[CERT-daily] Tageszusammenfassung - 24.09.2019

Tue Sep 24 18:05:41 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 23-09-2019 18:00 − Dienstag 24-09-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ MITRE ATT&CK vulnerability spotlight: Access token manipulation ∗∗∗
---------------------------------------------
MITRE is a U.S. government federally-funded research and development center (FFRDC) which performs a large amount of research and assessment as a trusted third party for the government. One of their research areas is cybersecurity, and they have developed the MITRE ATT&CK matrix to help with research and education about cybersecurity threats.
---------------------------------------------
https://resources.infosecinstitute.com/mitre-attck-access-token-manipulation/


∗∗∗ Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs ∗∗∗
---------------------------------------------
Im keeping an eye on the certificate transparency logs[1] using automated scripts. The goal is to track domain names (and their variations) of my customers, sensitive services in Belgium, key Internet players and some interesting keywords. Yesterday I detected a peak of events related to the domain remotewebaccess.com.
---------------------------------------------
https://isc.sans.edu/forums/diary/Huge+Amount+of+remotewebaccesscom+Sites+Found+in+Certificate+Transparency+Logs/25352/


∗∗∗ E-Mail der Chaos-Hacking-Gruppe ignorieren ∗∗∗
---------------------------------------------
Angeblich hat sich die Chaos-Hacking-Gruppe in Ihr E-Mail-Konto und Betriebssystem gehackt und Ihr Surfverhalten drei Monate lang beobachtet. Die Kriminellen behaupten, Sie beim Surfen auf Porno-Seiten erwischt und bei intimen Handlungen gefilmt zu haben. Damit das Video über Sie nicht an all Ihre Kontakte gesendet wird, fordern die Hacker eine Überweisung von 2.000 Euro in Form von Bitcoins.
---------------------------------------------
https://www.watchlist-internet.at/news/e-mail-der-chaos-hacking-gruppe-ignorieren/


∗∗∗ No summer vacations for Zebrocy ∗∗∗
---------------------------------------------
ESET researchers describe the latest components used in a recent Sednit campaign The post No summer vacations for Zebrocy appeared first on WeLiveSecurity
---------------------------------------------
https://www.welivesecurity.com/2019/09/24/no-summer-vacations-zebrocy/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Updates Available for ColdFusion (APSB19-47) ∗∗∗
---------------------------------------------
Adobe has published a Security Bulletin (APSB19-47) for ColdFusion versions 2018 and 2016. These updates resolve two critical and one moderate vulnerability that could lead to arbitrary code execution and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1789


∗∗∗ Notfallpatch: Attacken gegen Internet Explorer ∗∗∗
---------------------------------------------
Ein Update schließt eine kritische Lücke im Internet Explorer – es ist aber noch nicht über Windows Update verfügbar. Auch Windows Defender bekommt einen Patch.
---------------------------------------------
https://heise.de/-4537525


∗∗∗ Zero Day Vulnerability in Rich Reviews Plugin Exploited In The Wild ∗∗∗
---------------------------------------------
Description: XSS Via Unauthenticated Plugin Options Update Affected Plugin: Rich Reviews Affected Versions: [...]
---------------------------------------------
https://www.wordfence.com/blog/2019/09/rich-reviews-plugin-vulnerability-exploited-in-the-wild/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (php5), Fedora (blis, kernel, and kernel-headers), openSUSE (bird, curl, fish3, ghostscript, ibus, kernel, libgcrypt, openldap2, openssl-1_1, skopeo, and util-linux and shadow), Oracle (dovecot and kernel), Red Hat (dovecot, httpd:2.4, qemu-kvm, and redhat-virtualization-host), Scientific Linux (dovecot), SUSE (djvulibre, expat, firefox, libopenmpt, and rust), and Ubuntu (ibus and Mosquitto).
---------------------------------------------
https://lwn.net/Articles/800448/


∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache Commons Compress (CVE-2019-12402) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator-is-affected-by-a-vulnerability-in-apache-commons-compress-cve-2019-12402/


∗∗∗ IBM Security Bulletin: IBM Cloud Private for Data is affected by a vulnerability in Go Language (CVE-2019-6486) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-for-data-is-affected-by-a-vulnerability-in-go-language-cve-2019-6486/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily