[CERT-daily] Tageszusammenfassung - 04.09.2019

Daily end-of-shift report team at cert.at
Wed Sep 4 18:26:23 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 03-09-2019 18:00 − Mittwoch 04-09-2019 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Hacked SharePoint Sites Used to Bypass Secure Email Gateways ∗∗∗
---------------------------------------------
Phishers behind a new campaign have switched to using compromised SharePoint sites and OneNote documents to redirect potential victims from the banking sector to their landing pages.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hacked-sharepoint-sites-used-to-bypass-secure-email-gateways/


∗∗∗ Half of Android Handsets Susceptible to Clever SMS Phishing Attack ∗∗∗
---------------------------------------------
Researchers say an attacker could send a rogue over-the-air provisioning message to susceptible phones and route all internet traffic through a hacker-controlled proxy.
---------------------------------------------
https://threatpost.com/half-of-android-handsets-susceptible-to-clever-sms-phishing-attack/147988/


∗∗∗ BRATA Android RAT Steals Banking Info in Real Time ∗∗∗
---------------------------------------------
The RAT targets users via fake WhatsApp updates in Google Play.
---------------------------------------------
https://threatpost.com/brata-android-rat-steals-banking-info/148003/


∗∗∗ ENISA: Secure Group Communications for incident response and operational communities ∗∗∗
---------------------------------------------
This document serves as a starting point for incident response communities to conduct their own evaluation and see how the various communication tools can fit their sizes and needs.
---------------------------------------------
https://www.enisa.europa.eu/publications/secure-group-communications


∗∗∗ Spam In your Calendar? Here’s What to Do. ∗∗∗
---------------------------------------------
Many spam trends are cyclical: Spammers tend to switch tactics when one method of hijacking your time and attention stops working. But periodically they circle back to old tricks, and few spam trends are as perennial as calendar spam, in which invitations to click on dodgy links show up unbidden in your digital calendar application from Apple, Google and Microsoft. Heres a brief primer on what you can do about it.
---------------------------------------------
https://krebsonsecurity.com/2019/09/spam-in-your-calendar-heres-what-to-do/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Samba Releases Security Updates ∗∗∗
---------------------------------------------
Original release date: September 4, 2019 
The Samba Team has released security updates to address a vulnerability in all versions of Samba from 4.9.0 onward. An attacker could exploit this vulnerability to obtain sensitive information.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/09/04/samba-releases-security-updates


∗∗∗ Forthcoming OpenSSL Releases ∗∗∗
---------------------------------------------
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.1d, 1.1.0l and 1.0.2t. These releases will be made available on 10th September 2019 between approximately 1200-1600 UTC. These are security fix releases. The highest severity security issue fixed by these releases is rated as LOW.
---------------------------------------------
https://mta.openssl.org/pipermail/openssl-announce/2019-September/000156.html


∗∗∗ Android Security Bulletin - September 2019 ∗∗∗
---------------------------------------------
[...] The most severe of these issues is a critical security vulnerability in the Media framework component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
---------------------------------------------
https://source.android.com/security/bulletin/2019-09-01.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (grafana, irssi, and jenkins), Debian (freetype, samba, and varnish), Fedora (community-mysql, kernel, kernel-headers, kernel-tools, and python-mitogen), openSUSE (postgresql10 and python-SQLAlchemy), Oracle (kdelibs and kde-settings and squid:4), Red Hat (kdelibs and kde-settings, kernel, kernel-rt, openstack-nova, qemu-kvm, and redis), Scientific Linux (kdelibs and kde-settings, kernel, and qemu-kvm), SUSE (ansible, java-1_7_1-ibm, libosinfo, [...]
---------------------------------------------
https://lwn.net/Articles/798357/


∗∗∗ Security Advisory - Version Downgrade Vulnerabilities on Smartphones and HiSuite ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190904-01-smartphone-en


∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4149) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-vulnerability-in-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2019-4149/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list