[CERT-daily] Tageszusammenfassung - 09.10.2019

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 08-10-2019 18:00 − Mittwoch 09-10-2019 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ New Microsoft NTLM Flaws May Allow Full Domain Compromise ∗∗∗
---------------------------------------------
Two security vulnerabilities in Microsofts NTLM authentication protocol allow attackers to bypass the MIC (Message Integrity Code) protection and downgrade NTLM security features leading to full domain compromise of a network.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-microsoft-ntlm-flaws-may-allow-full-domain-compromise/


∗∗∗ Doctor Web’s overview of malware detected on mobile devices in September 2019 ∗∗∗
---------------------------------------------
October 9, 2019 In September, Android users were threatened by various malware, many of which was distributed via Google Play. Those were the Android.DownLoader downloaders, the Android.Banker and Android.HiddenAds banking and adware trojans, as well as other threats. Doctor Web experts have also discovered several new versions of potentially dangerous applications, designed to spy on users, including Program.Panspy.1.origin, Program.RealtimeSpy.1.origin, and Program.MonitorMinor.
---------------------------------------------
https://news.drweb.com/show/?i=13446&lng=en&c=9


∗∗∗ Twitter: iOS-Apps verwenden altes Twitterkit mit Sicherheitslücke ∗∗∗
---------------------------------------------
Das Fraunhofer SIT hat eine Sicherheitslücke im eingestellten Twitterkit entdeckt, die nicht mehr geschlossen werden soll. Über diese kann ein Man-in-the-Middle-Angriff durchgeführt werden. Einige iOS-Apps verwenden die Software noch, um auf Tweets zuzugreifen oder einen Login mit Twitter anzubieten.
---------------------------------------------
https://www.golem.de/news/twitter-ios-apps-verwenden-altes-twitterkit-mit-sicherheitsluecke-1910-144323-rss.html


∗∗∗ Vermeintliche Kündigung führt zu teurem Vertrag ∗∗∗
---------------------------------------------
Unternehmen aufgepasst: Unseriöse Firmen kontaktieren Unternehmen und behaupten, dass ein bereits laufender Vertrag zu einem Branchenbucheintrag nun gekündigt werden könne. Dazu müsse lediglich ein Fax unterzeichnet und retourniert werden. Wer das tut, kündigt nicht, sondern schließt einen teuren Vertrag ab. Unternehmen müssen den Betrag nicht bezahlen!
---------------------------------------------
https://www.watchlist-internet.at/news/vermeintliche-kuendigung-fuehrt-zu-teurem-vertrag/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Patchday: Microsoft sichert Windows und Browser gegen Angriffe ab ∗∗∗
---------------------------------------------
Microsoft hat Windows-Patches veröffentlicht, unter anderem aber auch einige gefährliche Angriffsmöglichkeiten auf Edge und Internet Explorer beseitigt.
---------------------------------------------
https://heise.de/-4549555


∗∗∗ Forensoftware vBulletin: Weitere Sicherheits-Patches veröffentlicht ∗∗∗
---------------------------------------------
Auf Patch-Level 1 folgte zügig Patch-Level 2 für die Foren-Software. Angesichts jüngst erfolgter Angriffe auf vBulletin-Foren sollte man zügig updaten.
---------------------------------------------
https://heise.de/-4549270


∗∗∗ SMA Solar Technology AG Sunny WebBox ∗∗∗
---------------------------------------------
This advisory includes mitigations for a cross-site request forgery vulnerability reported in the SMA Solar Technology AG Sunny WebBox communications hub.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-281-01


∗∗∗ GE Mark VIe Controller ∗∗∗
---------------------------------------------
This advisory includes mitigations for improper authorization and use of hard-coded credentials vulnerabilities reported in GE’s Mark VIe controller.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-281-02


∗∗∗ Vulnerability Spotlight: Multiple remote code execution bugs in NitroPDF ∗∗∗
---------------------------------------------
Cisco Talos recently discovered multiple remote code execution vulnerabilities in NitroPDF. Nitro PDF allows users to save, read, sign and edit PDF files on their machines.
---------------------------------------------
https://blog.talosintelligence.com/2019/10/vuln-spotlight-Nitro-PDF-RCE-bugs-sept-19.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (chromium), openSUSE (rust and sqlite3), SUSE (dnsmasq, firefox, and kubernetes, patchinfo), and Ubuntu (python2.7, python3.5, python3.6, python3.7).
---------------------------------------------
https://lwn.net/Articles/801838/


∗∗∗ Critical Security Issue identified in iTerm2 as part of Mozilla Open Source Audit ∗∗∗
---------------------------------------------
A security audit funded by the Mozilla Open Source Support Program (MOSS) has discovered a critical security vulnerability in the widely used macOS terminal emulator iTerm2.
---------------------------------------------
https://blog.mozilla.org/security/2019/10/09/iterm2-critical-issue-moss-audit/


∗∗∗ VU#719689: Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal ∗∗∗
---------------------------------------------
https://kb.cert.org/vuls/id/719689


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SPSS Modeler (CVE-2019-4473,CVE-2019-11771) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spss-modeler-cve-2019-4473cve-2019-11771/


∗∗∗ IBM Security Bulletin: IBM Maximo Anywhere does not have device root detection. (CVE-2019-4265) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-anywhere-does-not-have-device-root-detection-cve-2019-4265/


∗∗∗ ImageMagick vulnerability CVE-2019-13135 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K20336394


∗∗∗ Beckhoff TwinCAT Denial-of-Service in Profinet driver ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2019-019


∗∗∗ CVE-2019-TBD - Citrix Application Delivery Management (ADM) Console Security Update ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX261735

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily