diary/rss/25544


∗∗∗ Introducing Merlin - A cross-platform post-exploitation HTTP/2 Command & Control Tool ∗∗∗
---------------------------------------------
Merlin is a cross-platform post-exploitation framework that leverages HTTP/2 communications to evade inspection. HTTP/2 is a relatively new protocol that requests Perfect Forward Secrecy (PFS) encryption cipher suites are used. ... Additionally, many security technologies are not equipped with HTTP/2 protocol dissectors and are therefore not able to evaluate traffic even if keying material is provided.
---------------------------------------------
https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a


∗∗∗ Trickbot Updates Password Grabber Module ∗∗∗
---------------------------------------------
Trickbot is a modular malware, and one of its modules is a password grabber. In November 2019, we started seeing indicators of Trickbot's password grabber targeting data from OpenSSH and OpenVPN applications.
---------------------------------------------
https://unit42.paloaltonetworks.com/trickbot-updates-password-grabber-module/


∗∗∗ PC-Fernwartung: Sicherheitsforscher warnen vor angreifbarer VNC-Software ∗∗∗
---------------------------------------------
Angreifer könnten Clients und Server mit verschiedener VNC-Software attackieren und unter bestimmten Voraussetzungen Malware platzieren.
---------------------------------------------
https://heise.de/-4595718


∗∗∗ Kauf von Konzertkarten auf eventtickets24.com birgt Gefahren ∗∗∗
---------------------------------------------
Die Smartfox Media b.v. aus den Niederlanden bietet auf eventtickets24.com Konzert- und Veranstaltungskarten an. Zahlreiche KundInnen berichten von groben Problemen nach dem Ticketkauf. So kommt es u.U. zu Schwierigkeiten bei der Beschaffung und Lieferung oder ausbleibenden Rückerstattungen nach Nichtlieferung. Wir raten zu großer Vorsicht bei diesem Angebot.
---------------------------------------------
https://www.watchlist-internet.at/news/kauf-von-konzertkarten-auf-eventtickets24com-birgt-gefahren/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps ∗∗∗
---------------------------------------------
CVE-2019-11932, which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of WhatsApp, but the underlying problem lies in the library called libpl_droidsonroids_gif.so, which is part of the android-gif-drawable package. While this flaw has also been patched, many [...]
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/sBAf9Ks1I8Y/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, enigmail, isc-dhcp, libice, libofx, and pam-python), Fedora (chromium, ghostscript, mingw-cfitsio, mingw-gdal, mingw-libidn2, and rsyslog), Gentoo (adobe-flash, chromium, expat, and firefox), openSUSE (apache2-mod_perl, haproxy, java-11-openjdk, and ncurses), Oracle (ghostscript, kernel, php:7.2, php:7.3, and sudo), Red Hat (chromium-browser, python27-python, and SDL), and Ubuntu (dpdk and libvpx).
---------------------------------------------
https://lwn.net/Articles/805527/


∗∗∗ Weak encryption cipher and hardcoded cryptographic keys in Fortinet products ∗∗∗
---------------------------------------------
https://sec-consult.com/en/blog/advisories/weak-encryption-cipher-and-hardcoded-cryptographic-keys-in-fortinet-products/


∗∗∗ Security Bulletin: Incorrect permissions on CIT files in IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments (CVE-2018-2025) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-incorrect-permissions-on-cit-files-in-ibm-spectrum-protect-backup-archive-client-and-ibm-spectrum-protect-for-virtual-environments-cve-2018-2025/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Enterprise Resource Planning on AIX (CVE-2019-4473, CVE-2019-11771) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-for-enterprise-resource-planning-on-aix-cve-2019-4473-cve-2019-11771/


∗∗∗ Security Bulletin: Denial of Service vulnerability in IBM Spectrum Protect Backup-Archive Client (CVE-2019-4406) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnerability-in-ibm-spectrum-protect-backup-archive-client-cve-2019-4406/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot on AIX (CVE-2019-4473, CVE-2019-11771) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-snapshot-on-aix-cve-2019-4473-cve-2019-11771/


∗∗∗ Security Bulletin: SMB signing not required in IBM Spectrum Protect Plus (CVE-2016-2115) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-smb-signing-not-required-in-ibm-spectrum-protect-plus-cve-2016-2115/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily