[CERT-daily] Tageszusammenfassung - 23.10.2019

Wed Oct 23 20:14:44 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 22-10-2019 18:00 − Mittwoch 23-10-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ VB2019 papers: Emotet and Ryuk ∗∗∗
---------------------------------------------
Today we publish VB2019 papers by Luca Nagy (Sophos) on Emotet and Gabriela Nicolao and Luciano Martins (Deloitte) on Ryuk, as well as the corresponding videos of their presentations.
---------------------------------------------
https://www.virusbulletin.com:443/blog/2019/10/vb2019-papers-emotet-and-ryuk/


∗∗∗ CPDoS: Cache Poisoned Denial of Service ∗∗∗
---------------------------------------------
Cache-Poisoned Denial-of-Service (CPDoS) is a new class of web cache poisoning attacks aimed at disabling web resources and websites.
---------------------------------------------
https://cpdos.org/


∗∗∗ Tech, Security Firms Launch Operational Technology Cyber Security Alliance ∗∗∗
---------------------------------------------
Several major tech and cybersecurity companies have joined forces for a new initiative called the Operational Technology Cyber Security Alliance (OTCSA), which aims to help industrial and critical infrastructure organizations address challenges related to OT security by providing guidance and resources.
---------------------------------------------
https://www.securityweek.com/tech-security-firms-launch-operational-technology-cyber-security-alliance


∗∗∗ Investment-Firmen fordern Zugriff auf Ihr System? Nehmen Sie Abstand! ∗∗∗
---------------------------------------------
Nehmen Sie sich vor Investments bei unseriösen Firmen wie aurumpro.co beziehungsweise Muller Enterprise LTD in Acht. Angebliche BeraterInnen kontaktieren Sie telefonisch und verleiten Sie zu immer höheren Investments. Um "effektiver" handeln zu können, verlangt man die Installation von Fernwartungssoftware wie AnyDesk oder TeamViewer. Tun Sie dies nicht und nehmen Sie Abstand – man hat es auf Ihr Vermögen abgesehen!
---------------------------------------------
https://www.watchlist-internet.at/news/investment-firmen-fordern-zugriff-auf-ihr-system-nehmen-sie-abstand/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Schneider Electric ProClima ∗∗∗
---------------------------------------------
This advisory contains mitigations for code injection, improper restriction of operations within the bounds of a memory buffer, and uncontrolled search path element vulnerabilities in Schneider Electrics ProClima building and automation control products.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-295-01


∗∗∗ Firefox, Chrome Bugs Allow Arbitrary Code-Execution ∗∗∗
---------------------------------------------
Multiple critical memory safety bugs in Firefox 69 and Firefox ESR 68.1 in particular affect medium and large government entities and enterprises.
---------------------------------------------
https://threatpost.com/critical-firefox-bugs-arbitrary-code-execution/149455/


∗∗∗ OpenAFS Security Advisory 2019-001 ∗∗∗
---------------------------------------------
Topic: information leakage from uninitialized RPC output variables on error
Issued: 22 October, 2019
Affected: OpenAFS versions 1.0 through 1.6.23, and 1.8.0 through 1.8.4
---------------------------------------------
http://openafs.org/pages/security/OPENAFS-SA-2019-001.txt


∗∗∗ OpenAFS Security Advisory 2019-002 ∗∗∗
---------------------------------------------
Topic: information leakage from uninitialized scalars
Issued: 22 October, 2019
Affected: OpenAFS versions 1.0 through 1.6.23, and 1.8.0 through 1.8.4
---------------------------------------------
http://openafs.org/pages/security/OPENAFS-SA-2019-002.txt


∗∗∗ OpenAFS Security Advisory 2019-003 ∗∗∗
---------------------------------------------
Topic: database server crash from unserialized data access
Issued: 22 October, 2019
Affected: OpenAFS versions 1.0 through 1.6.23, and 1.8.0 through 1.8.4
---------------------------------------------
http://openafs.org/pages/security/OPENAFS-SA-2019-003.txt


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (go, go-pie, pacman, and xpdf), CentOS (java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, and patch), openSUSE (gcc7), Red Hat (firefox, kernel, and qemu-kvm-rhev), Slackware (mozilla), SUSE (kernel, libcaca, openconnect, python, sysstat, and zziplib), and Ubuntu (libxslt, linux-azure, and linux-lts-xenial, linux-aws).
---------------------------------------------
https://lwn.net/Articles/802941/


∗∗∗ Avast, Avira Products Vulnerable to DLL Hijacking ∗∗∗
---------------------------------------------
Vulnerabilities in Avast Antivirus, AVG Antivirus, and Avira Antivirus could allow an attacker to load a malicious DLL file in an effort to bypass defenses and escalate privileges, SafeBreach Labs security researchers discovered. read more
---------------------------------------------
https://www.securityweek.com/avast-avira-products-vulnerable-dll-hijacking


∗∗∗ Security Advisory - Out-Of-Bound Read Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191023-01-buffer-en


∗∗∗ Security Advisory - Insufficient Authentication Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191023-01-smartphone-en


∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191023-01-memory-en


∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2019-1547, CVE-2019-1563) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventia-network-active-bypass-is-affected-by-openssl-vulnerabilities-cve-2019-1547-cve-2019-1563/


∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons Beanutils affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-10086) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apache-commons-beanutils-affect-tivoli-netcool-omnibus-webgui-cve-2019-10086/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-db2-6/


∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2019-4486) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-cross-site-scripting-cve-2019-4486/


∗∗∗ IBM Security Bulletin: A security vulnerability affects IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition (CVE-2019-4398) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-affects-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise-edition-cve-2019-4398/


∗∗∗ IBM Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition is affected by ASoC vulnerability (CVE-2019-4459) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise-edition-is-affected-by-asoc-vulnerability-cve-2019-4459/


∗∗∗ IBM Security Bulletin: A security vulnerability affects IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition (CVE-2019-4397) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-affects-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise-edition-cve-2019-4397/


∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2018-20796, CVE-2019-9169) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventia-network-active-bypass-is-affected-by-glibc-vulnerabilities-cve-2018-20796-cve-2019-9169/


∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2019-1559) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventia-network-active-bypass-is-affected-by-openssl-vulnerabilities-cve-2019-1559/


∗∗∗ BIND vulnerability CVE-2018-5743 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K74009656


∗∗∗ BIG-IP vulnerability CVE-2018-15333 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K53620021

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily