[CERT-daily] Tageszusammenfassung - 25.10.2019

Fri Oct 25 18:15:12 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 24-10-2019 18:00 − Freitag 25-10-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Vendor Email Compromise (VEC): The Classic Business Email Compromise (BEC) Scheme with a Spin ∗∗∗
---------------------------------------------
A new email fraud scheme has taken Business Email Compromise (BEC) to a whole new level of sophistication. The recently discovered type of email scam has been dubbed Vendor Email Compromise (VEC) and as its name suggests, the attackers prey on employees working at vendor companies.
---------------------------------------------
https://heimdalsecurity.com/blog/vendor-email-compromise-vec/


∗∗∗ ACSC Releases Advisory on Emotet Malware Campaign ∗∗∗
---------------------------------------------
Original release date: October 25, 2019The Australian Cyber Security Centre (ACSC) has released an advisory on an ongoing, widespread Emotet malware campaign. Emotet is a Trojan—commonly spread via malicious email attachments—that attempts to proliferate within a network by brute forcing user credentials and writing to shared drives. ACSC provides indicators of compromise (IOCs) and recommendations to help organizations defend against Emotet malware.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/10/25/acsc-releases-advisory-emotet-malware-campaign


∗∗∗ Your smart doorbell may be collecting more data than you think, study finds ∗∗∗
---------------------------------------------
The study tested 81 IoT devices to analyze their behavior and tracking habits, and in some cases brought rather surprising findings The post Your smart doorbell may be collecting more data than you think, study finds appeared first on WeLiveSecurity
---------------------------------------------
https://www.welivesecurity.com/2019/10/25/iot-smart-doorbell-collecting-data-study/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Urgent security issue in NGINX/php-fpm ∗∗∗
---------------------------------------------
[...] a new security risk has emerged around NGINX, documented in CVE-2019-11043. This exploit allows for remote code execution on some NGINX and php-fpm configurations. If you do not run NGINX, this exploit does not effect you.
---------------------------------------------
https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/


∗∗∗ Philips IntelliSpace Perinatal ∗∗∗
---------------------------------------------
This medical advisory contains mitigations for an exposure of resource to wrong sphere vulnerability in Philips’ IntelliSpace Perinatal obstetrics information management system.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsma-19-297-01


∗∗∗ Rittal Chiller SK 3232-Series ∗∗∗
---------------------------------------------
This advisory contains mitigations for a missing authentication for critical function and use of hard-coded vulnerabilities in Rittals Chiller SK 3232-series IT application cooler.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-297-01


∗∗∗ Honeywell IP-AK2 ∗∗∗
---------------------------------------------
This advisory contains mitigations for a missing authentication for critical function vulnerability in Honeywells IP-AK2 access control panels.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-297-02


∗∗∗ VMSA-2019-0019 ∗∗∗
---------------------------------------------
VMware ESXi, Workstation and Fusion updates address a denial-of-service vulnerability (CVE-2019-5536)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2019-0019.html


∗∗∗ VMSA-2019-0018 ∗∗∗
---------------------------------------------
VMware vCenter Server Appliance updates address sensitive information disclosure vulnerability in backup and restore functions (CVE-2019-5537, CVE-2019-5538)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2019-0018.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr), Gentoo (php), Oracle (firefox), Scientific Linux (sudo), and SUSE (accountsservice, binutils, nfs-utils, and xen).
---------------------------------------------
https://lwn.net/Articles/803158/


∗∗∗ Mattermost security update 5.16.1 / 5.15.2 / 5.14.5 / 5.9.6 (ESR) released ∗∗∗
---------------------------------------------
We have released a recommended security update via Mattermost Team Edition 5.16.1, 5.15.2, 5.14.5, 5.9.6 (ESR) and Mattermost Enterprise Edition 5.16.1, 5.15.2, 5.14.5, 5.9.6 (ESR). This security update addresses a high level vulnerability discovered during a security research review by Roman Shchekin. Follow the standard upgrade instructions to apply the updates.
---------------------------------------------
https://mattermost.com/blog/mattermost-security-update-5-16-1-5-15-2-5-14-5-v5-9-6-esr-released/


∗∗∗ 2019-10-22: Vulnerability in Relion® 650 series and Relion® 670 series - Terminal Reboot ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9256&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ 2019-10-22: Vulnerability in Relion® 670 series - MMS Path Traversal ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9255&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ 2019-10-22: Vulnerabilities in Relion® 650 series version 2.1 and Relion® 670 series version 2.1 - OpenSSL ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9254&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ IBM Security Bulletin: IBM API Connect’s Developer Portal(V5) is impacted by a a confidential information leak(CVE-2019-4600) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connects-developer-portalv5-is-impacted-by-a-a-confidential-information-leakcve-2019-4600/


∗∗∗ IBM Security Bulletin: IBM Maximo Health, Safety, and Environment Manager Installation Gives Application Access to Non-Authorized Users (CVE-2019-4546) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-health-safety-and-environment-manager-installation-gives-application-access-to-non-authorized-users-cve-2019-4546/


∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Use of a Broken or Risky Cryptographic Algorithm vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-big-data-intelligence-sonarg-is-affected-by-a-use-of-a-broken-or-risky-cryptographic-algorithm-vulnerability/


∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Cleartext Transmission of Sensitive Information vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-big-data-intelligence-sonarg-is-affected-by-a-cleartext-transmission-of-sensitive-information-vulnerability/


∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Missing Cookie Secure Attribute vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-big-data-intelligence-sonarg-is-affected-by-a-missing-cookie-secure-attribute-vulnerability/


∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Hazardous Input Validation vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-big-data-intelligence-sonarg-is-affected-by-a-hazardous-input-validation-vulnerability/


∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Use of a One-Way Hash without a Salt vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-big-data-intelligence-sonarg-is-affected-by-a-use-of-a-one-way-hash-without-a-salt-vulnerability/


∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by an Information Exposure vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-big-data-intelligence-sonarg-is-affected-by-an-information-exposure-vulnerability/


∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Use of Hard-coded Credentials vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-big-data-intelligence-sonarg-is-affected-by-a-use-of-hard-coded-credentials-vulnerability/


∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Missing Authentication for Critical Function vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-big-data-intelligence-sonarg-is-affected-by-a-missing-authentication-for-critical-function-vulnerability/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily