[CERT-daily] Tageszusammenfassung - 26.09.2019

Daily end-of-shift report team at cert.at
Thu Sep 26 18:11:33 CEST 2019 

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 25-09-2019 18:00 − Donnerstag 26-09-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Forensoftware vBulletin: Patch schließt kritische Zero-Day-Lücke ∗∗∗
---------------------------------------------
Die Entwickler von vBulletin haben Patches bereitgestellt, die eine als kritisch eingestufte Sicherheitslücke schließen. Forenbetreiber sollten jetzt handeln.
---------------------------------------------
https://heise.de/-4539833


∗∗∗ BSI stellt Service-Paket "IT-Notfall" für kleine und mittlere Unternehmen vor ∗∗∗
---------------------------------------------
Eine Notfallkarte zum Aushängen und ein neuer Maßnahmenkatalog für Sicherheitsverantwortliche sollen KMU helfen, mit Cyber-Bedrohungen besser umzugehen.
---------------------------------------------
https://heise.de/-4540075


∗∗∗ Hackers Replace Windows Narrator to Get SYSTEM Level Access ∗∗∗
---------------------------------------------
Chinese hackers are replacing the legitimate Narrator app on targeted Windows systems with a trojanized version that gives them remote access with privileges of the most powerful account on the operating system.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-replace-windows-narrator-to-get-system-level-access/


∗∗∗ Ransomware Decryptors Released for Yatron, WannaCryFake, & FortuneCrypt ∗∗∗
---------------------------------------------
Security vendors released decryptors for three ransomware infections today that allow victims to recover their files for free. These decryptors are for the WannaCryFake, Yatron, and FortuneCrypt Ransomware infections.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ransomware-decryptors-released-for-yatron-wannacryfake-and-fortunecrypt/


∗∗∗ Windows‌ ‌Exploitation‌ ‌Tricks:‌ ‌Spoofing‌ ‌Named‌ ‌Pipe‌ ‌Client‌ ‌PID‌ ∗∗∗
---------------------------------------------
Posted by James Forshaw, Project ZeroWhile researching the Access Mode Mismatch in IO Manager bug class I came across an interesting feature in named pipes which allows a server to query the connected clients PID. This feature was introduced in Vista and is exposed to servers through the GetNamedPipeClientProcessId API, pass the API a handle to the pipe server and you’ll get back the PID of the connected client.
---------------------------------------------
https://googleprojectzero.blogspot.com/2019/09/windows-exploitation-tricks-spoofing.html


∗∗∗ Joomla! Security Best Practices: 12 Ways to Keep Joomla! Secure ∗∗∗
---------------------------------------------
At Sucuri, we’re often asked how website owners and webmasters can secure their websites. However, most advice can often be too broad; different content management systems (CMS) exist in this ecosystem, and each requires a unique security configuration.
---------------------------------------------
https://blog.sucuri.net/2019/09/joomla-security-best-practices.html


∗∗∗ Hackers looking into injecting card stealing code on routers, rather than websites ∗∗∗
---------------------------------------------
Magecart (web skimming) attacks are evolving into a direction where theyre gonna be harder and harder to detect.
---------------------------------------------
https://www.zdnet.com/article/hackers-looking-into-injecting-card-stealing-code-on-routers-rather-than-websites/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco Releases Security Advisories ∗∗∗
---------------------------------------------
Original release date: September 26, 2019Cisco has released security updates to address vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/09/26/cisco-releases-security-advisories


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (dovecot), Debian (lemonldap-ng, openssl, and ruby-nokogiri), openSUSE (fish3, ibus, nmap, and openssl-1_1), Slackware (mozilla), SUSE (mariadb, python-numpy, and SDL2), and Ubuntu (firefox).
---------------------------------------------
https://lwn.net/Articles/800647/


∗∗∗ Multiple Vulnerabilities in Citrix License Server for Windows and VPX ∗∗∗
---------------------------------------------
CTX261963 NewApplicable Products :  LicensingMultiple Denial-of-Service vulnerabilities have been identified in Citrix License Server for Windows and VPX that, when exploited, could result in an attacker being able to force the vendor service to shutdown.
---------------------------------------------
https://support.citrix.com/article/CTX261963


∗∗∗ BlackBerry Powered by Android Security Bulletin - September 2019 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000058452


∗∗∗ Gutenberg - Critical - Access bypass - SA-CONTRIB-2019-069 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-069


∗∗∗ Permissions by Term - Moderately critical - Access bypass - SA-CONTRIB-2019-068 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-068


∗∗∗ IBM Security Bulletin: Linux kernel as used by IBM QRadar SIEM is vulnerable to privilege escalation(Publicly disclosed vulnerability) (CVE-2019-3896) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-linux-kernel-as-used-by-ibm-qradar-siem-is-vulnerable-to-privilege-escalationpublicly-disclosed-vulnerability-cve-2019-3896/


∗∗∗ IBM Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to a denial of service attack caused by a memory leak in the clustering code. (CVE-2019-4141) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-and-ibm-mq-appliance-are-vulnerable-to-a-denial-of-service-attack-caused-by-a-memory-leak-in-the-clustering-code-cve-2019-4141/


∗∗∗ IBM Security Bulletin: There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7, Version 8, that is used by IBM Workload Scheduler. These issues were disclosed as part of the IBM Java SDK updates in October 2018 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-there-are-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-version-7-version-8-that-is-used-by-ibm-workload-scheduler-these-issues-were-disclosed-a/


∗∗∗ Multiple SQL Injection Vulnerabilities in eBrigade ∗∗∗
---------------------------------------------
https://sec-consult.com/en/blog/advisories/multiple-sql-injection-vulnerabilities-in-ebrigade/


∗∗∗ Linux Kernel: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0840


∗∗∗ Linux Kernel: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0838

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list