[CERT-daily] Tageszusammenfassung - 15.10.2019

Daily end-of-shift report team at cert.at
Tue Oct 15 18:09:42 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 14-10-2019 18:00 − Dienstag 15-10-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Cyberangriffe: Attribution ist wie ein Indizienprozess ∗∗∗
---------------------------------------------
Russland hat den Bundestag gehackt! China wollte die Bayer AG ausspionieren! Bei großen Hackerangriffen ist oft der Fingerzeig auf den mutmaßlichen Täter nicht weit. Knallharte Beweise dafür gibt es selten, Hinweise sind aber kaum zu vermeiden.
---------------------------------------------
https://www.golem.de/news/cyberangriffe-attribution-ist-wie-ein-indizienprozess-1910-143527-rss.html


∗∗∗ Update now! Windows users targeted by iTunes Software Updater zero-day ∗∗∗
---------------------------------------------
The flaw is a rare ‘unquoted path class’ described as "so thoroughly documented that you would expect programmers to be well aware..." But thats not the case.
---------------------------------------------
https://nakedsecurity.sophos.com/2019/10/15/update-now-windows-users-targeted-by-itunes-software-updater-zero-day/


∗∗∗ Top 10 Website Hardening Tips ∗∗∗
---------------------------------------------
Website hardening means adding layers of protection to reduce the risk of website attacks, a process known as “defense in depth.” Here are our top 10 virtual hardening principles: [...]
---------------------------------------------
https://blog.sucuri.net/2019/10/top-10-website-hardening-tips.html


∗∗∗ Threat Actor Profile: TA407, the Silent Librarian ∗∗∗
---------------------------------------------
[...] Since our blog post, colleagues at Secureworks have provided further details on one actor we highlighted, tracked by Proofpoint as TA407, also known as Silent Librarian, Cobalt Dickens, and Mabna Institute. In this blog, we provide additional insight into the actor and their evolving TTPs in ongoing, academia-focused campaigns.
---------------------------------------------
https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta407-silent-librarian


∗∗∗ Europol: Ransomware remains top threat in IOCTA report ∗∗∗
---------------------------------------------
The European Union Agency for Law Enforcement Cooperation, or Europol, just released its annual Internet Organized Crime Threat Assessment (IOCTA) report. We highlight their key findings and remind readers how to better protect themselves.
---------------------------------------------
https://blog.malwarebytes.com/awareness/2019/10/europol-ransomware-remains-top-threat-in-iocta-report/


∗∗∗ Researchers Find New Backdoor Used by Winnti Hackers ∗∗∗
---------------------------------------------
ESET security researchers were able to identify a new backdoor associated with the threat actor known as the Winnti Group.
---------------------------------------------
https://www.securityweek.com/researchers-find-new-backdoor-used-winnti-hackers


∗∗∗ SMS von „InfoSMS“ führt in Abo-Falle ∗∗∗
---------------------------------------------
Aktuell sind vermehrt betrügerische SMS vom Absender „InfoSMS“ im Umlauf. In der SMS heißt es, dass der Besitzer der Handynummer gesucht wird. Für nähere Informationen werden Sie aufgefordert, einem Link zu folgen. Sie landen dann auf einer gefälschten Media Markt Seite, wo ein angeblicher Gewinn auf Sie wartet. Sie werden Ihren Gewinn jedoch nie erhalten, es handelt sich um eine Abo-Falle.
---------------------------------------------
https://www.watchlist-internet.at/news/sms-von-infosms-fuehrt-in-abo-falle/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Experience Manager (APSB19-48), Adobe Acrobat and Reader (APSB19-49), Adobe Experience Manager Forms (APSB19-50) and Adobe Download Manager (APSB19-51). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1795


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (sudo and xtrlock), openSUSE (sudo), Red Hat (Single Sign-On), Slackware (sudo), SUSE (binutils, dhcp, ffmpeg, kernel, kubernetes-salt, sudo, and tcpdump), and Ubuntu (sudo).
---------------------------------------------
https://lwn.net/Articles/802328/


∗∗∗ PHOENIX CONTACT Security Advisory for Automation Worx Software Suite ∗∗∗
---------------------------------------------
Phoenix Contact Automationworx Suite: *.bcp-file Memory Corruption Remote Code Execution Vulnerability and *.mwt-file Out-OfBounds Read Remote Code Execution Vulnerability
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2019-016


∗∗∗ sudo: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0902


∗∗∗ WordPress: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0903


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cloud Private ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cloud-private/


∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-is-affected-by-an-oracle-mysql-vulnerabilities/


∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by kernel vulnerabilities (CVE-2019-11479, CVE-2019-11478 and CVE-2019-11477) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-kernel-vulnerabilities-cve-2019-11479-cve-2019-11478-and-cve-2019-11477/


∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-big-data-intelligence-is-affected-by-a-using-components-with-known-vulnerabilities-vulnerability/


∗∗∗ IBM Security Bulletin: Vulnerability CVE-2019-4031 affects IBM Workload Scheduler ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-cve-2019-4031-affects-ibm-workload-scheduler/


∗∗∗ TYPO3-EXT-SA-2019-018: Remote Code Execution in extension "freeCap CAPTCHA" (sr_freecap) ∗∗∗
---------------------------------------------
https://typo3.org/security/advisory/typo3-ext-sa-2019-018/


∗∗∗ TYPO3-EXT-SA-2019-017: Multiple vulnerabilities in extension "SLUB: Event Registration" (slub_events) ∗∗∗
---------------------------------------------
https://typo3.org/security/advisory/typo3-ext-sa-2019-017/


∗∗∗ TYPO3-EXT-SA-2019-016: Information Disclosure in extension "Direct Mail" (direct_mail) ∗∗∗
---------------------------------------------
https://typo3.org/security/advisory/typo3-ext-sa-2019-016/


∗∗∗ TYPO3-EXT-SA-2019-015: SQL Injection in extension "URL redirect" (url_redirect) ∗∗∗
---------------------------------------------
https://typo3.org/security/advisory/typo3-ext-sa-2019-015/


∗∗∗ Linux kernel vulnerability CVE-2019-16714 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K48351130?utm_source=f5support&utm_medium=RSS


∗∗∗ OpenLDAP vulnerability CVE-2019-13565 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K98008862?utm_source=f5support&utm_medium=RSS


∗∗∗ HPESBHF03933 rev.6 - HPE Products using certain Intel Processors, Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities, Local Disclosure of Information ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03933en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list