[CERT-daily] Tageszusammenfassung - 24.10.2019

Daily end-of-shift report team at cert.at
Thu Oct 24 18:13:02 CEST 2019 

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 23-10-2019 18:00 − Donnerstag 24-10-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Your Supply Chain Doesnt End At Receiving: How Do You Decommission Network Equipment?, (Thu, Oct 24th) ∗∗∗
---------------------------------------------
Trying to experiment with cutting edge security tools, without breaking the bank, often leads me to used equipment on eBay. High-end enterprise equipment is usually available at a bargain-basement price. For experiments or use in a home/lab network, I am willing to take the risk to receive the occasional "dud," and I usually can do without the support and other perks that come with equipment purchased full price.
---------------------------------------------
https://isc.sans.edu/diary/rss/25448


∗∗∗ Windows Debugging & Exploiting Part 1 - Environment Setup ∗∗∗
---------------------------------------------
In this blog series, I will try to set some base knowledge for Windows system debugging & exploitation and present how to setup an environment for remote kernel debugging. This environment will be useful for learning Windows internals and indispensable for our future posts about its exploitation. About Windows internals, I really recommend the training from Pavel Yosifovich on Pluralsight that will expand your familiarity with the system if you are new to the topic.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/windows-debugging-exploiting-part-1-environment-setup/


∗∗∗ Warnung vor Handybezahlfalle auf Facebook ∗∗∗
---------------------------------------------
Bei der Rundfunk und Telekom Regulierungs-GmbH (RTR) häufen sich derzeit Beschwerden über unerwartet hohe Handyrechnungen. Die Betroffenen wurden über Facebook in eine Handyfalle gelockt. Sie tätigten unwissentlich teure Einkäufe, die dann über ihr Handy bezahlt wurden.
---------------------------------------------
https://help.orf.at/stories/2993419/


∗∗∗ Android Adware‑Entwickler aufgespürt ∗∗∗
---------------------------------------------
ESET-Forscher beschreiben, wie sie eine einjährige Adware-Kampagne bei Google Play entdeckten, die Millionen von Usern beeinträchtigte.
---------------------------------------------
https://www.welivesecurity.com/deutsch/2019/10/24/android-adware-entwickler-aufgespuert/


∗∗∗ Some ICS Security Incidents Resulted in Injury, Loss of Life: Survey ∗∗∗
---------------------------------------------
ATLANTA — SECURITYWEEK 2019 ICS CYBER SECURITY CONFERENCE — Some of the recent cybersecurity incidents involving industrial control systems (ICS) have resulted in injury and even loss of life, according to a survey conducted by Control Systems Cyber Security Association International (CS2AI).
---------------------------------------------
https://www.securityweek.com/some-ics-security-incidents-resulted-injury-loss-life-survey


∗∗∗ Führerscheine legal online kaufen? Mitnichten! ∗∗∗
---------------------------------------------
KonsumentInnen, die sich im Internet über den Führerschein informieren, stoßen womöglich auch auf Websites wie billigerfuehrerschein.com oder fuhrerschein-online.com. Die betrügerischen Websites werben mit dem legalen Verkauf von Führerscheinen ohne Fahr- und Theorieprüfungen. Achtung: Sowohl die Herstellung als auch die Nutzung derartiger Dokumente ist illegal, es kommt zu keiner Lieferung und bezahltes Geld ist weg.
---------------------------------------------
https://www.watchlist-internet.at/news/fuehrerscheine-legal-online-kaufen-mitnichten/


∗∗∗ Practical Behavioral Profiling of PowerShell Scripts through Static Analysis (Part 2) ∗∗∗
---------------------------------------------
Part 2 of a 3-part blog series that offers a more technical perspective and begins looking at common obfuscation techniques and methods for hiding data within PowerShell that can be reversed.
---------------------------------------------
https://unit42.paloaltonetworks.com/practical-behavioral-profiling-of-powershell-scripts-through-static-analysis-part-2/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ EOL D-Link Routers Vulnerable to Remote Command Execution ∗∗∗
---------------------------------------------
Original release date: October 24, 2019The CERT Coordination Center (CERT/CC) has released information on a vulnerability (CVE-2019-16920) affecting multiple D-Link routers. A remote attacker could exploit this vulnerability to take control of an affected device.D-Link no longer provides support to the affected end-of-life (EOL) devices, and updates will not be made available.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/10/24/eol-d-link-routers-vulnerable-remote-command-execution


∗∗∗ SYSS-2019-009, SYSS-2019-010 und SYSS-2019-011: Schwachstellen in weiterer Funktastatur mit "sicherer" 2,4-GHz-Technologie ∗∗∗
---------------------------------------------
SySS IT-Sicherheitsexperte Matthias Deeg fand im Rahmen eines Forschungsprojekts zu drahtlosen Eingabegeräten (siehe auch 1 und 2) drei Sicherheitsschwachstellen im Fujitsu Wireless Keyboard Set LX390. Diese drei Schwachstellen betreffen einen fehlenden Schutz vor Replay-Angriffen, eine fehlende Verschlüsselung von per Funkkommunikation übertragenen sensiblen Daten und die Möglichkeit für Keystroke Injection-Angriffe.
---------------------------------------------
https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/


∗∗∗ Sicherheitspatches: Angreifer könnten mit Admin-Rechten auf Junos OS zugreifen ∗∗∗
---------------------------------------------
Die Entwickler des Betriebssystems für Netzwerkgeräte Junos OS haben eine gefährliche Sicherheitslücke geschlossen.
---------------------------------------------
https://heise.de/-4567444


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (file), Mageia (bind, chromium-browser-stable, java-1.8.0-openjdk, libsndfile, mediawiki, and virtualbox), Oracle (firefox), Red Hat (firefox and sudo), Scientific Linux (firefox and OpenAFS), SUSE (kernel, lz4, rust, and xen), and Ubuntu (firefox).
---------------------------------------------
https://lwn.net/Articles/803068/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in MongoDB server affect IBM Cloud App Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-mongodb-server-affect-ibm-cloud-app-management/


∗∗∗ IBM Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2019-10197) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-samba-affects-ibm-spectrum-scale-smb-protocol-access-method-cve-2019-10197/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-node-js-affect-ibm-cloud-app-management-2/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-node-js-affect-ibm-cloud-app-management/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM i HTTP Server affect IBM i. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-the-ibm-i-http-server-affect-ibm-i/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise-2/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-cloud-manager-with-openstack-6/


∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud (CVE-2019-4304, CVE-2019-4305) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-affect-liberty-for-java-for-ibm-cloud-cve-2019-4304-cve-2019-4305/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-cloud-manager-with-openstack-5/


∗∗∗ libcurl vulnerability CVE-2018-16890 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K03314397


∗∗∗ Linux kernel vulnerability CVE-2019-15916 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K57418558

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list