[CERT-daily] Tageszusammenfassung - 02.10.2019

Daily end-of-shift report team at cert.at
Wed Oct 2 18:18:00 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 01-10-2019 18:00 − Mittwoch 02-10-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Ethical hacking: Passive information gathering with Maltego ∗∗∗
---------------------------------------------
In this article, we’ll discuss passive information gathering. We’ll first look at how we can use Maltego, a common information gathering tool, to perform this form of reconnaissance. Using a hands-on walkthrough of Maltego, we’ll see how you can acquire IP addresses, sub-domains and perform different levels of reconnaissance to inform your information gathering [...]
---------------------------------------------
https://resources.infosecinstitute.com/ethical-hacking-passive-information-gathering-with-maltego/


∗∗∗ Hackers Turn to OpenDocument Format to Avoid AV Detection ∗∗∗
---------------------------------------------
Malware laced OpenDocument files target Microsoft Office, OpenOffice and LibreOffice users.
---------------------------------------------
https://threatpost.com/hackers-turn-to-opendocument/148817/


∗∗∗ Magecart hits again, leveraging compromised sites and newly registered domains ∗∗∗
---------------------------------------------
During alert monitoring, ThreatLabZ researchers came across multiple cases of shopping sites being compromised and injected with a skimming script. This injected script looks for the payment method and personally identifiable information (PII) and captures supplied financial information which is then sent to an adversary-controlled gate server even before the user hits the submit form.
---------------------------------------------
https://www.zscaler.com/blogs/research/magecart-hits-again-leveraging-compromised-sites-and-newly-registered-domains


∗∗∗ Erfundene Speditionen beim Autokauf über Kleinanzeigen! ∗∗∗
---------------------------------------------
Auf der Suche nach günstigen Gebrauchtautos, Wohnmobilen, Motorrädern oder Oldtimern sind Kleinanzeigenplattformen häufig die beste Option. Doch seien Sie vorsichtig, wenn Ihr Gegenüber sich angeblich im Ausland befindet und der Kauf über eine Spedition abgewickelt werden soll. Meist handelt es sich hierbei um Kriminelle, die Ihnen das Geld aus der Tasche ziehen wollen. Das versprochene Gefährt erhalten Sie nie!
---------------------------------------------
https://www.watchlist-internet.at/news/erfundene-speditionen-beim-autokauf-ueber-kleinanzeigen/


∗∗∗ Understanding and Defending Against Access Token Theft: Finding Alternatives to winlogon.exe ∗∗∗
---------------------------------------------
https://posts.specterops.io/understanding-and-defending-against-access-token-theft-finding-alternatives-to-winlogon-exe-80696c8a73b



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Interpeak IPnet TCP/IP Stack ∗∗∗
---------------------------------------------
This advisory contains mitigations for stack-based buffer overflow, heap-based buffer overflow, integer underflow, improper restriction of operations within the bounds of a memory buffer, race condition, argument injection, and null pointer dereference vulnerabilities in the Interpeak IPnet TCP/IP stack.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-274-01


∗∗∗ Yokogawa Products ∗∗∗
---------------------------------------------
This advisory includes mitigations for an unquoted search path or element vulnerability reported in Yokogawa’s Exaopc, Exaplog, Exaquantum, Exasmoc, Exarqe, GA10, and InsightSuiteAE products.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-274-02


∗∗∗ Moxa EDR 810 Series ∗∗∗
---------------------------------------------
This advisory includes mitigations for improper input validation and improper access control vulnerabilities reported in Moxa’s EDR 810 router.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-274-03


∗∗∗ Inadequate Patch in Hewlett Packard Enterprise iMC 7.3 E0703 ∗∗∗
---------------------------------------------
[...] This means there are (at least) two unpatched, known vulnerabilities in iMC with a CVSSv2 base score of 10.0. Basically, these bugs have been lurking around without proper patches since December 2018.
---------------------------------------------
https://medium.com/tenable-techblog/inadequate-patch-in-hewlett-packard-enterprise-imc-7-3-e0703-6aba36351ca3


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (openssl and openssl1.0), Fedora (expat, kernel, kernel-headers, kernel-tools, and phpMyAdmin), openSUSE (nghttp2 and u-boot), Oracle (kernel), Red Hat (rh-nodejs8-nodejs), Slackware (libpcap), SUSE (bind, jasper, libgcrypt, openssl-1_0_0, and php7), and Ubuntu (clamav).
---------------------------------------------
https://lwn.net/Articles/801130/


∗∗∗ PuTTY: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0863


∗∗∗ Fortinet FortiSIEM 5.0 / 5.2.1 Improper Certification Validation ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2019100006


∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerabilities-2/


∗∗∗ IBM Security Bulletin: Information disclosure vulnerability in WebSphere Application Server (CVE-2019-4441) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-cve-2019-4441/


∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-have-been-addressed-in-ibm-security-access-manager-appliance/


∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by an Escalation of Privileges vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-is-affected-by-an-escalation-of-privileges-vulnerability/


∗∗∗ IBM Security Bulletin: Vulnerabilities in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2019-14439, CVE-2019-14379, CVE-2019-12814, CVE-2019-12086) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-fasterxml-jackson-libraries-affect-ibm-curam-social-program-management-cve-2019-14439-cve-2019-14379-cve-2019-12814-cve-2019-12086/


∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerabilities/


∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance has shipped a security vulnerability fix for WebSphere Application Server (CVE-2019-4046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-access-manager-appliance-has-shipped-a-security-vulnerability-fix-for-websphere-application-server-cve-2019-4046/


∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private for Data – OpenSSL (CVE-2019-1543), Kubernetes (CVE-2019-1002100) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-for-data-openssl-cve-2019-1543-kubernetes-cve-2019-1002100/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list